Controllerless Networks

last person joined: an hour ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.

Does an IAP Role rule using Domain Name apply to multiple IP addresses resolved in DNS

  • 1.  Does an IAP Role rule using Domain Name apply to multiple IP addresses resolved in DNS

    Posted Aug 16, 2016 01:08 AM

    Im currently doing an IAP implementation where I need to intergrate with an AV solution. Wireless devices connected to the IAPs need to connect to the AV equipment by IP address (not DNS) on a different subnet. Each of the 20+ AV devices needs several ports open to it from the wireless. The open ports are the same for each device.


    My problem is that I will hit the max number of rules which is believe is 128 per IAP role. Apart from that its not every elegant having the same 5 or so rules repeated 20+ times for each AV device.

     

    This brings me to my question can I leverage the "domain name" option for the destination if the client is attempting the connection via IP?.

    If i was to have 5 rules as follows:
    allow tcp port 80 to av.example.com
    allow tcp port 443 to av.example.com 
    allow tcp port 1000 to av.example.com
    allow tcp port 2000 to av.example.com
    allow tcp port 8080 to av.example.com

     

    and av.example.com mapped to 
    172.16.1.10
    172.16.1.11

    172.16.1.12

    172.16.1.13

     

    ...

    172.16.1.26

    172.16.1.27

    172.16.1.28

    172.16.1.29
    172.16.1.30

     

    could HTTP directly to 172.16.1.27?

     

    If I then added 172.16.1.200 in DNS with av.example.com would I be able to HTTP directly to 172.16.1.200?

     

    Any information on how the destination "domain name" functions would be greatly appreciated. 

    Richard