I am trying to create and automatic groups for machines on a 10.128.16.0/20 network, but I need to separate them by the 3rd octet. Below is what I have. Is there a better way?
(it as string starts with “10.128.5.” OR it as string starts with “10.128.7.” OR it as string starts with “10.128.2.”) of addresses whose (it as string does not equal “127.0.0.1”) of ip interfaces of network
Hi,
You shouldn’t need to eliminate the 127.0.0.1 IP because your (it as string starts with "10.128.5." OR it as string starts with "10.128.7." OR it as string starts with "10.128.2.") already excludes those.
Are you doing a ton of these and that’s why you’re looking for a better way? There are certainly different ways to do this but im not sure how much better they will be! The way you have it right now is relatively simple and there is nothing wrong with that!
The only note i’d have is if you convert the addresses to strings first: (it as string) of addresses of ip interfaces of network then when you do comparisons you dont have to cast them to strings
(it starts with "10.128.5." OR it starts with "10.128.7." OR it starts with "10.128.2.") of (it as string) of addresses of ip interfaces of networkNothing at all wrong with these methods, just throwing out a couple of more options.
If you do have a ton of these to do, I’d look at the Location Property Wizard. You can keep your subnets or address ranges in a text file, and copy/paste them into the wizard. The text file would map subnets to a property value and create a policy action to set the value on the client, then you can create groups based on the property value. This makes updates easier when you add or change subnets.
If doing it manually, I like to take advantage of the fact that an IPv4 address can be cast to a Version type for easier comparison…
exists (addresses of ip interfaces of network as string as version) whose (it = version "10.128.5" or it= version "10.128.2" or it=version "10.128.7")
Another method, if you have more subnets to compare you can use sets…
exists (preceding texts of lasts "." of addresses of ip interfaces of network as string ) whose (it is contained by set of ("10.138.2";"10.128.5";"10.128.7"))
exists (preceding texts of lasts “.” of addresses of ip interfaces of network as string ) whose (it is contained by set of (“10.138.2”;“10.128.5”;“10.128.7”))
This relevance returns an error: the property lasts (string) of (ipv4 address) is not defined.
Parenthesis are needed around (addresses of ip interfaces of network as string). I guess because it separates the result as a string.
exists (preceding texts of lasts “.” of (addresses of ip interfaces of network as string)) whose (it is contained by set of (“10.138.2”;“10.128.5”;“10.128.7”))
You could use the cidr inspector, I believe
Q: cidr addresses of adapters of network
A: 10.255.34.25/20
A: 127.0.0.1/8
T: 613
Q: exists cidr address whose (it contains "10.255.34.*/20") of adapters of network
A: False
T: 413
Q: exists cidr address whose (it contains "10.255.34" and it contains "/20") of adapters of network
A: True
T: 378Hi,
For anyone reading this in the future… he is looking to separate out /24 segments within the /20 network. The segments are not real segments in the network. This is normally not required but the OP may have some logical ranges within the network he’d like to tease out.
For anyone looking to just use their network ranges as they are defined please follow @mlynch example of how to use cidr as it’s much easier 