Command of the Day

Reply
Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

COTD: show netdestination

In ArubaOS, you can create groups of ip addresses, ip address ranges, or entire networks, and assign them to a variable called an alias. This allows you to write firewall policies that refer to an alias, and then instead of writing a new firewall policy every time you add or remove a host, or network, you can just add or remove these elements from the alias. Creating an alias to refer to the 172.16.0.0 255.255.0.0 network and then deny any traffic to that network looks like this:

(Aruba600) (config) #netdestination thatnetwork
(Aruba600) (config-dest) #network 172.16.0.0 255.255.0.0
(Aruba600) (config-dest) #exit
(Aruba600) (config) #ip access-list session block-thatnetwork
(Aruba600) (config-sess-block-thatnetwork)#user alias thatnetwork any deny


If I simply wanted to add the address 192.168.1.1 to that alias, or netdestination "thatnetwork", I would do:

(Aruba600) (config) #netdestination thatnetwork
(Aruba600) (config-dest) #host 192.168.1.1


The "show netdestination" will also show you all the aliases, or netdestinations that you have configured on your controller. Here are a few aliases that I have configured:

(Aruba800-4) (config) #show netdestination

thatnetwork
-----------
Position Type IP addr Mask/Range
-------- ---- ------- ----------
1 network 172.16.0.0 255.255.0.0
2 host 192.168.1.1

controller
----------
Position Type IP addr Mask/Range
-------- ---- ------- ----------
1 host 192.168.15.3



Avaya_CCM
---------
Position Type IP addr Mask/Range
-------- ---- ------- ----------
1 host 1.1.1.3

SVP_Server
----------
Position Type IP addr Mask/Range
-------- ---- ------- ----------
1 host 1.1.1.2



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: