Service Creation Using Groups and Rules
TUT Systems, Inc
Page 65 of 104
P/N
220-06288-20
Rule Expression Components
A rule expression tells when to apply a rule. The action for the rule is always to place the
ession in a group. This group is specified either by
group add
groupname
, or
group
goupname
for an existing group, or by including the optional group name parameter on
the ommand line.
Expressions include IP addresses, subnets, MAC addresses, VLAN IDs, and SNMP
nformation. These can be combined using operators such as NOT, AND, OR, and
arentheses “ ( )”.
IP Address
Rules can include an IP address as well as an optional network mask.
ip=
ip_address
[,
netmask
]
Where
ip_address
is a valid IP.
netmask
is a valid network mask (e.g., 255.255.255.0).
For example:
ip=123.123.123.123 matches the single IP address 123.123.123.123
ip=123.123.123.0,255.255.255.0 matches any IP address from 123.123.123.1 to
123.123.123.254.
MAC Address
Rules can include a single MAC address or a MAC address with some wildcard bytes.
Every Ethernet card or embedded Ethernet device has a unique MAC address. This is
normally printed on the material accompanying the device. It is also available through the
configuration interface in most common desktop operating systems.
mac=
mac_addr
|
mac_pattern
Where
mac_addr
is a MAC address written with 6 hexidecimal digits separated by colons.
mac_pattern
is a partial MAC address written as 6 hexidecimal digits separated by
colons, but with some hex values replaced by the “*” character.
For example:
mac=00:11:22:33:44:55 matches a unique computer/card with the MAC address
00:11:22:33:44:55.
mac=00:11:22:*:*:* matches any unique computer/card with a MAC address whose first
3 digits are 00:11:22. For example, 00:11:22:33:44:55, or 00:11:22:FF:3D:09, or
00:11:22:DE:AD:BF.