Forum Discussion
Michael_Yates
Nov 07, 2011Nimbostratus
Hi Arie,
I have a class that contains a list of IP addresses with a netmask (/x). Initially I tried:
if { !( [ class match [IP::client_addr] equals class_CampusIPaddresses ] ) } {
However, that seems to work for 'straight' addresses only (i.e. without netmasks).
You are going to want to use your first working example because it takes the Client IP Address and determines if it would be contained in one of the networks within your subnets listed in "class_CampusIPaddresses".
It would be a huge assumption to guess the Subnet Mask of an incoming Client IP Address and make an exact match in a Data Group. It's easier to just see if it would be contained in one of the subnets in the Data Group (If so, do this....If not, do something else).
The reason your second example failed is due to the missing argument (the Client IP Subnet Mask): IP::addr
Hope this helps.