alias

Profile Config Commands

Configures network, VLAN, and service aliases. The aliases defined on this profile applies to all devices using this profile. Aliases can be also defined at the device level.

Note

Note

You can apply overrides to aliases at the device level. Overrides applied at the device level take precedence. For more information on aliases, see alias (global config mode).

Supported on the following devices:

Syntax

alias [address-range|encrypted-string|hashed-string|host|network|network-group|
network-service|number|string|vlan]

alias address-range <ADDRESS-RANGE-ALIAS-NAME> <STARTING-IP> to <ENDING-IP>

alias encrypted-string <ENCRYPTED-STRING-ALIAS-NAME> <LINE>

alias hashed-string <HASHED-STRING-ALIAS-NAME> <LINE>

alias host <HOST-ALIAS-NAME> <HOST-IP>

alias network <NETWORK-ALIAS-NAME> <NETWORK-ADDRESS/MASK>

alias network-group <NETWORK-GROUP-ALIAS-NAME> [address-range|host|network]

alias network-group <NETWORK-GROUP-ALIAS-NAME> 
[address-range <STARTING-IP> to <ENDING-IP>|host <HOST-IP>|network <NETWORK-ADDRESS/MASK>]

alias network-service <NETWORK-SERVICE-ALIAS-NAME> 
proto [<0-254>|<WORD>|eigrp| gre|igmp|igp|ospf|vrrp]
 {(<1-65535>|<WORD>|bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|ntp|pop3|proto|sip|smtp|
sourceport|ssh|telnet|tftp|www)}

alias number <NUMBER-ALIAS-NAME> <0-4294967295>

alias string <STRING-ALIAS-NAME> <LINE>

alias vlan <VLAN-ALIAS-NAME> <1-4094>

Parameters

alias address-range <ADDRESS-RANGE-ALIAS-NAME> <STARTING-IP> to <ENDING-IP>
address-range <ADDRESS-RANGE-ALIAS-NAME> Creates a new address-range alias for this profile. Or associates an existing address-range alias with this profile. An address-range alias maps a name to a range of IP addresses. Use this option to create unique address-range aliases for different deployment scenarios.
For example, if an ACL defines a pool of network addresses as 192.168.10.10 through 192.168.10.100 for an entire network, and a remote location‘s network range is 172.16.13.20 through 172.16.13.110, the remote location‘s ACL can be overridden using an alias. At the remote location, the ACL works with the 172.16.13.20-110 address range. A new ACL need not be created specifically for the remote deployment location.
  • <ADDRESS-RANGE-ALIAS-NAME> – Specify the address range alias name.
    Note: Alias name should begin with ‘$‘.
<STARTING-IP> to <ENDING-IP> Associates a range of IP addresses with this address range alias
  • <STARTING-IP> – Specify the first IP address in the range.
    • to <ENDING-IP> – Specify the last IP address in the range.

Aliases defined at any given level can be overridden at the next lower levels. For example, a global alias can be redefined on a selected set of RF Domains, profiles, or devices. Overrides applied at the device level take precedence.

 
alias encrypted-string <ENCRYPTED-STRING-ALIAS-NAME> <LINE>
encrypted-string <ENCRYPTED-STRING-ALIAS-NAME> Creates an alias for an encrypted string. Use this alias for string configuration values that are encrypted when "password-encryption" is enabled. For example, in the management-policy, use it to define the SNMP community string. For more information, see snmp-server (management policy config mode).
  • <ENCRYPTED-STRING-ALIAS-NAME> – Specify the encrypted-string alias name.

Alias name should begin with ‘$‘.
<LINE> Configures the value associated with the alias name specified in the previous step
  • <LINE> – Configures the alias value
Note: If password-encryption is enabled, in the show > running-config output, this clear text is displayed as an encrypted string, as shown below:
nx9500-6C8809(config)#show running-config
!...............................
alias encrypted-string $enString 2 fABMK2is7UToNiZE3MQXbgAAAAxB0ZIysdqsEJwr6AH/Da//
!
--More--
nx9500-6C8809

In the above output, the ‘2‘ displayed before the encrypted-string alias value indicates that the displayed text is encrypted and not a clear text.
However, if password-encryption is disabled the clear text is displayed as is:
nx9500-6C8809(config)#show running-config
!...............................
!
alias encrypted-string $enString 0 test11223344
!
--More--
nx9500-6C8809

For more information on enabling password-encryption, see password-encryption.

 
alias hashed-string <HASHED-STRING-ALIAS-NAME> <LINE>
hashed-string <HASHED-STRING-ALIAS-NAME> Creates an alias for a hashed string. Use this alias for configuration values that are hashed strings, such as passwords. For example, in the management-policy, use it to define the privilege mode password. For more information, see privilege-mode-password (management-policy mode).
  • <HASHED-STRING-ALIAS-NAME> – Specify the hashed-string alias name.

Alias name should begin with ‘$‘.
<LINE> Configures the hashed-string value associated with this alias.
nx9500-6C8809(config)#show running-config
!
alias encrypted-string $WRITE 2 sBqVCDAoxs3oByF5PCSuFAAAAAd7HT2+EiT/l/BXm9c4SBDv
!
alias hashed-string $PriMode 1 faffdde27cb49ad634ea20df4f7c8ef2685894d10ffcb1b2efba054112ecfc75
--More--
nx9500-6C8809

In the above show > running-config output, the ‘1‘ displayed before the hashed-string alias value indicates that the displayed text is hashed and not clear text.

 
alias host <HOST-ALIAS-NAME> <HOST-IP>
host <HOST-ALIAS-NAME> Creates a new host alias for this profile. Or associates an existing host alias with this profile. A host alias configuration is for a particular host device‘s IP address. Use this option to create unique host aliases for different deployment scenarios. For example, if a central network DNS server is set a static IP address, and a remote location‘s local DNS server is defined, this host can be overridden at the remote location. At the remote location, the network is functional with a local DNS server, but uses the name set at the central network. A new host need not be created at the remote location. This simplifies creating and managing hosts and allows an administrator to better manage specific local requirements.
  • <HOST-ALIAS-NAME> – Specify the host alias name.

Alias name should begin with ‘$‘.
<HOST-IP> Associates the network host‘s IP address with this host alias
  • <HOST-IP> – Specify the network host‘s IP address.

Aliases defined at any given level can be overridden at the next lower levels. For example, a global alias can be redefined on a selected set of RF Domains, profiles, or devices. Overrides applied at the device level take precedence.

 
alias network <NETWORK-ALIAS-NAME> <NETWORK-ADDRESS/MASK>
network <NETWORK-ALIAS-NAME> Creates a new network alias for this profile. Or associates an existing network alias with this profile. A network alias configuration is utilized for an IP address on a particular network. Use this option to create unique Network aliases for different deployment scenarios. For example, if a central network ACL defines a network as 192.168.10.0/24, and a remote location‘s network range is 172.16.10.0/24, the ACL can be overridden at the remote location to suit their local (but remote) requirement.

At the remote location, the ACL functions with the 172.16.10.0/24 network. A new ACL need not be created specifically for the remote deployment. This simplifies ACL definition and allows an administrator to better manage specific local requirements.

  • <NETWORK-ALIAS-NAME> – Specify the network alias name.

Alias name should begin with ‘$‘.
<NETWORK-ADDRESS/MASK> Associates a single network with this network alias
  • <NETWORK-ADDRESS/MASK> – Specify the network‘s address and mask.

Aliases defined at any given level can be overridden at the next lower levels. For example, a global alias can be redefined on a selected set of RF Domains, profiles, or devices. Overrides applied at the device level take precedence.

 
alias network-group <NETWORK-GROUP-ALIAS-NAME> [address-range <STARTING-IP> to <ENDING-IP>
 {<STARTING-IP> to <ENDING-IP>}|host <HOST-IP> {<HOST-IP>}| network <NETWORK-ADDRESS/MASK> 
{<NETWORK-ADDRESS/MASK>}]
network <NETWORK-GROUP-ALIAS-NAME> Creates a new network-group alias for this profile. Or associates an existing network-group alias with this profile.
  • <NETWORK-GROUP-ALIAS-NAME> – Specify the network-group alias name.

Alias name should begin with ‘$‘.

The network-group aliases are used in ACLs, to define the network-specific components. ACLs using aliases can be used across sites by re-defining the network-group alias elements at the device or profile level.

After specifying the name, specify the following: a range of IP addresses, host addresses, or a range of network addresses.

Aliases defined at any given level can be overridden at the next lower levels. For example, a global alias can be redefined on a selected set of RF Domains, profiles, or devices. Overrides applied at the device level take precedence.
address-range <STARTING-IP> to <ENDING-IP> {<STARTING-IP> to <ENDING-IP>} Associates a range of IP addresses with this network-group alias
  • <STARTING-IP> – Specify the first IP address in the range.
    • to <ENDING-IP> – Specify the last IP address in the range.
      • <STARTING-IP> to <ENDING-IP> – Optional. Specifies more than one range of IP addresses. A maximum of eight (8) IP address ranges can be configured.
host <HOST-IP> {<HOST-IP>} Associates a single or multiple hosts with this network-group alias
  • <HOST-IP> – Specify the host‘s IP address.
    • <HOST-IP> – Optional. Specifies more than one host. A maximum of eight (8) hosts can be configured.
network <NETWORK-ADDRESS/MASK> {<NETWORK-ADDRESS/MASK>} Associates a single or multiple networks with this network-group alias
  • <NETWORK-ADDRESS/MASK> – Specify the network‘s address and mask.
    • <NETWORK-ADDRESS/MASK> – Optional. Specifies more than one network. A maximum of eight (8) networks can be configured.
 
alias network-service <NETWORK-SERVICE-ALIAS-NAME> proto [<0-254>|<WORD>|eigrp|
gre|igmp|igp|ospf|vrrp] {(<1-65535>|<WORD>|bgp|dns|ftp|ftp-data|gopher|https|ldap|nntp|
ntp|pop3|proto|sip|smtp|sourceport [<1-65535>|<WORD>]|ssh|telnet|tftp|www)}
alias network-service <NETWORK-SERVICE-ALIAS-NAME> Creates a new network-service alias for this profile. Or associates an existing network-service alias with this profile. A network service alias is a set of configurations that consist of protocol and port mappings. Both source and destination ports are configurable. For each protocol, up to 2 source port ranges and up to 2 destination port ranges can be configured. A maximum of 4 protocol entries can be configured per network service alias.

<NETWORK-SERVICE-ALIAS-NAME> – Specify a network-service alias name.

Note: Alias name should begin with ‘$‘.

The network-service aliases are used in ACLs, to define the service-specific components. ACLs using aliases can be used across sites by re-defining the network-service alias elements at the device or profile level.

