[tac_plus] IP block with net mask instead of regex in acl
Asif Iqbal
vadud3 at gmail.com
Thu Jun 9 23:28:16 UTC 2011
Is there a way to define a ip block with netmasks instead of regex in
tacacs+ config?
I looked through the tac_plus mailing list
www.shrubbery.net/pipermail/tac_plus with avail
So instead of doing it like this
acl = foo_acl {
deny = 192.168.0.([12][0-9]|[3][01])$ <== not sure if it is correct
permit = .*
}
I wonder if there is way to add the above snippet like below
acl = foo_acl {
deny = 192.168.0.0/27 # or 192.168.0.0 mask 255.255.255.224
permit = .*
}
So much easier to manage network list with subnet masking option than regex.
Thanks
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
More information about the tac_plus
mailing list