You are here: Home > CLI Commands > Just_CLI_Topics > netdestination

netdestination

netdestination <dstname>

description <description6>

host <ipaddr> [position <number>] {vlan <vlanID> | offset <offset No>}

invert

name <host_name>

network <ipaddr> <netmask> [position <number>]

no ...

range <start-ipaddr> <end-ipaddr> [position <number>]

Description

This command configures an alias for an IPv4 network host, subnetwork, or range of addresses.

Syntax

Parameter

Description

<dstname>

Name for this host or domain. Maximum length is 63 characters.

description

Description about the this destination up to 128 characters long.

host

Configures a single IPv4 host and its position in the list. It also provides a sub command, vlan – offset to allow local net destination override.

invert

Specifies that the inverse of the network addresses configured are used. For example, if a network of 172.16.0.0 255.255.0.0 is configured, this parameter specifies that the alias matches everything except this subnetwork.

name

Use the name parameter to specify a domain or host name inside the netdestination object. Wildcards are supported through the asterisk (*) symbol, with the limitations described in the examples below.

A wildcard ‘*’ is allowed only once and only in the beginning of the host or domain name. (For instance, *.example.com is allowed, but example*.com and *example*.com are not allowed.)

If the wildcard is applied to the host, the netdestination matches all hosts ending with that specific domain. (The name *.example.com matches all hosts ending with the domain .example.com, such as demo.example.com.)

If the wildcard is applied to the domain, the netdestination matches all hosts ending with that domain string. (The name *example.com matches all domains ending with example.com, such as myexample.com and domainexample.com.)

network

An IPv4 subnetwork consisting of an IP address and netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses..

no

Negates any configured parameter.

range

A range of IPv4 addresses consisting of sequential addresses between a lower and an upper value. The maximum number of addresses in the range is 16. If larger ranges are needed, convert the range into a subnetwork and use the network parameter.

Usage

Aliases can simplify configuration of session ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port., as you can use an alias when specifying the traffic source and/or destination it in multiple session ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.. Once you configure an alias, you can use it to manage network and host destinations from a central configuration point, because all policies that reference the alias will be updated automatically when you change the alias.

When using the invert option, use caution when defining multiple aliases, as entries are processed one at a time. As an example, consider a netdestination configured with the following two network hosts:

netdestination dest1

invert

network 1.0.0.0 255.0.0.0

network 2.0.0.0 255.0.0.0

A frame from http://1.0.0.1 would match the first alias entry, (which allows everything except for 1.0.0.0/8) so the frame would be rejected. However, it would then be compared against the second alias, which allows everything except for 2.0.0.0/8, and the frame would be permitted.

Example

The following command configures an alias for an internal network:

(host)[node](config) #netdestination Internal

(host)[node](config-dest) #network 10.1.0.0 255.255.0.0

Example

The following command overrides the local network destination:

(host)[node](config #netdestination store

(host)[node](config-dest) #host vlan 55 offset 36

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.

Config mode on Mobility Master.

/*]]>*/