ArubaOS and Controllers

Reply
Aruba Employee

"Name" option in netdestination

There's no documentation on this, so I wanted to try to get more information about the "name" option in a netdestination. Can it be used in a policy to specify what domains a user can get to instead of listing all of the IP addresses associated with a particular domain?

I'm thinking no, but I just thought I'd ask.
Aruba

Re: "Name" option in netdestination

Which area of the WEBUI or CLI are you looking in...and which AOS version ?

On Netdestination I see options for host, network, and range... under v6.0. AOS.
Aruba Employee

Re: "Name" option in netdestination

6.1.2.1.

(Controller) (config) #netdestination test

(Controller) (config-dest) #?
host Configure a single IPv4 host
invert Use all destinations EXCEPT this destination
name Configure a single host name or domain
network Configure a IPv4 subnet
no Delete Command
range Configure a range of IPv4 addresses
Aruba

Re: "Name" option in netdestination

Thanks!

I do see what you mean on the docs. Will work with tech pubs to get this resolved.
Aruba Employee

Re: "Name" option in netdestination

Thanks Jason, but do you know what that command can be used for? :-)
Aruba

Re: "Name" option in netdestination

Haven't used it off hand, will have to do some experimentation and let you know.
Guru Elite

Re: "Name" option in netdestination


6.1.2.1.

(Controller) (config) #netdestination test

(Controller) (config-dest) #?
host Configure a single IPv4 host
invert Use all destinations EXCEPT this destination
name Configure a single host name or domain
network Configure a IPv4 subnet
no Delete Command
range Configure a range of IPv4 addresses




This is used to block traffic to/from using a domain name. Here is a working snippet:

Config Snip:

!
ip name-server 4.2.2.2
!
netdestination yahoo
name *.yahoo.com
!
netdestination google
name *.google.com
!
ip access-list session yahoo
any alias yahoo any permit
!
ip access-list session google
any alias google any deny
!
user-role logon
captive-portal default
access-list session yahoo
access-list session logon-control
access-list session captiveportal
!
user-role guest
access-list session google
access-list session allowall

This example will allow traffic to *yahoo.com in the logon role, but block traffic to *google.com in the guest role. You are correct that this is not documented properly.

Big shout to the engineer that posted this snippet.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Aruba Employee

Re: "Name" option in netdestination

Nice, I'll try that out. I didn't have the wildcard "*" in my netdestination and it wasn't working, so I'll be sure to add that and see how it works!
Aruba Employee

Re: "Name" option in netdestination

Well, darn. It doesn't work with a RAP with a bridge-mode VAP. I'm trying it with my backup SSID, no dice. Back to IP addresses.

You might want to be sure to document that.
Guru Elite

Re: "Name" option in netdestination

Only processed in tunnel mode.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: