Service Creation Using Groups and Rules
TUT Systems, Inc Page 65 of 104 P/N 220-06288-20
Rule Expression Components
A rule expression tells when to apply a rule. The action for the rule is always to place the
ession in a group. This group is specified either by group add groupname, or group
goupname for an existing group, or by including the optional group name parameter on
the ommand line.
Expressions include IP addresses, subnets, MAC addresses, VLAN IDs, and SNMP
nformation. These can be combined using operators such as NOT, AND, OR, and
arentheses “ ( )”.
IP Address
Rules can include an IP address as well as an optional network mask.
ip=
ip_address [,netmask]
Where
ip_address is a valid IP.
netmask is a valid network mask (e.g., 255.255.255.0).
For example:
ip=123.123.123.123 matches the single IP address 123.123.123.123
ip=123.123.123.0,255.255.255.0 matches any IP address from 123.123.123.1 to
123.123.123.254.
MAC Address
Rules can include a single MAC address or a MAC address with some wildcard bytes.
Every Ethernet card or embedded Ethernet device has a unique MAC address. This is
normally printed on the material accompanying the device. It is also available through the
configuration interface in most common desktop operating systems.
mac=
mac_addr|mac_pattern
Where
mac_addr is a MAC address written with 6 hexidecimal digits separated by colons.
mac_pattern is a partial MAC address written as 6 hexidecimal digits separated by
colons, but with some hex values replaced by the “*” character.
For example:
mac=00:11:22:33:44:55 matches a unique computer/card with the MAC address
00:11:22:33:44:55.
mac=00:11:22:*:*:* matches any unique computer/card with a MAC address whose first
3 digits are 00:11:22. For example, 00:11:22:33:44:55, or 00:11:22:FF:3D:09, or
00:11:22:DE:AD:BF.