Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Force source interface.

Hi NetPros:

Is there any way to force the outbound interface of the router?

I mean, when router does ping, dns, queries, ntp, etc... is doing with the interface nearest to destination, does it?

I need router do queries, pings, and so on with source internal private ip and later nat to inside public ip.

Any advice?

Thanks in advance and best regards,



Re: Force source interface.


For ping use, "ping ip source ".

Other service like TACACS for example can control the source interface "ip tacacs source-interface <>".


Mohammed Mahmoud.

New Member

Re: Force source interface.

Hi Mohammed:

I need this cause router is dns server and it does queries unattended. I need to force source interface all time.

Thanks and regards,


New Member

Re: Force source interface.

I've never come across a way to force source-interface for DNS on Cisco routers (in fact, I've never come across a Cisco router being used as a DNS server!). I tried searching Cisco's doco, as well as trying several commands on an actual router. No joy.

However, most other protocols in Cisco routers have specific commands to force their source-interface. E.g.:

- NTP: ntp source

- SNMP Trap: snmp-server trap-source

- TFTP: ip tftp source-interface

- FTP: ip ftp source-interface

- SSH: ip ssh source-interface

- TACACS: ip tacacs source-interface

- RADIUS: ip radius source-interface

etc. etc. etc.


New Member

Re: Force source interface.

I saw the option to force the source interface of other protocols, but cisco has the built-in dns server (proxy server), and why not to use?

I remember other issue updating dyndns ip cause not to be able to force source interface.

This necesity is due to be able to map a range of ports to a internal server. I need an ip nat:

ip nat inside source static PrivateIP PublicIP/Interface

I only have one public ip. Router's dns queries or any other access to internet is doing with the ip of the nearest interface (PublicIP). And due to ip nat statement, all replies are natted to internal server, so router hasn't access.

I put other conversation and the result is that this approach is not possible with Cisco (when "every cheap" routers does).

Any advices?

Thanks and best regards,


New Member

Re: Force source interface.

Sorry Olaf... I don't have much experience with NAT-ing on Cisco routers (been using Firewalls mostly). But, I was thinking... maybe unnumbered interface may help somehow?

New Member

Re: Force source interface.

I'll try your sugestion. Any configuration example?

I thought with loopback interface too.