Generic IP addresses for channel authentication records
In the various commands that create and display channel authentication records, we can specify certain parameters as either a single IP address or a pattern to match a set of IP addresses.
When you create a channel authentication record, using the MQSC command SET CHLAUTH or the PCF command Set Channel Authentication Record, we can specify a generic IP address in various contexts. We can also specify a generic IP address in the filter condition when you display a channel authentication record using the commands DISPLAY CHLAUTH or Inquire Channel Authentication Records.
We can specify the address in any of the following ways:- a single IPv4 address, such as 192.0.2.0
- a pattern based on an IPv4 address, including an asterisk (*) as a wildcard. The wildcard represents one or more parts of the address, depending on context. For example, the following values are all valid:
- 192.0.2.*
- 192.0.*
- 192.0.*.2
- 192.*.2
- *
- a pattern based on an IPv4 address, including a hyphen (-) to indicate a range, for example 192.0.2.1-8
- a pattern based on an IPv4 address, including both an asterisk and a hyphen, for example 192.0.*.1-8
- a single IPv6 address, such as 2001:DB8:0:0:0:0:0:0
- a pattern based on an IPv6 address including an asterisk (*) as a wildcard. The wildcard represents one or more parts of the address, depending on context. For example, the following values are all valid:
- 2001:DB8:0:0:0:0:0:*
- 2001:DB8:0:0:0:*
- 2001:DB8:0:0:0:*:0:1
- 2001:*:1
- *
- a pattern based on an IPv6 address, including a hyphen (-) to indicate a range, for example 2001:DB8:0:0:0:0:0:0-8
- a pattern based on an IPv6 address, including both an asterisk and a hyphen, for example 2001:DB8:0:0:0:*:0:0-8
If the system supports both IPv4 and IPv6, we can use either address format. IBM MQ recognizes IPv4 mapped addresses in IPv6.
Certain patterns are invalid:- A pattern cannot have fewer than the required number of parts, unless the pattern ends with a single trailing asterisk. For example 192.0.2 is invalid, but 192.0.2.* is valid.
- A trailing asterisk must be separated from the rest of the address by the appropriate part separator (a dot (.) for IPv4, a colon (:) for IPv6). For example, 192.0* is not valid because the asterisk is not in a part of its own.
- A pattern may contain additional asterisks provided that no asterisk is adjacent to the trailing asterisk. For example, 192.*.2.* is valid, but 192.0.*.* is not valid.
- An IPv6 address pattern cannot contain a double colon and a trailing asterisk, because the resulting address would be ambiguous. For example, 2001::* could expand to 2001:0000:*, 2001:0000:0000:* and so on
Parent topic: SET CHLAUTH
Related information