Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Operators
The Rules editing interface in Policy Manager supports a rich set of operators. The type of operators presented are based on the data type of the attribute for which the operator is being used. Where the data type of the attribute is not known, the attribute is treated as a string type.
The following table lists the operators presented for common attribute data types:
|
Attribute Type |
Operators |
|
String |
BELONGS_TO NOT_BELONGS_TO
BEGINS_WITH NOT_BEGINS_WITH
CONTAINS NOT_CONTAINS
ENDS_WITH NOT_ENDS_WITH
EQUALS NOT_EQUALS
EQUALS_IGNORE_CASE NOT_EQUALS_IGNORE_CASE
EXISTS NOT_EXISTS NOT_MATCHES_REGEX Regular Expression. Regex refers to a sequence of symbols and characters defining a search pattern.
|
|
Integer |
BELONGS_TO NOT_BELONGS_TO
EQUALS NOT_EQUALS
EXISTS NOT_EXISTS
GREATER_THAN GREATER_THAN_OR_EQUALS
LESS_THAN LESS_THAN_OR_EQUALS |
|
Time or Date |
EQUALS NOT_EQUALS GREATER_THAN GREATER_THAN_OR_EQUALS LESS_THAN LESS_THAN_OR_EQUALS IN_RANGE |
|
Day |
BELONGS_TO NOT_BELONGS_TO |
|
List (Example: Role) |
EQUALS NOT_EQUALS
MATCHES_ALL NOT_MATCHES_ALL
MATCHES_ANY NOT_MATCHES_ANY
MATCHES_EXACT NOT_MATCHES_EXACT |
|
Group (Example: Calling-Station-Id, NAS Network Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. -IP-Address) |
BELONGS_TO_GROUP NOT_BELONGS_TO_GROUP |
The following table describes all operator types:
Table 2: Operator Descriptions
|
Operator |
Description |
|
BEGINS_WITH |
For string data type, true if the run-time value of the attribute begins with the configured value. Example: Radius:IETF:NAS-Identifier BEGINS_WITH "SJ-" |
|
BELONGS_TO |
For string data type, true if the run-time value of the attribute matches a set of configured string values. Example: Radius:IETF:Service-Type BELONGS_TO Login-User,Framed-User,Authenticate-Only For integer data type, true if the run-time value of the attribute matches a set of configured integer values. Example: Radius:IETF:NAS-Port BELONGS_TO 1,2,3 For day data type, true if run-time value of the attribute matches a set of configured days of the week. Example: Date:Day-of-Week BELONGS_TO MONDAY,TUESDAY,WEDNESDAY When Policy Manager is aware of the values that can be assigned to BELONGS_TO operator, it populates the value field with those values in a multi-select list box; you can select the appropriate values from the presented list. Otherwise, you must enter a comma separated list of values. |
|
BELONGS_TO_GROUP |
For group data types, true if the run-time value of the attribute belongs to the configured group (either a static host list or a network device group, depending on the attribute). Example: Radius:IETF:Calling-Station-Id BELONGS_TO_GROUP Printers. |
|
CONTAINS |
For string data type, true if the run-time value of the attribute is a substring of the configured value. Example: Radius:IETF:NAS-Identifier CONTAINS "VPN" |
|
ENDS_WITH |
For string data type, true if the run-time value of the attribute ends with the configured value. Example: Radius:IETF:NAS-Identifier ENDS_WITH "DEVICE" |
|
EQUALS |
True if the run-time value of the attribute matches the configured value. For string data type, this is a case-sensitive comparison. Example: Radius:IETF:NAS-Identifier EQUALS "SJ-VPN-DEVICE" |
|
EQUALS_IGNORE_CASE |
For string data type, true if the run-time value of the attribute matches the configured value, regardless of whether the string is upper case or lower case. Example: Radius:IETF:NAS-Identifier EQUALS_IGNORE_CASE "sj-vpn-device" |
|
EXISTS |
For string data type, true if the attribute exists. Checks only if the attribute exits or not, not the run-time value. This is a unary operator. Example: Radius:IETF:NAS-Identifier EXISTS |
|
GREATER_THAN |
For integer, time and date data types, true if the run-time value of the attribute is greater than the configured value. Example: Radius:IETF:NAS-Port GREATER_THAN 10 |
|
GREATER_THAN_OR_EQUALS |
For integer, time and date data types, true if the run-time value of the attribute is greater than or equal to the configured value. Example: Radius:IETF:NAS-Port GREATER_THAN_OR_EQUALS 10 |
|
IN_RANGE |
For time and date data types, true if the run-time value of the attribute is less than or equal to the first configured value and less than equal to the second configured value. Example: Date:Date-of-Year IN_RANGE 2007-06-06,2007-06-12 |
|
LESS_THAN |
For integer, time and date data types, true if the run-time value of the attribute is less than the configured value. Example: Radius:IETF:NAS-Port LESS_THAN 10 |
|
LESS_THAN_OR_EQUALS |
For integer, time and date data types, true if the run-time value of the attribute is less than or equal to the configured value. Example: Radius:IETF:NAS-Port LESS_THAN_OR_EQUALS 10 |
|
MATCHES_ALL |
For list data types, true if all of the run-time values in the list are found in the configured values. Example: Tips:Role MATCHES_ALL HR,ENG,FINANCE. In this example, if the run-time values of Tips:Role are HR,ENG,FINANCE,MGR,ACCT the condition evaluates to true. |
|
MATCHES_ANY |
For list data types, true if any of the run-time values in the list match one of the configured values. Example: Tips:Role MATCHES_ANY HR,ENG,FINANCE |
|
MATCHES_EXACT |
For list data types, true if all of the run-time values of the attribute match all of the configured values. Example: Tips:Role MATCHES_ALL HR,ENG,FINANCE. In this example, if the run-time values of Tips:Role are HR,ENG,FINANCE,MGR,ACCT the condition evaluates to false, because there are some values in the configured values that are not present in the run-time values. |
|
For string data type, true if the run-time value of the attribute matches the regular expression in the configured value. Example: Radius:IETF:NAS-Identifier MATCHES_REGEX sj-device[1-9]-dev* |
