ArubaOS and Controllers

Reply
Aruba Employee

"Name" option in netdestination

There's no documentation on this, so I wanted to try to get more information about the "name" option in a netdestination. Can it be used in a policy to specify what domains a user can get to instead of listing all of the IP addresses associated with a particular domain?

I'm thinking no, but I just thought I'd ask.
Aruba

Re: "Name" option in netdestination

Which area of the WEBUI or CLI are you looking in...and which AOS version ?

On Netdestination I see options for host, network, and range... under v6.0. AOS.
Aruba Employee

Re: "Name" option in netdestination

6.1.2.1.

(Controller) (config) #netdestination test

(Controller) (config-dest) #?
host Configure a single IPv4 host
invert Use all destinations EXCEPT this destination
name Configure a single host name or domain
network Configure a IPv4 subnet
no Delete Command
range Configure a range of IPv4 addresses
Aruba

Re: "Name" option in netdestination

Thanks!

I do see what you mean on the docs. Will work with tech pubs to get this resolved.
Aruba Employee

Re: "Name" option in netdestination

Thanks Jason, but do you know what that command can be used for? :-)
Aruba

Re: "Name" option in netdestination

Haven't used it off hand, will have to do some experimentation and let you know.
Guru Elite

Re: "Name" option in netdestination


6.1.2.1.

(Controller) (config) #netdestination test

(Controller) (config-dest) #?
host Configure a single IPv4 host
invert Use all destinations EXCEPT this destination
name Configure a single host name or domain
network Configure a IPv4 subnet
no Delete Command
range Configure a range of IPv4 addresses




This is used to block traffic to/from using a domain name. Here is a working snippet:

Config Snip:

!
ip name-server 4.2.2.2
!
netdestination yahoo
name *.yahoo.com
!
netdestination google
name *.google.com
!
ip access-list session yahoo
any alias yahoo any permit
!
ip access-list session google
any alias google any deny
!
user-role logon
captive-portal default
access-list session yahoo
access-list session logon-control
access-list session captiveportal
!
user-role guest
access-list session google
access-list session allowall

This example will allow traffic to *yahoo.com in the logon role, but block traffic to *google.com in the guest role. You are correct that this is not documented properly.

Big shout to the engineer that posted this snippet.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee

Re: "Name" option in netdestination

Nice, I'll try that out. I didn't have the wildcard "*" in my netdestination and it wasn't working, so I'll be sure to add that and see how it works!
Aruba Employee

Re: "Name" option in netdestination

Well, darn. It doesn't work with a RAP with a bridge-mode VAP. I'm trying it with my backup SSID, no dice. Back to IP addresses.

You might want to be sure to document that.
Guru Elite

Re: "Name" option in netdestination

Only processed in tunnel mode.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: