12-17-2009 01:58 PM - edited 03-06-2019 08:59 AM
Is there any cisco IOS, perhaps IP services that can be configured as a dns server itself? this would be useful in a lab setup using Wireless LAN controllers so that APs can use DNS for WLC discovery without the need for an actual dns server
Solved! Go to Solution.
12-18-2009 06:21 AM
The ip dns server command is introduced in IOS 12.2(4)T, but not in the IOS 12.2SE.
http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_08.html#wp1011412
Regards,
jerry
12-17-2009 06:34 PM
Hello MARVIN,
Cisco routers or switches can not be configure as DNS servers.
HTH
Reza
12-17-2009 08:50 PM
IOS router can be configured as DNS server, please the following link
Regards,
jerry
12-17-2009 11:20 PM
Hi,
Cisco router can be configured to act as Authoritive DNS Server check out the below some configuration commands to configure cisco router to act as DNS, Hope this helps for your query !!
Enable DNS Server
From the Global configuration mode, enable the DNS server on your Cisco Router
ciscorouter# conf term
ciscorouter(config)# ip dns server
Configure as Primary DNS Server
Configures the router as the primary DNS name server for a domain (zone) and as the start of authority (SOA) record source. Unless Distributed Director is enabled, the TTL on locally defined resource records will always be ten seconds.
ciscorouter(config)# ip dns primary test.com soa ns.test.com postmaster.test.com
The above command configures the Cisco Router as a Authoritative Primary DNS server for the domain "test.com" where ns.test.com is the Primary DNS Server and
postmaster.test.com is the email account for the postmaster (read as postmaster@test.com)
Create NS Records
Create NS resource record to be returned when the DNS server is queried for the associated domain. This configuration is needed only if the zone for which the system is authoritative will also be served by other name servers
ciscorouter(config)# ip host test.com ns ns.test.com
Regards
Ganesh.H
12-17-2009 11:31 PM
hi thanks for your replies - I am trying to configure a 3750 switch with IP services IOS but now I notice it is ver 12.2(35)SE5 and the guide you sent lin of is of IOS ver 12.4. my switch does not recognise the command IP DNS .. could it be because of older IOS?
12-17-2009 11:40 PM
It can be i am not sure but the above commands is for making routers to act as DNS.
Hope this helps
Regards
Ganesh.H
12-18-2009 12:02 AM
ok many thanks
12-18-2009 06:21 AM
The ip dns server command is introduced in IOS 12.2(4)T, but not in the IOS 12.2SE.
http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_08.html#wp1011412
Regards,
jerry
12-18-2009 07:54 AM
Jerry,
Thanks for clarify that. No wonder I could not find it in the 12.2SX version either.
Reza
02-06-2018 01:17 PM - edited 02-06-2018 01:37 PM
RT01 van Hoofdkantoor
Version:1.0 StartHTML:0000000107 EndHTML:0000024190 StartFragment:0000000538 EndFragment:0000024154
hostname Router
!
!
!
!
ip dhcp excluded-address 192.168.105.2
ip dhcp excluded-address 192.168.105.26
ip dhcp excluded-address 192.168.105.34
ip dhcp excluded-address 192.168.105.18
ip dhcp excluded-address 192.168.105.33
ip dhcp excluded-address 192.168.105.17
ip dhcp excluded-address 192.168.105.25
ip dhcp excluded-address 192.168.105.1
ip dhcp excluded-address 192.168.105.41
!
ip dhcp pool Sales
network 192.168.105.0 255.255.255.240
default-router 192.168.105.1
ip dhcp pool Finance
network 192.168.105.24 255.255.255.248
default-router 192.168.105.25
ip dhcp pool Marketing
network 192.168.105.16 255.255.255.248
default-router 192.168.105.17
ip dhcp pool Logistiek
network 192.168.105.32 255.255.255.248
default-router 192.168.105.33
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
!
crypto isakmp key cisco123 address 200.10.10.17
!
!
!
crypto ipsec transform-set my-trans-set esp-3des esp-md5-hmac
!
crypto map mymap 1 ipsec-isakmp
set peer 200.10.10.17
set transform-set my-trans-set
match address 101
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.105.1 255.255.255.240
ip access-group Sales out
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.105.17 255.255.255.248
ip access-group Marketing out
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.105.25 255.255.255.248
ip access-group Finance out
!
interface FastEthernet0/0.40
encapsulation dot1Q 40
ip address 192.168.105.33 255.255.255.248
ip access-group Logistiek out
!
interface FastEthernet0/0.99
encapsulation dot1Q 99
ip address 192.168.105.41 255.255.255.248
!
interface FastEthernet0/1
ip address 200.10.10.18 255.255.255.248
duplex auto
speed auto
crypto map mymap
!
interface Vlan1
no ip address
shutdown
!
router rip
!
ip classless
ip route 2.2.2.0 255.255.255.0 200.10.10.17
ip route 10.10.10.0 255.255.255.0 200.10.10.17
!
ip flow-export version 9
!
!
ip access-list extended Sales
permit udp any eq bootpc any eq bootps
permit ip 192.168.105.40 0.0.0.7 192.168.105.0 0.0.0.15
deny ip 192.168.105.16 0.0.0.7 192.168.105.0 0.0.0.15
deny ip 192.168.105.24 0.0.0.7 192.168.105.0 0.0.0.15
deny ip 192.168.105.32 0.0.0.7 192.168.105.0 0.0.0.15
deny tcp any any eq www
deny tcp any any eq 443
permit ip any any
ip access-list extended Marketing
permit udp any eq bootpc any eq bootps
permit ip 192.168.105.40 0.0.0.7 192.168.105.16 0.0.0.7
deny ip 192.168.105.0 0.0.0.15 192.168.105.16 0.0.0.7
deny ip 192.168.105.24 0.0.0.7 192.168.105.16 0.0.0.7
deny ip 192.168.105.32 0.0.0.7 192.168.105.16 0.0.0.7
deny tcp any any eq www
deny tcp any any eq 443
permit ip any any
ip access-list extended Finance
permit udp any eq bootpc any eq bootps
permit ip 192.168.105.40 0.0.0.7 192.168.105.24 0.0.0.7
deny ip 192.168.105.0 0.0.0.15 192.168.105.24 0.0.0.7
deny ip 192.168.105.16 0.0.0.7 192.168.105.24 0.0.0.7
deny ip 192.168.105.32 0.0.0.7 192.168.105.24 0.0.0.7
deny tcp any any eq www
deny tcp any any eq 443
permit ip any any
ip access-list extended Logistiek
permit udp any eq bootpc any eq bootps
permit ip 192.168.105.40 0.0.0.7 192.168.105.32 0.0.0.7
deny ip 192.168.105.0 0.0.0.15 192.168.105.32 0.0.0.7
deny ip 192.168.105.16 0.0.0.7 192.168.105.32 0.0.0.7
deny ip 192.168.105.24 0.0.0.7 192.168.105.32 0.0.0.7
deny tcp any any eq www
deny tcp any any eq 443
permit ip any any
access-list 101 permit ip 192.168.105.0 0.0.0.255 10.10.10.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
02-06-2018 01:38 PM
RouterNET
hostname Router
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
!
crypto isakmp key cisco123 address 200.10.10.18
!
!
!
crypto ipsec transform-set my-trans-set esp-3des esp-md5-hmac
!
crypto map mymap 1 ipsec-isakmp
set peer 200.10.10.18
set transform-set my-trans-set
match address 101
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
ip address 2.2.2.254 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
!
interface Ethernet0/0/0
ip address 200.10.10.17 255.255.255.248
duplex auto
speed auto
crypto map mymap
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 192.168.105.0 255.255.255.0 200.10.10.18
!
ip flow-export version 9
!
!
access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.105.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
02-06-2018 01:40 PM
Router Hoofdkantoor
hostname Router
!
!
!
!
ip dhcp excluded-address 192.168.105.2
ip dhcp excluded-address 192.168.105.26
ip dhcp excluded-address 192.168.105.34
ip dhcp excluded-address 192.168.105.18
ip dhcp excluded-address 192.168.105.33
ip dhcp excluded-address 192.168.105.17
ip dhcp excluded-address 192.168.105.25
ip dhcp excluded-address 192.168.105.1
ip dhcp excluded-address 192.168.105.41
!
ip dhcp pool Sales
network 192.168.105.0 255.255.255.240
default-router 192.168.105.1
ip dhcp pool Finance
network 192.168.105.24 255.255.255.248
default-router 192.168.105.25
ip dhcp pool Marketing
network 192.168.105.16 255.255.255.248
default-router 192.168.105.17
ip dhcp pool Logistiek
network 192.168.105.32 255.255.255.248
default-router 192.168.105.33
!
!
!
ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
!
crypto isakmp key cisco123 address 200.10.10.17
!
!
!
crypto ipsec transform-set my-trans-set esp-3des esp-md5-hmac
!
crypto map mymap 1 ipsec-isakmp
set peer 200.10.10.17
set transform-set my-trans-set
match address 101
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.105.1 255.255.255.240
ip access-group Sales out
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.105.17 255.255.255.248
ip access-group Marketing out
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.105.25 255.255.255.248
ip access-group Finance out
!
interface FastEthernet0/0.40
encapsulation dot1Q 40
ip address 192.168.105.33 255.255.255.248
ip access-group Logistiek out
!
interface FastEthernet0/0.99
encapsulation dot1Q 99
ip address 192.168.105.41 255.255.255.248
!
interface FastEthernet0/1
ip address 200.10.10.18 255.255.255.248
duplex auto
speed auto
crypto map mymap
!
interface Vlan1
no ip address
shutdown
!
router rip
!
ip classless
ip route 2.2.2.0 255.255.255.0 200.10.10.17
ip route 10.10.10.0 255.255.255.0 200.10.10.17
!
ip flow-export version 9
!
