You are here: Home > CLI Commands > Just_CLI_Topics > netdestination6

netdestination6

netdestination6 <dstname>

description <description6>

host <ipaddr> [position <number>]

invert

name <host_name>

network <ipaddr> <netmask> [position <number>]

no ...

range <start-ipaddr> <end-ipaddr> [position <number>]

Description

This command configures an alias for an IPv6 network host, subnetwork, or range of addresses.

Syntax

Parameter

Description

<dstname>

Name of the IPv6 destination host or subnetwork up to 63 characters long.

description

Description about the IPv6 netdestination up to 128 characters long.

host

Configures a single IPv6 host and position in the list.

invert

Specifies that the inverse of the network addresses configured are used. For example, if a network of fe80:0:0:0:0:0:ac10:0/128 is configured, this parameter specifies that the alias matches everything except this subnetwork.

name

Use the name parameter to specify a domain or host name inside the netdestination object. Wildcards are supported through the asterisk (*) symbol, with the limitations described in the examples below.

A wildcard ‘*’ is allowed only once and only in the beginning of the host or domain name. (For instance, *.example.com is allowed, but example*.com and *example*.com are not allowed).

If the wildcard is applied to the host, the netdestination matches all hosts ending with that specific domain. (The name *.example.com matches all hosts ending with the domain .example.com, such as demo.example.com).

If the wildcard is applied to the domain, the netdestination matches all hosts ending with that domain string. (The name *example.com matches all domains ending with example.com, such as myexample.com and domainexample.com).

network

An IPv6 subnetwork consisting of an IP address and netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses..

no

Negates any configured parameter.

range

A range of IPv6 addresses consisting of sequential addresses between a lower and an upper value. The maximum number of addresses in the range is 16. If larger ranges are needed, convert the range into a sub-network and use the network parameter.

Usage Guidelines

Aliases can simplify configuration of session ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port., as you can use an alias when specifying the traffic source and/or destination. Once you configure an alias, you can use it in multiple session ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

When using the invert option, use caution when defining multiple aliases, as entries are processed one at a time. As an example, consider a netdestination configured with the following two network hosts:

netdestination6 dest1 invert

network 2002:0:0:0:0:0:100:0/128

network 2002:0:0:0:0:0:200:0/128

A frame from http://1.0.0.1 would match the first alias entry, (which allows everything except for 2002:0:0:0:0:0:100:0/128) so the frame would be rejected. However, it would then be compared against the second alias, which allows everything except for 2002:0:0:0:0:0:200:0/128, and the frame would be permitted.

Example

The following command configures an alias for an internal network:

(host)[mynode](config) #netdestination6 Internal

(host)[mynode](config-submode) #network fe80:0:0:0:0:0:a01:0/128

The following example displays the use of extended scope of address range:

(host)[mynode](config) #netdestination6 ipv6-reserved-range

(host)[mynode](config-submode) #invert

(host)[mynode](config-submode) #network 2000::/3

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

Available on all platforms

Requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.

Config mode on Mobility Master.

/*]]>*/