You are here: Home > CLI Commands > Just_CLI_Topics > netdestination6


netdestination6 <dstname>

description <description6>

host <ipaddr> [position <number>]


name <host_name>

network <ipaddr> <netmask> [position <number>]

no ...

range <start-ipaddr> <end-ipaddr> [position <number>]


This command configures an alias for an IPv6 network host, subnetwork, or range of addresses.





Name of the IPv6 destination host or subnetwork up to 63 characters long.


Description about the IPv6 netdestination up to 128 characters long.


Configures a single IPv6 host and position in the list.


Specifies that the inverse of the network addresses configured are used. For example, if a network of fe80:0:0:0:0:0:ac10:0/128 is configured, this parameter specifies that the alias matches everything except this subnetwork.


Use the name parameter to specify a domain or host name inside the netdestination object. Wildcards are supported through the asterisk (*) symbol, with the limitations described in the examples below.

A wildcard ‘*’ is allowed only once and only in the beginning of the host or domain name. (For instance, * is allowed, but example*.com and *example*.com are not allowed).

If the wildcard is applied to the host, the netdestination matches all hosts ending with that specific domain. (The name * matches all hosts ending with the domain, such as

If the wildcard is applied to the domain, the netdestination matches all hosts ending with that domain string. (The name * matches all domains ending with, such as and


An IPv6 subnetwork consisting of an IP address and netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses..


Negates any configured parameter.


A range of IPv6 addresses consisting of sequential addresses between a lower and an upper value. The maximum number of addresses in the range is 16. If larger ranges are needed, convert the range into a sub-network and use the network parameter.

Usage Guidelines

Aliases can simplify configuration of session ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port., as you can use an alias when specifying the traffic source and/or destination. Once you configure an alias, you can use it in multiple session ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

When using the invert option, use caution when defining multiple aliases, as entries are processed one at a time. As an example, consider a netdestination configured with the following two network hosts:

netdestination6 dest1 invert

network 2002:0:0:0:0:0:100:0/128

network 2002:0:0:0:0:0:200:0/128

A frame from would match the first alias entry, (which allows everything except for 2002:0:0:0:0:0:100:0/128) so the frame would be rejected. However, it would then be compared against the second alias, which allows everything except for 2002:0:0:0:0:0:200:0/128, and the frame would be permitted.


The following command configures an alias for an internal network:

(host)[mynode](config) #netdestination6 Internal

(host)[mynode](config-submode) #network fe80:0:0:0:0:0:a01:0/128

The following example displays the use of extended scope of address range:

(host)[mynode](config) #netdestination6 ipv6-reserved-range

(host)[mynode](config-submode) #invert

(host)[mynode](config-submode) #network 2000::/3

Command History




Command introduced.

Command Information



Command Mode

Available on all platforms

Requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.

Config mode on Mobility Master.