Roles and Policies
15.5 Using Advanced Expressions in Role and VLAN Derivation Rules
SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
277
15.5
Using Advanced Expressions in Role and VLAN Derivation Rules
For complex policies of role and VLAN derivation using device DHCP fingerprints, you can
use a regular expression to match with the combined string of the MAC address and the
DHCP options. The combined string is formed by concatenating the hexadecimal
presentation of the MAC address and all of the DHCP options sent by a particular device.
The regular expression is a powerful pattern description language that can be used to
perform advanced pattern matching of the above string.
If the combined device fingerprint string matches the specified regular expression, the role or
VLAN can be set to the WLAN client.
The following table lists some of the most commonly used regular expressions, which can be
used in user role and user VLAN derivation rules:
Table 15- 1 Regular Expressions
Operator Description
.
Matches any character. For example, l..k matches lack, lark, link, lock, look, Lync, and so
on.
\
Matches the character that follows the backslash. For example, \192.\.0\.. matches IP
address ranges that start with 192.0, such as 192.0.1.1. The expression looks up only for
the single characters that match.
[ ]
Matches any one character listed between the brackets. For example, [bc]lock matches
block and clock.
\b
Matches the words that begin and end with the given expression. For example, \bdown
matches downlink, linkdown, shutdown.
\B
Matches the middle of a word. For example, \Bvice matches services, devices, serviceID,
deviceID, and so on.
^
Matches the characters at starting position in a string. For example, ^bcd matches bcde
or bcdf, but not abcd.
[^]
Matches any characters that are not listed between the brackets. For example, [^u]link
matches downlink, link, but not uplink.
?
Matches any one occurrence of the pattern. For example, ?est matches best, nest, rest,
test, and so on.
$
Matches the end of an input string. For example, eth$ matches Eth, but not Ethernet.
*
Matches the declared element multiple times if it exists. For example, eth* matches all
occurrences of eth, such as Eth, Ethernet, Eth0, and so on.
+
Matches the declared element one or more times. For example, aa+ matches occurrenc-
es of aa and aaa.
( )
Matches nested characters. For example, (192)* matches any number of the character
string 192.
|
Matches the character patterns on either side of the vertical bar. You can use this ex-
pression to construct a series of options.
\<
Matches the beginning of the word. For example, \<wire matches wired, wireless, and so
on.
\>
Matches the end of the word. For example, \>list matches blacklist, whitelist, and so on.
{n}
Where n is an integer. Matches the declared element exactly n times. For example,
{2}link matches uplink, but not downlink.
{n,}
Where n is an integer. Matches the declared element at n times. For example, {2,}ink
matches downlink, but not uplink.