Wildcards

In addition, parameter configuration is facilitated by the availability of wildcards (.*) in the OAM subtree and for commands such as ping, traceroute and mtrace. For example, consider the following command:

ping <ip-address> router 10

Instead of listing all the permitted IP addresses in the policy, as shown in the following example,

match ping <10.0.0.1> router <10>
action permit
match ping <10.0.0.2> router <10>
action permit

The wildcard<ip-address> parameter allows a simpler search criterion. In the following example, the use of <.*> wildcard enables the ability to ping any address in the router 10 context, that is, any address in VRF 10: 

match ping <.*> router <10> 
action permit
Note: While wildcards are available and allowed for all parameters in the OAM subtree, Nokia recommends that caution is exercised when using wildcards and limit their use to commands such as ping, traceroute, and mtrace. The use of wildcards in specific formats may be a security concern and result in making the IP addresses in the VRF, including the base routing table, unreachable. Or it could allow the customer to ping any IP address in the VRF, including the base routing table. This may be a potential security concern and should be avoided.

For example, the following usage is not advised:

match ping <.*> router <.*> 
action permit
Parent topic: Configuring local command authorization profiles