Note: Aliases defined at any given level can be overridden at the next lower levels. For example, a global alias can be redefined on a selected set of RF Domains, profiles, or devices. Overrides applied at the device level take precedence.
proto [<0-254>| <WORD>|eigrp|gre| igmp|igp|ospf|vrrp] Use one of the following options to associate an Internet protocol with this network-service alias:
  • <0-254> – Identifies the protocol by its number. Specify the protocol number from 0 - 254. This is the number by which the protocol is identified in the Protocol field of the IPv4 header and the Next Header field of IPv6 header. For example, the User Datagram Protocol (UDP) designated number is 17.
  • <WORD> – Identifies the protocol by its name. Specify the protocol name.
  • eigrp – Selects Enhanced Interior Gateway Routing Protocol (EIGRP). The protocol number 88.
  • gre – Selects Generic Routing Encapsulation (GRE). The protocol number is 47.
  • igmp – Selects Internet Group Management Protocol (IGMP). The protocol number is 2.
  • igp – Selects Interior Gateway Protocol (IGP). The protocol number is 9.
  • ospf – Selects Open Shortest Path First (OSPF). The protocol number is 89.
  • vrrp – Selects VRRP (Virtual Router Redundancy Protocol). The protocol number is 112.
{(<1-65535>| <WORD>|bgp|dns| ftp|ftp-data|gopher| https|ldap|nntp|ntp| pop3|proto|sip|smtp| sourceport [<1-65535>| <WORD>]|ssh|telnet| tftp|www)} After specifying the protocol, you may configure a destination port for this service. These keywords are recursive and you can configure multiple protocols and associate multiple destination and source ports.
  • <1-65535> – Optional. Configures a destination port number from 1 - 65535
  • <WORD> – Optional. Identifies the destination port by the service name provided. For example, the secure shell (SSH) service uses TCP port 22.
  • bgp – Optional. Configures the default Border Gateway Protocol (BGP) services port (179)
  • dns – Optional. Configures the default Domain Name System (DNS) services port (53)
  • ftp – Optional. Configures the default File Transfer Protocol (FTP) control services port (21)
  • ldap – Optional. Configures the default Lightweight Directory Access Protocol (LDAP) services port (389)
  • ftp-data – Optional. Configures the default FTP data services port (20)
  • gopher – Optional. Configures the default gopher services port (70)
  • https – Optional. Configures the default HTTPS services port (443)
  • nntp – Optional. Configures the default Newsgroup (NNTP) services port (119)
  • ntp – Optional. Configures the default Network Time Protocol (NTP) services port (123)
  • proto – Optional. Use this option to select another Internet protocol in addition to the one selected in the previous step.
  • sip – Optional. Configures the default SIP (Session Initiation Protocol) services port (5060).
  • sourceport [<1-65535>|<WORD>] – Optional. After specifying the destination port, you may specify a single or range of source ports.
    • <1-65535> – Specify the source port from 1 - 65535.
    • <WORD> – Specify the source port range, for example 1-10.
  • ssh – Optional. Configures the default SSH services port (22)
  • telnet – Optional. Configures the default Telnet services port (23)
  • tftp – Optional. Configures the default Trivial File Transfer Protocol (TFTP) services port (69)
  • www – Optional. Configures the default HTTP services port (80)
 
alias number <NUMBER-ALIAS-NAME> <0-4294967295>
alias number <NUMBER-ALIAS-NAME> <0-4294967295> Creates a number alias identified by the <NUMBER-ALIAS-NAME> keyword. Number aliases map a name to a numeric value. For example, ‘alias number $NUMBER 100‘. In this exmple,
  • The number alias name is: $NUMBER
  • The value assigned is: 100

The value d by alias $NUMBER, wherever used, is 100.

  • <NUMBER-ALIAS-NAME> – Specify the number alias name.
    • <0-4294967295> – Specify the number, from 0 - 4294967295, assigned to the number alias created.
Note: Alias name should begin with ‘$‘.
 
alias string <STRING-ALIAS-NAME> <LINE>
alias string <STRING-ALIAS-NAME> Creates a new string alias for this profile. Or associates an existing string alias with this profile. String aliases map a name to an arbitrary string value. Use this option to create unique string aliases for different deployment scenarios. For example, if the main domain at a remote location is called loc1.domain.com and at another deployment location it is called loc2.domain.com, the alias can be overridden at the remote location to suit the local (but remote) requirement. At one remote location, the alias functions with the loc1.domain.com domain and at the other with the loc2.domain.com domain.
  • <STRING-ALIAS-NAME> – Specify the string alias name.
    • <LINE> – Specify the string value.
Note: Alias name should begin with ‘$‘.

Aliases defined at any given level can be overridden at the next lower levels. For example, a global alias can be redefined on a selected set of RF Domains, profiles, or devices. Overrides applied at the device level take precedence.

 
alias vlan <VLAN-ALIAS-NAME> <1-4094>
alias vlan <VLAN-ALIAS-NAME> Creates a new VLAN alias for this profile. Or associates an existing VLAN alias with this profile. A VLAN alias maps a name to a VLAN ID. A VLAN alias is a configuration for optimal VLAN re-use and management for local and remote deployments. Use this option to create unique VLANs aliases for different deployment scenarios. For example, if a VLAN ID is set as 10 for the central network, and the VLAN is set as 26 at a remote location, the VLAN can be overridden at the remote location using an alias.
At the remote location, the network is functional with an ID of 26, but utilizes the name defined at the central local network. A new VLAN need not be created specifically at the remote location.
  • <VLAN-ALIAS-NAME> – Specify the VLAN alias name.
Note: Alias name should begin with ‘$‘.
<1-4094> Maps the VLAN alias to a VLAN ID
  • <1-4094> – Specify the VLAN ID from 1 - 4094.

Aliases defined at any given level can be overridden at the next lower levels. For example, a global alias can be redefined on a selected set of RF Domains, profiles, or devices. Overrides applied at the device level take precedence.

Example

The following example shows the global aliases configured. Note the network-service alias ‘$kerberos‘ settings:

nx9500-6C8809(config)#show running-config | include alias
alias network-group $NetGrpAlias address-range 192.168.13.7 to 192.168.13.16 192.168.13.20 to 192.168.13.25
alias network-group $NetGrpAlias network 192.168.13.0/24 192.168.16.0/24
alias network $NetworkAlias 192.168.13.0/24
alias host $HostAlias 192.168.13.10
alias address-range $AddRanAlias 192.168.13.10 to 192.168.13.13
alias network-service $kerberos proto tcp 23 proto udp 25
alias vlan $VlanAlias 1
alias string $AREA Ecospace
alias string $IN-Blr-EcoSpace-Floor-4 IBEF4
alias encrypted-string $READ 2 CdO6glQ9w29hybKxfbd6JwAAAAa7lKMBMk9EiDQfFRf9kegO
alias hashed-string $PriMode 1 faffdde27cb49ad634ea20df4f7c8ef2685894d10ffcb1b2efba054112ecfc75
nx9500-6C8809(config)#

The following examples show the overrides applied to the network-service alias ‘$kerberos‘ at the profile level:

nx9500-6C8809(config-profile-testap505)#alias network-service $kerberos proto tcp 22 proto udp 389

The following example shows the overrides applied to the network-service alias ‘$kerberos‘ at the profile level:

nx9500-6C8809(config-profile-testap505)#show running-config | include alias
alias network-group $NetGrpAlias address-range 192.168.13.7 to 192.168.13.16 192.168.13.20 to 192.168.13.25
alias network-group $NetGrpAlias network 192.168.13.0/24 192.168.16.0/24
alias network $NetworkAlias 192.168.13.0/24
alias host $HostAlias 192.168.13.10
alias address-range $AddRanAlias 192.168.13.10 to 192.168.13.13
alias network-service $kerberos proto tcp 22 proto udp 389
alias vlan $VlanAlias 1
alias string $AREA Ecospace
alias string $IN-Blr-EcoSpace-Floor-4 IBEF4
alias encrypted-string $READ 2 /Mfbt1Et8XRhybKxfbd6JwAAAAZ9yrIYq7mNl4+gNNiiMIZI
alias hashed-string $PriMode 1 faffdde27cb49ad634ea20df4f7c8ef2685894d10ffcb1b2efba054112ecfc75
alias network-service $kerberos proto tcp 88 proto udp 389
nx9500-6C8809(config-profile-testap505)#

Related Commands

no Removes a specified alias configuration
9037762-01 Rev AA