!
ip access-list extended Sales
permit udp any eq bootpc any eq bootps
permit ip 192.168.105.40 0.0.0.7 192.168.105.0 0.0.0.15
deny ip 192.168.105.16 0.0.0.7 192.168.105.0 0.0.0.15
deny ip 192.168.105.24 0.0.0.7 192.168.105.0 0.0.0.15
deny ip 192.168.105.32 0.0.0.7 192.168.105.0 0.0.0.15
deny tcp any any eq www
deny tcp any any eq 443
permit ip any any
ip access-list extended Marketing
permit udp any eq bootpc any eq bootps
permit ip 192.168.105.40 0.0.0.7 192.168.105.16 0.0.0.7
deny ip 192.168.105.0 0.0.0.15 192.168.105.16 0.0.0.7
deny ip 192.168.105.24 0.0.0.7 192.168.105.16 0.0.0.7
deny ip 192.168.105.32 0.0.0.7 192.168.105.16 0.0.0.7
deny tcp any any eq www
deny tcp any any eq 443
permit ip any any
ip access-list extended Finance
permit udp any eq bootpc any eq bootps
permit ip 192.168.105.40 0.0.0.7 192.168.105.24 0.0.0.7
deny ip 192.168.105.0 0.0.0.15 192.168.105.24 0.0.0.7
deny ip 192.168.105.16 0.0.0.7 192.168.105.24 0.0.0.7
deny ip 192.168.105.32 0.0.0.7 192.168.105.24 0.0.0.7
deny tcp any any eq www
deny tcp any any eq 443
permit ip any any
ip access-list extended Logistiek
permit udp any eq bootpc any eq bootps
permit ip 192.168.105.40 0.0.0.7 192.168.105.32 0.0.0.7
deny ip 192.168.105.0 0.0.0.15 192.168.105.32 0.0.0.7
deny ip 192.168.105.16 0.0.0.7 192.168.105.32 0.0.0.7
deny ip 192.168.105.24 0.0.0.7 192.168.105.32 0.0.0.7
deny tcp any any eq www
deny tcp any any eq 443
permit ip any any
access-list 101 permit ip 192.168.105.0 0.0.0.255 10.10.10.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
02-06-2018 01:43 PM
VPN TUnnel
Phase 1
Crypto isakmp policy 1
Authentication pre-share
Encryption des
Group 2
Hash md5
Crypto isakmp key cisco123 address 200.10.10.17
Phase 2
Crypto ipsec transform-set my-trans-set esp-3des esp-md5-hmac
Acceslist
access-list 101 permit ip 192.168.105.0 0.0.0.255 10.10.10.0 0.0.0.255
Create Crypto map to apply to interface
Crypto map mymap 1 ipsec-isakmp
Set peer 200.10.10.18
Set transform-set my-trans-set
match address 101
Interface fa0/1
Crypto map mymap
Trouble shooting
Show crypto isakmp sa -> Phase 1
Show crypto ipsec sa -> Phase 2
Verify / lookup configuration
Show crypto isakmp policy
Show crypto ipsec transform-set
Show Crypto map
02-06-2018 01:44 PM
Classless config
ip classless
ip route 192.168.105.0 255.255.255.0 Ethernet0/0/0 Router-BT
ip classless
ip route 10.10.10.0 255.255.255.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 Router hoofdkantoor
NAT instellen
int f0/0.10
ip nat inside
int f0/1
ip nat ouside
access-list 102 deny ip 192.168.105.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 102 permit ip 192.168.105.0 0.0.0.255 any
ip nat pool mypool 200.10.10.19 200.10.10.19 netmask 255.255.255.248
ip nat inside source list 102 pool mypool overload
02-06-2018 01:56 PM - edited 02-06-2018 04:20 PM
VLAN 10 -Sales (+16) |
IP Adress |
Subnet |
PRNSales |
192.168.5.2 |
/28 |
PC Sales 1 |
192.168.5.3 |
/28 |
VLAN Sub int. |
192.168.5.1 |
/28 |
VLAN 20 -Marketing(+16) |
IP Adress |
Subnet |
PRNMarketing |
192.168.5.18 |
/29 |
PC Marketing 1 |
192.168.5.19 |
/29 |
VLAN Sub int. |
192.168.5.17 |
/29 |
VLAN 30 - Finance (+8) |
Ip adress |
Subnet |
PRNFinance |
192.168.5.26 |
/29 |
PC Finance 1 |
192.168.5.27 |
/29 |
VLAN Sub int. |
192.168.5.25 |
/29 |
Switch:
Op de switch alle vlans toevoegen in de vlan database, vervolgens deze toekennen aan alle interfaces inculies de trunking poort op de interface naar de router toe. Kan eenvoudig via de config tab van een switch.
Router RT01:
Op de router instellen van subinterfaces voor iedere vlan afdeling.
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.105.1 255.255.255.240
ip access-group Sales out
permit udp any eq bootpc any eq bootps
permit ip 192.168.105.40 0.0.0.7 192.168.105.0 0.0.0.15
deny ip 192.168.105.16 0.0.0.7 192.168.105.0 0.0.0.15
deny ip 192.168.105.24 0.0.0.7 192.168.105.0 0.0.0.15
deny ip 192.168.105.32 0.0.0.7 192.168.105.0 0.0.0.15
deny tcp any any eq www
deny tcp any any eq 443
permit ip any any
als eerst alles excluden.
Vervolgens
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide