Configure IP Objects and Host Names

An IP object or host name is a network object that you can reference in IP firewall policy rules as a Layer 3 source or destination, and as a DNS server in a DNS assignment. An IP object or host name can be used by configuration objects throughout the ExtremeCloud‌ IQ GUI. IP objects and host names can be used to identify RADIUS clients that belong to the same user profile. For more information about RADIUS clients, see Configure an External RADIUS Server.

Use this task to configure an IP object and Host name.

  1. Go to Configure > Common Objects > Basic > IP Objects / HostNames.
  2. Select an existing IP object or host name, and then select Edit, or select Add.
    Note

    Note

    You cannot change the object type of an existing IP object or host name.
    • To delete an IP object and host name, select the object(s) and then select Delete.
    • To clone an existing IP object and host name, select clone.
  3. Type a Name for the new object.
  4. Select an object type from the menu, and then configure the settings.
    Table 1. Object Types
    Object Type Description
    IP Address Define an IP Address for a host.
    Note: When you select IP Address, ExtremeCloud‌ IQ automatically sets a 32-bit netmask (255.255.255.255) for all IP addresses that you apply to this object.
    Host Name Type a resolvable Host Name, up to 64 characters long.
    Network

    Define a Subnet IP address and Subnet Mask.

    Like an IPv4 address, a netmask is a 32-bit binary number commonly represented in dot-decimal notation. A netmask shows which part of an IP address is the subnet address and which part is the host address. For example, entering a netmask of 255.255.255.0 for IP address 10.1.1.5, indicates that the first 24 bits are the subnet ID (10.1.1) and the last 8 bits are the host ID (from 0 to 255), which in this case would be 5. When defining an IP address for a subnet, the host section of the address is irrelevant. Therefore, you can enter the previous example IP address/netmask as follows:

    • Subnet IP: 10.1.1.0
    • Subnet Mask: 255.255.255.0
    IP Range Define a Range Start and Range End of IP addresses. This option is useful if the range of IP addresses does not easily conform to a standard range of IP addresses with its own subnet mask.
    Wildcard

    When creating an IP object/host name using a Wildcard Mask, the mask uses 0 to mask one or more octets in an IP address, thereby applying the IP object/host name to all addresses that match the unmasked parts of the address.

    For example, if there is a consistent addressing scheme at multiple sites (10.1.1.0/24, 10.1.2.0/24, 10.1.3.0/24, and so on), and each site uses the same host ID in the address for their HTTP proxy servers (2, for example), then you can create a Wildcard IP and Wildcard Mask of 10.1.0.2 255.255.0.255. This IP object/host name applies to the HTTP proxy server at all sites, making it a useful network object to use in a single network policy that is applied to ExtremeCloud‌ IQ devices at those sites.

    Tip: You might find it useful to view a wildcard mask as a superset of a netmask; that is, it can accomplish the same goals as a netmask—in which case it makes more sense to use a netmask for such a task—plus it can mask parts of an address in ways that a netmask cannot.
    Wildcard Host Name
  5. To add a classification rule:
    1. Select .
      Important

      Important

      Classification rules for IP objects are currently only supported when IP objects are used to create firewall rules.
    2. To create and assign a new classification rule, select add assignment, type a Name and a Description for the rule, select Add to select a rule type, and then select Save Rule.
      Select Add for each new rule you want to include. Select Edit to edit, or Delete to delete, an existing rule. Use the up and down arrows in the Order column to define the order in which the rules appear.
      Table 2. Rule types
      Selected rule type Do this
      Device Location
      1. Drill down until you reach the location level at which the device resides.
      2. Select Select.

      The location appears in the Classification Rules table.
      Cloud Config Group
      1. Select the Match Type.
      2. Select an existing group from the Select menu, or select Add.

        For more information, see Add a Cloud Config Group.

      3. Select CLOUD CONFIG GROUP.
      4. Select CONTINUE.
      IP Address
      1. From the Match Type menu, select Contains or Does Not Contain.
      2. Select Add, or select an existing IP address from the Select menu.

        If you do not see the IP address that you want, select New to create a new IP address.

      3. Select SAVE IP.
      4. Select CONTINUE.
      IP Subnet
      1. From the Match Type menu, select Contains or Does Not Contain.
      2. Select Add, or select an existing IP subnet from the Select menu.

        If you do not see the IP subnet that you want, select New to create a new IP subnet.

      3. Select SAVE SUBNET.
      4. Select CONTINUE.
      IP Range
      1. From the Match Type menu, select Contains or Does Not Contain.
      2. Select Add, or select an existing IP range from the Select menu.

        If you do not see the IP range that you want, select New to create a new IP range.

      3. Select SAVE IP.
      4. Select CONTINUE.
    3. To assign an existing classification rule, select assign classification, select an existing classification rule, and then select Link.
    4. Select the arrow in the Assignment Description column to view a summary of the linked classification rules.
  6. Select SAVE IP OBJECT.
9038986-00 Rev AA