[c-nsp] policy routing by dest port?
Tony
td_miles at yahoo.com
Wed Nov 13 03:02:10 EST 2013
Yes you can policy route based on a ACL that matches anything you can match in an ACL (within reason and some limitations), but as another poster pointed out your DNS isn't going to answer queries that aren't directed at it.
Perhaps instead of trying to route the traffic to your DNS you should just route it to null0 instead ?
I imagine that to apply a policy-route to PPP subscribers you'll need to supply it via RADIUS so that it ends up on virtual-access interfaces.
regards,
Tony.
________________________________
From: Mike <mike-cisconsplist at tiedyenetworks.com>
To: 'Cisco-nsp' <cisco-nsp at puck.nether.net>
Sent: Wednesday, 13 November 2013 2:26 AM
Subject: [c-nsp] policy routing by dest port?
Hi,
I have a situation which may require me to reroute all dns traffic
in my network comming from subscribers destined to offsite resolvers,
over to one of my own resolvers instead. The subscribers are all
terminated on 7201 and effectively I would like to have a rule I can
drop in that says 'dns traffic to anywhere but my official resolvers is
forwarded <here>'. The subscribers are mostly pppoe which means lots of
virtual access interfaces on the router, and no adjusting the supplied
dns servers via ppp won't do (I need to overcome corrupt / hijacked cpe
which are ignoring these values).
Thanks for any pointers.
Mike-
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list