Geosite/Geoip Configuration Guide

introduction introduction geosite/geoip is a routing and policy control feature based on geographical location by leveraging precise geolocation databases, it delivers intelligent, flexible, and efficient traffic management solutions utilizing global ip address allocation information and domain name geolocation data, geosite/geoip enables fine grained control over network traffic the advantages of geosite/geoip include accurate geographical location identification, flexible traffic policy configuration, efficient database query mechanisms, and robust access control capabilities compared to traditional ip range based control methods, geosite/geoip offers greater precision, enhanced flexibility, easier maintenance, and more granular network management capabilities geosite/geoip configuration geosite/geoip configuration loading dat file loading dat file true 159,112 45863789302703,390 541362106973#4283c7 unhandled content type #4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type unhandled content type perform geosite/geoip query perform geosite/geoip query true 157,125 35746606334843,379 6425339366516#4283c7 unhandled content type #4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type unhandled content type configure acl based geosite/geoip configure acl based geosite/geoip true 210,217 97737556561086,234 02262443438914#4283c7 unhandled content type #4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type configuring pbr based geosite/geoip configuring pbr based geosite/geoip 218,171 99547511312218,272 0045248868778#4283c7 unhandled content type #4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type display and maintenance display and maintenance true 415,247#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type example of geosite/geoip configuration example of geosite/geoip configuration network requirements the enterprise network requires the device to enforce geographic location based traffic restrictions, such as blocking access to all services located in the us this can be achieved by configuring acl rules with geosite/geoip to block all traffic meeting either of the following conditions from being forwarded through the specified public network port (ethernet2 in the diagram) 1\ packets containing domains whose geosite country code is us 2\ packets without domain information but whose destination ip's geoip country code corresponds to us procedure sonic(config)# access list l3 test egress sonic(config l3 acl test)# rule 1 geoip us packet action deny sonic(config l3 acl test)# rule 2 geosite us packet action deny sonic(config l3 acl test)# exit sonic(config)# interface ethernet 2 sonic(config if 2)# acl test