Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series Controller AOS

651

652

653

654

655

656

657

658

659

660

651 | netdestination Dell Networking W-Series ArubaOS 6.4.x| User Guide

netdestination

netdestination <name>

description <description6>

host <ipaddr> [position <number>]

invert

name

network <ipaddr> <netmask> [position <number>]

no ...

range <start-ipaddr> <end-ipaddr> [position <number>]

Description

This command configures an alias for an IPv4 network host, subnetwork, or range of addresses.

Syntax

Parameter Description

<name>

Name for this host or domain. Maximum length is 63 characters.

description

Description about the this destination up to 128 characters long.

host

Configures a single IPv4 host and its position in the list.

invert

Specifies that the inverse of the network addresses configured are used. For

example, if a network of 172.16.0.0 255.255.0.0 is configured, this parameter

specifies that the alias matches everything except this subnetwork.

network

An IPv4 subnetwork consisting of an IP address and netmask.

Negates any configured parameter.

range

A range of IPv4 addresses consisting of sequential addresses between a lower and

an upper value. The maximum number of addresses in the range is 16. If larger

ranges are needed, convert the range into a subnetwork and use the network

parameter.

Usage

Aliases can simplify configuration of session ACLs, as you can use an alias when specifying the traffic source

and/or destination it in multiple session ACLs. Once you configure an alias, you can use it to manage network

and host destinations from a central configuration point, because all policies that reference the alias will be

updated automatically when you change the alias.

When using the invert option, use caution when defining multiple aliases, as entries are processed one at a

time. As an example, consider a netdestination configured with the following two network hosts:

netdestination dest1 invert

network 1.0.0.0 255.0.0.0

network 2.0.0.0 255.0.0.0

A frame from http://1.0.0.1 would match the first alias entry, (which allows everything except for 1.0.0.0/8) so

the frame would be rejected. However, it would then be compared against the second alias, which allows

everything except for 2.0.0.0/8, and the frame would be permitted.