Generic IP addresses for channel authentication records

In the various commands that create and display channel authentication records, we can specify certain parameters as either a single IP address or a pattern to match a set of IP addresses.

When you create a channel authentication record, using the MQSC command SET CHLAUTH or the PCF command Set Channel Authentication Record, we can specify a generic IP address in various contexts. We can also specify a generic IP address in the filter condition when you display a channel authentication record using the commands DISPLAY CHLAUTH or Inquire Channel Authentication Records.

We can specify the address in any of the following ways:

• a single IPv4 address, such as 192.0.2.0
• a pattern based on an IPv4 address, including an asterisk (*) as a wildcard. The wildcard represents one or more parts of the address, depending on context. For example, the following values are all valid:
  • 192.0.2.*
  • 192.0.*
  • 192.0.*.2
  • 192.*.2
  • *
• a pattern based on an IPv4 address, including a hyphen (-) to indicate a range, for example 192.0.2.1-8
• a pattern based on an IPv4 address, including both an asterisk and a hyphen, for example 192.0.*.1-8
• a single IPv6 address, such as 2001:DB8:0:0:0:0:0:0
• a pattern based on an IPv6 address including an asterisk (*) as a wildcard. The wildcard represents one or more parts of the address, depending on context. For example, the following values are all valid:
  • 2001:DB8:0:0:0:0:0:*
  • 2001:DB8:0:0:0:*
  • 2001:DB8:0:0:0:*:0:1
  • 2001:*:1
  • *
• a pattern based on an IPv6 address, including a hyphen (-) to indicate a range, for example 2001:DB8:0:0:0:0:0:0-8
• a pattern based on an IPv6 address, including both an asterisk and a hyphen, for example 2001:DB8:0:0:0:*:0:0-8

If your system supports both IPv4 and IPv6, we can use either address format. IBM MQ recognizes IPv4 mapped addresses in IPv6.

Certain patterns are invalid:

• A pattern cannot have fewer than the required number of parts, unless the pattern ends with a single trailing asterisk. For example 192.0.2 is invalid, but 192.0.2.* is valid.
• A trailing asterisk must be separated from the rest of the address by the appropriate part separator (a dot (.) for IPv4, a colon (:) for IPv6). For example, 192.0* is not valid because the asterisk is not in a part of its own.
• A pattern may contain additional asterisks provided that no asterisk is adjacent to the trailing asterisk. For example, 192.*.2.* is valid, but 192.0.*.* is not valid.
• An IPv6 address pattern cannot contain a double colon and a trailing asterisk, because the resulting address would be ambiguous. For example, 2001::* could expand to 2001:0000:*, 2001:0000:0000:* and so on