Generic IP addresses for channel authentication records

In the various commands that create and display channel authentication records, we can specify certain parameters as either a single IP address or a pattern to match a set of IP addresses.

When you create a channel authentication record, using the MQSC command SET CHLAUTH or the PCF command Set Channel Authentication Record, we can specify a generic IP address in various contexts. We can also specify a generic IP address in the filter condition when you display a channel authentication record using the commands DISPLAY CHLAUTH or Inquire Channel Authentication Records.

We can specify the address in any of the following ways:

  • a single IPv4 address, such as 192.0.2.0
  • a pattern based on an IPv4 address, including an asterisk (*) as a wildcard. The wildcard represents one or more parts of the address, depending on context. For example, the following values are all valid:

    • 192.0.2.*
    • 192.0.*
    • 192.0.*.2
    • 192.*.2
    • *

  • a pattern based on an IPv4 address, including a hyphen (-) to indicate a range, for example 192.0.2.1-8
  • a pattern based on an IPv4 address, including both an asterisk and a hyphen, for example 192.0.*.1-8
  • a single IPv6 address, such as 2001:DB8:0:0:0:0:0:0
  • a pattern based on an IPv6 address including an asterisk (*) as a wildcard. The wildcard represents one or more parts of the address, depending on context. For example, the following values are all valid:

    • 2001:DB8:0:0:0:0:0:*
    • 2001:DB8:0:0:0:*
    • 2001:DB8:0:0:0:*:0:1
    • 2001:*:1
    • *

  • a pattern based on an IPv6 address, including a hyphen (-) to indicate a range, for example 2001:DB8:0:0:0:0:0:0-8
  • a pattern based on an IPv6 address, including both an asterisk and a hyphen, for example 2001:DB8:0:0:0:*:0:0-8

If the system supports both IPv4 and IPv6, we can use either address format. IBM MQ recognizes IPv4 mapped addresses in IPv6.

Certain patterns are invalid:

  • A pattern cannot have fewer than the required number of parts, unless the pattern ends with a single trailing asterisk. For example 192.0.2 is invalid, but 192.0.2.* is valid.
  • A trailing asterisk must be separated from the rest of the address by the appropriate part separator (a dot (.) for IPv4, a colon (:) for IPv6). For example, 192.0* is not valid because the asterisk is not in a part of its own.
  • A pattern may contain additional asterisks provided that no asterisk is adjacent to the trailing asterisk. For example, 192.*.2.* is valid, but 192.0.*.* is not valid.
  • An IPv6 address pattern cannot contain a double colon and a trailing asterisk, because the resulting address would be ambiguous. For example, 2001::* could expand to 2001:0000:*, 2001:0000:0000:* and so on

Parent topic: SET CHLAUTH


Related information