You must use the form user@host, or user@IP - mark@*.webmaster.com, *@shell.org, *@127.0.0.1 are all valid where 10.25.12.10 and *.webchat.org wouldn't be valid because they're missing the userid portion of the mask. You can use the * to replace segments of the hostname or IP address and you can also use a ? to replace a single letter or number in a hostmask. Like *@office??.webmaster.com.
/as oper webmaster access add *@*.webmaster.com
The access mask is checked and if it doesn't match then even if you enter in the correct password the user will not be allowed to gain operator status.