Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring Network Aliases
Aliases allow you to name your network ports, protocols, and services in a simple yet understandable way. When configuring multiple ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port., you can use a common alias instead of providing details of the network ports, protocols, and services each time.
A network alias defines a TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. , UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received., or IP protocol and a list or range of ports supported by that service. You can use a network alias when specifying a network service for multiple session ACLs.
To configure a network alias, complete the following steps:
- In the WebUI, set the filter to a group that contains at least one AP.
- Under , click .
- Click the icon.
- Click Security tab.
- Click .
- In the pane, click to add a new network alias and configure the following parameters.
- Name—Enter a name of the network alias.
- Description—Enter description text for the alias.
- Items—Click the + icon to add destination The following types are available
- If Host IP type is selected, enter IP address.
- If Host Name type is selected, enter Domain/Host name.
- If Host VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. Offset is selected, enter Host VLAN and VLAN Offset.
- If Network VLAN is selected, enter Network VLAN.
- If Network is selected, enter Network Prefix and Network Mask.
- If IP Range is selected, enter Start IP address and End IP Address.
- Click OK.
- Click Save.
The dashboard context for a group is displayed.
Netdestination and Alias
The netdestination feature simplifies configuration of session or route ACLs by grouping a set of network destinations, and using the netdestinations as aliases in ACL policies.The netdestination feature allows you to create an alias for a specific host, network, IP address range, DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. name, or a combination of all of them on APs. To use netdestination, you must configure an IPv4 address or DNS name.
You can use aliases to allow or block specific host, network, or both. When you have multiple hosts or networks to allowlist or denylist, you can create a single alias and add the list of hosts or network's IP addresses to it. This helps in allowing or blocking multiple entries at the same time.
You can use an alias when specifying the traffic source and/or destination in multiple session ACLs or route ACLs. Once you configure an alias, you can use it to manage network and host destinations from a central configuration point, because all policies that reference the alias are updated automatically when you change the alias.
AOS-10.2.0.0 does not support netdestination for IPv6 address.
The following commands configure an alias for an IPv4 network host, subnetwork, or range of addresses:
(host)[mynode](config) #netdestination test
(host)[mynode](config-submode) #description exampleConfiguration
(host)[mynode](config-submode) #host 10.17.72.5
(host)[mynode](config-submode) #network 1.1.1.0 255.255.255.240
(host)[mynode](config-submode) #range 2.1.1.69 2.1.1.72
(host)[mynode](config-submode) #name hpe.com
The following are the various commands used to troubleshoot netdestination profile:
- To view the configured and pre-defined aliases:
COMMAND=show netdestination Name: :test
Description: :exampleConfiguration
Destination ID: :1 Position Type IP addr Mask-Len/Range -------- ---- ------- -------------- 1 host 10.1.1.41 32
2 name 0.0.0.2 www.baidu.com
3 network 10.65.155.0 255.255.255.192
COMMAND=show netdestination test Name: :test Destination ID: :1 Position Type IP addr Mask-Len/Range -------- ---- ------- -------------- 1 host 10.1.1.41 32 2 name 0.0.0.2 www.baidu.com 3 network 10.65.155.0 255.255.255.192 Destination ID = 1, start-index = 1
1: 0 10.1.1.41 255.255.255.255
2: 1 0.0.0.2 255.255.255.255
3: 3 10.65.155.0 255.255.255.0 Total netdestination entries in use = 1 Total free netdestination entries = 1023 Available netdestination entries at bottom = 1023 Next netdestination entry to use = 1 (table 0)
- To view the netdestination profile configuration in datapath table:
COMMAND=show datapath netdest-id Datapath Netdest Table ---------------------- ID Type Count Start Index -- ---- ----- ----------- 2 v4 6 1
COMMAND=show datapath netdest-id 2 Datapath Netdest Entries for netdest id 2 ----------------------------------------- Index Type Value ----- ---- ----- 0 Host 10.1.1.41 2 NAME(DNS list id) 2 3 Range 1.1.1.4 to 1.1.1.9 5 Subnet Subnet is the logical division of an IP network. 10.65.155.0 255.255.255.192
- To check if the domain name is configured under netdestination:
COMMAND=show acl domains role-domain ----------- ID role-domain inused -- ----------- ------ 1 device.arubanetworks.com used(1) 2 device-smoke1.arubathena.com used(2) 3 activate-frm5-cf.arubathena.com used(1) 4 smoke1-cgqa-elb.arubathena.com used(1)
COMMAND=show datapath dns-id-map entry:0 id:9 yoda-cgqa.arubathena.com entry:1 id:2 licdn.com entry:2 id:3 twimg.com
