Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

SUBNET - define IP subnets

For UTM applications IP subnets can be generated.

The generation of subnets allows

  • to restrict access to the UTM-application to communication partners from a particular IP address range
  • to suppress name resolution via DNS for communication partners from a particular IP address range. IP addresses from an address range thus defined can consequently be assigned a permanent name (so-called "mapped name"). This assignment is only effective for an external connection request.

Multiple IP subnets can be defined for a UTM application. In the case of an external connection request they are evaluated in the order in which they are defined in the KDCDEF input. IPv4 addresses are compared only with IPv4 subnet addresses and IPv6 addresses only with IPv6 subnet addresses.

SUBNETmapped_name
[ ,BCAMAPPL=local_appliname]
{ ,IPV4-SUBNET=X'ipv4_addr' | IPV6-SUBNET=X'ipv6_addr' }
[ ,RELEVANT-BITS=number ]
[ ,RESOLVE-NAMES=YES | NO ] 

mapped_name 

Name for the subnet, up to 8 characters long.
The name specified as mapped_name must begin with the character "*" (asterisk) and be defined as PRONAM in a TPOOL statement.
The string "*ANY" may not, however, be specified as mapped_name, i.e. subnets are not supported in conjunction with TPOOL PRONAM=*ANY.
The mapped_name must be unique, i.e. the same mapped_name may not be specified in more than one SUBNET statement.

BCAMAPPL= 

local_appliname

Name of a local UTM application as defined with MAX ...,APPLINAME= or in a BCAMAPPL statement.
local_appliname must be specified in BCAMAPPL= in the TPOOL statement, i.e. the TPOOL is assigned to the subnet via the name pair specified in the SUBNET statement comprising mapped_name and local_appliname.

Default: name, specified under MAX...,APPLINAME=.

Only connections which are set up to the application name defined with BCAMAPPL are assigned to the TPOOL which is allocated to the SUBNET. In this case no name resolution takes place by means of DNS.

Connections which come from the same subnet but are set up using a different application name are treated like normal connections. In other words, for these connections the host name is resolved by means of DNS, and the host name thus ascertained is used for assignment to the generated partner.

This enables, for instance, both UPIC partners and also other partners from the same subnet to sign on to a UTM application:

  • At connection setup the UPIC partners specify the BCAMAPPL name which was defined in the SUBNET statement, and are assigned to the TPOOL.
  • Other partners from this subnet, such as LU6.1 partners, specify a different local application name for connection setup.

IPV4-SUBNET=
IPV6-SUBNET=

X‘ipv4_addr‘ or X‘ipv6_addr‘ respectively

IPv4 or IPv6 subnet address from whose range connections are to be mapped to the mapped_name.

The address is specified as a hexadecimal string.
Either IPV4-SUBNET or IPV6-SUBNET must be specified. The simultaneous specification of IPV4-SUBNET and IPV6-SUBNET is not permitted.

RELEVANT-BITS=

number

Number of relevant bits for the subnet address (subnet mask). If an IP address which is to be checked has the same number of relevant bits in the subnet mask as a defined subnet mask, the IP address is mapped to the mapped_name.

Possible values:
IPv4 subnets: 1 ... 32
IPv6 subnets: 1 ... 128

Default:
IPv4 subnets: 24
IPv6 subnets: 64

RESOLVE-NAMES

The RESOLVE-NAMES parameter can be used to specify whether a DNS name resolution is to be used for connections that are established from this subnet.

If name resolution is used, the real processor name of the communication partner is displayed via the administration interface and in messages. Otherwise, the name of the subnet is displayed instead of the processor name.

Default on BS2000 systems: YES
Default on Unix, Linux and Windows systems: NO





Powered by Atlassian Confluence and Scroll Viewport.