Service Creation Using Groups and Rules
Rule Expression Components
A rule expression tells when to apply a rule. The action for the rule is always to place the ession in a group. This group is specified either by group add groupname, or group goupname for an existing group, or by including the optional group name parameter on the ommand line.
Expressions include IP addresses, subnets, MAC addresses, VLAN IDs, and SNMP nformation. These can be combined using operators such as NOT, AND, OR, and arentheses “ ( )”.
IP Address
Rules can include an IP address as well as an optional network mask.
ip=ip_address [,netmask]
Where
ip_address is a valid IP.
netmask is a valid network mask (e.g., 255.255.255.0).
For example:
ip=123.123.123.123 matches the single IP address 123.123.123.123 ip=123.123.123.0,255.255.255.0 matches any IP address from 123.123.123.1 to 123.123.123.254.
MAC Address
Rules can include a single MAC address or a MAC address with some wildcard bytes. Every Ethernet card or embedded Ethernet device has a unique MAC address. This is normally printed on the material accompanying the device. It is also available through the configuration interface in most common desktop operating systems.
mac=mac_addrmac_pattern
Where
mac_addr is a MAC address written with 6 hexidecimal digits separated by colons. mac_pattern is a partial MAC address written as 6 hexidecimal digits separated by colons, but with some hex values replaced by the “*” character.
For example:
mac=00:11:22:33:44:55 matches a unique computer/card with the MAC address 00:11:22:33:44:55.
mac=00:11:22:*:*:* matches any unique computer/card with a MAC address whose first 3 digits are 00:11:22. For example, 00:11:22:33:44:55, or 00:11:22:FF:3D:09, or 00:11:22:DE:AD:BF.
TUT Systems, Inc | Page 65 of 104 | P/N |