Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
694
Views
0
Helpful
6
Replies

Stop Cisco Switch from Sending DNS Query for www.cisco.com

Go to solution
Eri5X5
Level 1
Level 1

‎12-17-2024 09:57 PM

Hi All,

Hope you all have a lovely day.

I am stuck in trying to figure out why my switch (CBS350-48P-4X) receive a management acl packet from 23.204.65.31 (Akamai tech). We have set up acl for management interface and we received multiple logs of packets being dropped (which prove that it worked).

From what I have observed from packet capture, it looks like my switch (192.168.10.33) was sending dns query for www.cisco.com and receive multiple cname records including e2867.dsca.akamaiedge.net, 23.204.65.31. Then it send a tcp packet to that IP, then receive a reply which got blocked by the ACL.

I have seen another post that this seems to be the case (https://community.cisco.com/t5/switching/cisco-switches-constant-dns-resolution-of-cisco-com-and-www/td-p/4557528).

However my concern would be, why is my switch trying to contact www.cisco.com ? Is there a feature I am not aware of ? (Cloud management or etc) 

I have attached the relevant packet capture, any help is appreciated

Labels:
Akamai Packet Capture.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Eri5X5
Level 1
Level 1

‎12-19-2024 09:40 PM

Hi All, just found out the cause of these DNS queries for Cisco.com. By default, the PnP state of this CBS350 switch is on and it tried to resolve using DNS to "devicehelper.cisco.com" using the default settings.

Once disabled, we do not see any more queries for www.cisco.com.

Here is the link for PNP documentation for CBS350: https://www.cisco.com/c/en/us/td/docs/switches/lan/csbms/CBS_250_350/Administration-Guide/cbs-350/cbs_350_chapter_07.html#ID-000012d7 

Hope this helps !

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Mancunian
Spotlight
Spotlight

‎12-18-2024 01:26 AM

Hi, May be on your switch enabled automatic software updates feature which involves contacting cisco's servers to check for the latest version, or your switch may try to contact cisco servers to validate Smart licensing

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP

‎12-18-2024 03:27 AM

@Eri5X5 

 As far as I know this switch does not support automatic update, actually, no cisco device I know does. My suspicious is this related to DNS serch list, which function is unclear. Probably you can change this to something else or disable DNS service if you dont need it.

 

FlavioMiranda_0-1734521163142.png

 

0 Helpful

Go to solution
Eri5X5
Level 1
Level 1
In response to Flavio Miranda

‎12-18-2024 02:25 PM

Hi @Flavio Miranda thanks for the input. I didn't see any on DNS Search List from my end. Yeah, disabling DNS will help, but I am tasked to figure out the reasoning behind the issue so cant put a blind eye on it.

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Eri5X5

‎12-18-2024 02:59 PM

@Eri5X5 

Make sure you have advanced on the top right hand side. And then check in Central IP contiguration > DNS

0 Helpful

Go to solution
Eri5X5
Level 1
Level 1
In response to Flavio Miranda

‎12-18-2024 03:34 PM

@Flavio Miranda Yes, can confirm its on Advanced view and nothing is on DNS search list.

0 Helpful

Go to solution
Eri5X5
Level 1
Level 1

‎12-19-2024 09:40 PM

Hi All, just found out the cause of these DNS queries for Cisco.com. By default, the PnP state of this CBS350 switch is on and it tried to resolve using DNS to "devicehelper.cisco.com" using the default settings.

Once disabled, we do not see any more queries for www.cisco.com.

Here is the link for PNP documentation for CBS350: https://www.cisco.com/c/en/us/td/docs/switches/lan/csbms/CBS_250_350/Administration-Guide/cbs-350/cbs_350_chapter_07.html#ID-000012d7 

Hope this helps !

0 Helpful
Customers Also Viewed These Support Documents