Calculating the mask for ip access control, Mask – Adder Technology AdderView CATx EPS-S8 User Manual





























0

Calculating the mask for IP access control

The.IP.access.control.function.uses.a.standard.IP.address.and.a.net.mask.
notation.to.specify.both.single.locations.and.ranges.of.addresses..In.order.to.
use.this.function.correctly,.you.need.to.calculate.the.mask.so.that.it.accurately.
encompasses.the.required.address(es).

Single locations
Some.of.the.simplest.addresses.to.allow.or.deny.are.single.locations..In.this.case.
you.enter.the.required.IP.address.into.the.‘Network/Address’.field.and.simply.
enter.the.‘Mask’.as.

255.255.255.255.(255 used throughout the mask means

that every bit of the address will be compared and so there can only be one
unique address to match the one stated in the ‘Network/Address’ field).

All locations
The.other.easy.setting.to.make.is.ALL.addresses,.using.the.mask.

0.0.0.0..As.

standard,.the.IP.access.control.section.includes.the.entry:.+

0.0.0.0/0.0.0.0

The.purpose.of.this.entry.is.to.include.all.IP.addresses..It.is.possible.to.similarly.
exclude.all.addresses,.however,.take.great.care.not.to.do.this.as.you.instantly.
render.all.network.access.void..There.is.a.

recovery procedure

.should.this.occur..

Address ranges
Although.you.can.define.ranges.of.addresses,.due.to.the.way.that.the.mask.
operates,.there.are.certain.restrictions.on.the.particular.ranges.that.can.be.set..
For.any.given.address.you.can.encompass.neighbouring.addresses.in.blocks.of.
either.2,.4,.8,.16,.32,.64,.128,.etc..and.these.must.fall.on.particular.boundaries..
For.instance,.if.you.wanted.to.define.the.local.address.range:.
192.168.142.67 to 192.168.142.93.
The.closest.single.block.to.cover.the.range.would.be.the.32.addresses.from:.
192.168.142.64 to 192.168.142.95..
The.mask.needed.to.accomplish.this.would.be:.

255.255.255.224..

When.you.look.at.the.mask.in.binary,.the.picture.becomes.a.little.clearer..The.
above.mask.has.the.form:.

11111111.11111111.11111111.

11100000

.

Ignoring.the.initial.three.octets,.the.final.six.zeroes.of.the.mask.would.ensure.
that.the.32.addresses.from..64.(01000000).to..95.(01011111).would.all.be.
treated.in.the.same.manner..See.

Net masks - the binary explanation

.for.

details........
When.defining.a.mask,.the.important.rule.to.remember.is:

There must be no ‘ones’ to the right of a ‘zero’..

For.instance,.(ignoring.the.first.three.octets).you.could.not.use.a.mask.that.had.

11100110

because.this.would.affect.intermittent.addresses.within.a.range.in.an.

impractical.manner..The.same.rule.applies.across.the.octets..For.example,.if.you.
have.zeroes.in.the.third.octet,.then.all.of.the.fourth.octet.must.be.zeroes..

The.permissible.mask.values.(for.all.octets).are.as.follows:.

Mask octet

Binary

Number of addresses encompassed

255

11111111

1 address

254

11111110.

2 addresses.

252

11111100.

4 addresses

248

11111000.

8 addresses

240

11110000.

16 addresses

224

11100000.

32 addresses

192

11000000.

64 addresses

128

10000000.

128 addresses

0

00000000.

256 addresses

If.the.access.control.range.that.you.need.to.define.is.not.possible.using.one.
address.and.one.mask,.then.you.could.break.it.down.into.two.or.more.entries..
Each.of.these.entries.could.then.use.smaller.ranges.(of.differing.sizes).that,.
when.combined.with.the.other.entries,.cover.the.range.that.you.require.
For.instance,.to.accurately.encompass.the.range.in.the.earlier.example:
192.168.142.67 to 192.168.142.93.
You.would.need.to.define.the.following.six.address.and.mask.combinations.in.
the.IP.access.control.section:

Network/address entry Mask entry

192.168.142.67

255.255.255.255

defines 1 address (.67)

192.168.142.68

255.255.255.252

defines 4 addresses (.68 to .71)

192.168.142.72

255.255.255.248

defines 8 addresses (.72 to .79)

192.168.142.80

255.255.255.248

defines 8 addresses (.80 to .87)

192.168.142.88

255.255.255.252

defines 4 addresses (.88 to .92)

192.168.142.93

255.255.255.255

defines 1 address (.93)