OpenDNS is a free DNS service that enables swift Web navigation without frequent outages. It is a reliable DNS service that provides the following services: DNS query resolution, Web-filtering, protection against virus and malware attacks, performance enhancement, etc.
This command is part of a set of configurations that are required to integrate WiNG devices with OpenDNS. When integrated, DNS queries going out of the WiNG device (access point, controller, or service platform) are re-directed to OpenDNS (208.67.220.220 or 208.67.222.222) resolvers that act as proxy DNS servers.
For more information on integrating WiNG devices with OpenDNS site, see Enabling OpenDNS Support.
Note
This command and its syntax is common to both the User Executable and Privilege Executable configuration modes.opendns [APIToken|username]
opendns APIToken <OPENDNS-APITOKEN>
opendns username <USERNAME> password <OPENDNS-PSWD> label <LABEL>
Note
Note, as per the current implementation both of the above commands can be used to fetch the device_id from the OpenDNS site.opendns APIToken <OPENDNS-APITOKEN>
opendns | Fetches the device_id from the OpenDNS site using the OpenDNS API token |
APIToken <OPENDNS-APITOKEN> | Configures the OpenDNS APIToken. This is the token provided
you by CISCO at the time of subscribing for their OpenDNS
service.
For every valid OpenDNS API token provided a device_id is returned. Apply this device_id to WLANs that are to be OpenDNS enabled. Once applied, DNS queries originating from associating clients are appended with an additional 31 bytes of data (representing the device ID) at the end of the DNS packet. For information on configuring the device_id in the WLAN context, see opendns. |
opendns username <USERNAME> password <OPENDNS-PSWD> label <LABEL>
opendns | Fetches the device_id from the OpenDNS site using the OpenDNS credentials |
username <USERNAME> | Configures the OpenDNS user name. This is your OpenDNS email ID provided by
CISCO at the time of subscribing for their OpenDNS service.
|
password <OPENDNS-PSWD> | Configures the password associated with the user name specified in the previous
step
|
label <LABEL> | Configures the network label. This the label (the user
friendly name) of your network, and should be the same as the
label (name) configured on the OpenDNS portal.
For every set of user name, password, and label passed only one unique device_id is returned. Apply this device_id to WLANs that are to be OpenDNS enabled. Once applied, DNS queries originating from associating clients are appended with an additional 31 bytes of data (representing the device ID) at the end of the DNS packet. For information on configuring the device_id in the WLAN context, see opendns. |
Use your OpenDNS credentials to logon to the opendns.org site and use the labels, edit settings, and customize content filtering options to configure Web filtering settings.
ap510-133B38>opendns username bob@examplecompany.com password opendns label company_name Connecting to OpenDNS server... device_id = 0014AADF8EDC6C59 ap510-133B38>
nx9600-7F3C7F>opendns ApiToken 9110B39543DEB2ECA1F473AE03E8899C00019073 device_id = 001480fe36dcb245
nx9500-6C8809#opendns APIToken <OPENDNS-APITOKEN> nx9500-6C8809#opendns ApiToken 9110B39543DEB2ECA1F473AE03E8899C00019073 device_id = 001480fe36dcb245#
OR
nx9500-6C8809#opendns username <USERNAME> password <OPENDNS-PSWD> label <LABEL>
Note
The OpenDNS API token and/or user account credentials are provided the OpenDNS service provider when subscribing for the OpenDNS service.nx9500-6C8809(config-wlan-opendns)#opendns device-id <OPENDNS-DEVICE-ID>
nx9500-6C8809(config-wlan-opendns)#opendns device-id 001480fe36dcb245 nx9500-6C8809(config-wlan-opendns)#show context wlan opendns ssid opendns bridging-mode local encryption-type none authentication-type none opendns device-id 001480fe36dcb245 nx9500-6C8809(config-wlan-opendns)#
Note
Once applied, DNS queries originating from wireless clients associating with the WLAN are appended with an additional 31 bytes of data (representing the device ID) at the end of the DNS packet.nx9500-6C8809(config-dhcp-policy-opendns-pool-opendnsPool)#dns-server 208.67.222.222
Note
You can configure any one of the following OpenDNS servers: 208.67.222.222 OR 208.67.222.220nx9500-6C8809(config-dhcp-policy-opendns-pool-opendnsPool)#show context dhcp-pool opendnsPool dns-server 208.67.222.222 nx9500-6C8809(config-dhcp-policy-opendns-pool-opendnsPool)#
nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#use dhcp-server-policy opendns
nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#show context include-factory | include use use profile default-nx9000 use rf-domain TechPubs use database-policy default use nsight-policy noc use dhcp-server-policy opendns use auto-provisioning-policy TechPubs nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#
Note
When configured, DNS queries are forwarded by the access point, controller, or service platform to the specified OpenDNS resolver.nx9500-6C8809(config-ip-acl-OpenDNS)#permit udp any host 208.67.222.222 eq dns rule-precedence 1 rule-description "allow dns queries only to OpenDNS"
nx9500-6C8809(config-ip-acl-OpenDNS)#deny udp any any eq dns rule-precedence 10 rule-description "block all DNS queries"
nx9500-6C8809(config-ip-acl-OpenDNS)#permit ip any any rule-precedence 100 rule-description "allow all other ip packets"
nx9500-6C8809(config-ip-acl-OpenDNS)#show context ip access-list OpenDNS permit udp any host 208.67.222.222 eq dns rule-precedence 1 rule-description "allow dns queries only to OpenDNS" deny udp any any eq dns rule-precedence 10 rule-description "block all dns queries" permit ip any any rule-precedence 100 rule-description "allow all other ip packets" nx9500-6C8809(config-ip-acl-OpenDNS)#
Note
When configured and applied in the WLAN context, the IP ACL prevents wireless clients from adding their own DNS servers to bypass the Web filtering and network policies enforced by OpenDNS.nx9500-6C8809(config-wlan-opendns)#use ip-access-list out OpenDNS
nx9500-6C8809(config-wlan-opendns)#show context wlan opendns ssid opendns vlan 1 bridging-mode local encryption-type none authentication-type none use ip-access-list in OpenDNS use ip-access-list out OpenDNS opendns device-id 0014AADF8EDC6C59 nx9500-6C8809(config-wlan-opendns)#
Note
When applied to the WLAN, only the DNS queries directed to the OpenDNS server are forwarded. All other DNS queries are dropped.