Here's a tidbit I got from dev:
You only need to convert one side to be a network and then it will mask both with that same network mask to see if it’s on the same network. So, either of these should be sufficient:
[IP::addr [IP::addr [IP::client_addr] mask 255.255.255.0] equals [LB::server addr]]
or
[IP::addr [IP::client_addr] equals [IP::addr [LB::server addr] mask 255.255.255.0]]
It would be nice to add an option to IP::addr for a mask to apply. As in:
[IP::addr –prefixlen 24 [IP::client_addr] equals [LB::server addr]]
or
[IP::addr –mask 255.255.255.0 [IP::client_addr] equals [LB::server addr]]
There's a request for enhancement for an option like the last two:
BZ376898: RFE improve IP::addr command to allow for simpler subnet comparison using prefixes
Aaron