Previous Topic: Specifying Terminal Addresses for the requester VariableNext Topic: Specifying a Subnet Mask in Decimal Notation


Specifying a Subnet Mask for IPV4 Addresses

Dividing your TCP/IP network in subnets is useful for security and performance reasons. Terminals belong to the same subnet when their IPV4 addresses all have the same values for the network portion of the IPV4 address. For example, all terminals whose IPV4 addresses start with 10.0.80 are part of the same subnet. A subnet mask determines what subnet an IPV4 address belongs to.

When creating rules, you can append a subnet mask to the IPV4 address (the requester variable). This represents a mask value to be ANDed with both the IPV4 address specified on the rule and the TCP/IP user’s IPV4 address before CA VM:Secure compares them. Use a plus (+) character to separate the requester value from the mask on a rule.

Example

Your system uses an IPV4 subnet with the following requirements:

To satisfy your security requirements, add the following rules to the VTAM user rules file:

ACCEPT 199.10.89.1 DIAL (IPADDR
ACCEPT 10.128.0.0+255.128.0.0 DIAL (IPADDR
REJECT * DIAL (IPADDR

where 255.128.0.0 is the subnet mask.

The subnet mask can be broken down in this manner:

Based on the rules shown above: