Controlling Access to Domain Names

You can control a PPP subscriber’s access to certain domains on given interfaces. As the administrator, you can use the deny command to prevent PPP subscribers from using unauthorized domain names. Using the allow command, you can allow PPP subscribers to use authorized domain names.

In this example, the administrator wants to restrict access of a PPP interface to the specific domain abc.com.

  1. Create an AAA profile.
    host1(config)#aaa profile restrictToABC
  2. Specify the domain name you want to allow.
    host1(config-aaa-profile)#allow abc.com
  3. Specify the domain name you want to restrict.
    host1(config-aaa-profile)#deny default
  4. Associate the AAA profile to the designated PPP interface.
    host1(config-if)#ppp aaa-profile restrictToABC

When configured as such, the following is a likely scenario:

Related Documentation