This article explains the use of “netdestination” or “alias” and steps to configure it on the Aruba controller
“Alias” or “Netdestination” is created as an alias to a specific host, network or to club together a set of hosts/networks. While using this option, you need to configure the IP address of the host/network.
This can be useful if we need to allow/disallow a specific set of hosts/network then we need not permit or deny each host/network separately. We can instead create a netdestination containing those hosts/networks and allow or disallow access.
Environment : This article applies to all the controller models and AOS versions.
WebUI
- Navigate to Configuration> Stateful Firewall> Destination
- Click “Add”
- Enter IP version, Destination name and Destination description (optional).
- Enable “Invert” option if you want to specify all the destinations except the one configured in this netdestination
- Click “Add” at the bottom
- Add the new rule
- Click “add” and “Apply”.
CLI
(Aruba-620) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba-620) (config) #netdestination RDP-Host
(Aruba-620) (config-dest) #host 10.1.1.1
(Aruba-620) (config-dest) #
NOTE: Please ensure you have PEFNG license installed on the controller to configure “netdestination”.
(Aruba-620) #show netdestination
Name: ipv6-reserved-range (invert)
Position Type IP addr Mask-Len/Range
-------- ---- ------- --------------
1 network 2000:: 3
Name: controller
Position Type IP addr Mask-Len/Range
-------- ---- ------- --------------
1 host 10.1.200.10 32
Name: vrrp_ip
Position Type IP addr Mask-Len/Range
-------- ---- ------- --------------
1 host 172.16.0.250 32
Name: RDP-Host
Position Type IP addr Mask-Len/Range
-------- ---- ------- --------------
1 host 10.1.1.1 32