Open as PDF
30 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
Wildcard Masks Security access control lists (ACLs) use source and
destination IP addresses and wildcard masks to determine whether the
WX filters or forwards IP packets. Matching packets are either permitted
or denied network access. The ACL checks the bits in IP addresses that
correspond to any 0s (zeros) in the mask, but does not check the bits that
correspond to 1s (ones) in the mask. You specify the wildcard mask in
dotted decimal notation.
For example, the address 10.0.0.0 and mask 0.255.255.255 match all IP
addresses that begin with 10 in the first octet.
The ACL mask must be a contiguous set of zeroes starting from the first
example, 0.255.255.255, 0.0.255.255, and 0.0.0.255 are valid
However, 0.255.0.255 is not a valid ACL mask.
User Globs, MAC
Address Globs, and
Name “globbing” is a way of using a wildcard pattern to expand a single
element into a list of elements that match the pattern. MSS accepts user
globs, MAC address globs, and VLAN globs. The order in which globs
appear in the configuration is important, because once a glob is matched,
processing stops on the list of globs
A user glob is shorthand method for matching an authentication,
authorization, and accounting (AAA) command to either a single user or
a set of users.
A user glob can be up to 80 characters long and cannot contain spaces or
tabs. The double-asterisk (**) wildcard characters with no delimiter
characters match all usernames. The single-asterisk (*) wildcard character
matches any number of characters up to, but not including, a delimiter
character in the glob. Valid user glob delimiter characters are the at (@)
sign and the period (.).
For example, in Table 3, the following globs identify the following users:
Table 3 User Globs
User Glob User(s) Designated
firstname.lastname@example.org User jose at example.com