Specify IP addresses and ranges

The pop modify set ipauth command specifies a network or network range and the required authentication level in the POP. The network (or network range) can be an IP version 4 (IPv4) or an IP version 6 (IPv6) address. When adding addresses to a POP, IPv4 addresses must be specified in IPv4 format, due to limitations in the operating system functions provided to ISAM.

All POPs have an anyothernw (any other network) IP entry whose default authentication level is 0. The anyothernw entry applies to all networks not specified in the POP. Authentication level 0 adds no additional requirement for authentication. The anyothernw authentication level can be modified to a non-zero number or to forbidden. The anyothernw entry appears in a POP as Any Other Network in the output of the pop show command:

pdadmin sec_master> pop show poptest1

       Protected object policy: poptest1
       Description: Test POP
       Warning: no
       Audit level: none
       Quality of protection: none
       Time of day access: sun, mon, tue, wed, thu, fri, sat:
            anytime:local
       IP Endpoint Authentication Method Policy
           Any Other Network 0

We might need more information about setting the IP authentication mechanism with the pop modify command. See the IBM Security Verify Access for Web: Command Reference.

• Add IP entries
  The pdadmin pop modify set ipauth add command specifies the network (or network range). The command also specifies the required authentication level in the IP endpoint authentication method attribute. We might need to add IP entries to a POP.
• Delete IP entries
  The pdadmin pop modify set ipauth remove command disables authorization requirements for IP addresses that were previously added to a POP.

Parent topic: Configure POP attributes