Black Box ServSwitchTM manual Calculating the mask for IP access control, Single locations

Page 66

Calculating the mask for IP access control

The IP access control function uses a standard IP address and a net mask notation to specify both single locations and ranges of addresses. In order to use this function correctly, you need to calculate the mask so that it accurately encompasses the required address(es).

Single locations

Some of the simplest addresses to allow or deny are single locations. In this case you enter the required IP address into the ‘Network/Address’ field and simply enter the ‘Mask’ as 255.255.255.255 (255 used throughout the mask means that every bit of the address will be compared and so there can only be one unique address to match the one stated in the ‘Network/Address’ field).

All locations

The other easy setting to make is ALL addresses, using the mask 0.0.0.0 As standard, the IP access control section includes the entry: +0.0.0.0/0.0.0.0 The purpose of this entry is to include all IP addresses. It is possible to similarly exclude all addresses, however, take great care not to do this as you instantly render all network access void. There is a recovery procedure should this occur.

Address ranges

Although you can define ranges of addresses, due to the way that the mask operates, there are certain restrictions on the particular ranges that can be set. For any given address you can encompass neighbouring addresses in blocks of either 2, 4, 8, 16, 32, 64, 128, etc. and these must fall on particular boundaries. For instance, if you wanted to define the local address range:

192.168.142.67 to 192.168.142.93

The closest single block to cover the range would be the 32 addresses from:

192.168.142.64 to 192.168.142.95.

The mask needed to accomplish this would be: 255.255.255.224

When you look at the mask in binary, the picture becomes a little clearer. The above mask has the form: 11111111.11111111.11111111.11100000

Ignoring the initial three octets, the final six zeroes of the mask would ensure that the 32 addresses from .64 (01000000) to .95 (01011111) would all be treated in the same manner. See Net masks - the binary explanation for details.

When defining a mask, the important rule to remember is:

There must be no ‘ones’ to the right of a ‘zero’.

For instance, (ignoring the first three octets) you could not use a mask that had 11100110 because this would affect intermittent addresses within a range in an impractical manner. The same rule applies across the octets. For example, if you have zeroes in the third octet, then all of the fourth octet must be zeroes.

The permissible mask values (for all octets) are as follows:

Mask octet

Binary

Number of addresses encompassed

255

11111111

1 address

254

11111110

2 addresses

252

11111100

4 addresses

248

11111000

8 addresses

240

11110000

16 addresses

224

11100000

32 addresses

192

11000000

64 addresses

128

10000000

128 addresses

0

00000000

256 addresses

If the access control range that you need to define is not possible using one address and one mask, then you could break it down into two or more entries. Each of these entries could then use smaller ranges (of differing sizes) that, when combined with the other entries, cover the range that you require.

For instance, to accurately encompass the range in the earlier example:

192.168.142.67 to 192.168.142.93

You would need to define the following six address and mask combinations in the IP access control section:

Network/address entry

Mask entry

 

192.168.142.67

255.255.255.255

defines 1 address (.67)

192.168.142.68

255.255.255.252

defines 4 addresses (.68 to .71)

192.168.142.72

255.255.255.248

defines 8 addresses (.72 to .79)

192.168.142.80

255.255.255.248

defines 8 addresses (.80 to .87)

192.168.142.88

255.255.255.252

defines 4 addresses (.88 to .92)

192.168.142.93

255.255.255.255

defines 1 address (.93)

®

   



65

Page 65 Page 67
Image 66
Page 65 Page 67
Contents ServSwitch Wizard IP Plus Contents Index Introduction Wizard IP Plus features front and rear VNC links. Check with Black Box for availabilityWhat’s in the box What you may additionally need CD-ROMMounting Single unit rack bracketsDouble unit rack brackets Single host computer or many? ConnectionsHost computer links Keyboard and mouse To make a keyboard and mouse linksDigital video link Host computer links VideoTo make a video link Analogue video linkTo make an audio link Host computer links AudioHost computer links Virtual Media To make an Virtual Media linkLocal console. Why? Local console connections Keyboard and mouseTo connect a local keyboard and mouse PS/2 style keyboard and mouse connectionsLocal console connections Video To connnect a local video monitorAnalogue video link Digital video link To connect local speakers Local console connections AudioIP network port To connect the IP network portModem/ISDN port Power supply connectionTo connect the power supply To connect a modem or Isdn portPower control port To connect and address the switch boxesPart 1 Local configuration Initial configurationPart 1 Local configuration Part 2 Remote configurationTime and Date To perform the initial local configurationAdmin password EncryptionViewer encryption settings Encryption settingsWizard IP Plus encryption settings EncryptionHot plugging and mouse restoration Which restore setting do I use?To restore mouse operation when hot plugging Recognising an IntelliMouse-style mouseTo invoke a configuration reset by switch Resetting the configurationWizard IP Plus asks for an unknown admin password Wizard IP Plus does not display the configuration sequencePart 2 Remote configuration To perform the remote configurationPositioning Wizard IP Plus in the network Networking issuesPort settings Placing Wizard IP Plus behind a router or firewallDNS addressing AddressingTo discover a DHCP-allocated IP address Firewall/router addressPlacing Wizard IP Plus alongside the firewall Ensuring sufficient securityPorts To configure the power sequences for each host computer Power switching configurationPower control sequences To control two or more ports simultaneouslyKvmadmin -getconfig kvm1.cfg Kvmadmin utilityKvmadmin command ip address parameters Kvmadmin -setusers users.csvConfigure network option Performing a flash upgradeTo perform a flash upgrade Important Wait until the upgrade is completeLocal connection Connecting to the Wizard IP PlusThen please contact the system administrator for details To make a local connectionRemote connections To avoid the ‘hall of mirrors’ effectRemote connection by VNC viewer To connect using the VNC viewerTo connect using your Web browser Remote connection by Web browserUsing the viewer window When using the viewer windowMenu bar Host selection ConfigureMouse pointers To select a hostAuto calibrate Access mode shared/privatePower control Re-synchronise mouseResync Mouse Single Mouse ModeControls Refresh ScreenKeyboard Control When entering codesVideo Settings InfoSetting the Threshold manually When the screen contains only host system informationIncreased by 50% when a slow link is detected PhaseVirtual Media To remotely transfer files to a host computerConnecting via dial up modem or Isdn link Downloading VNC viewer from the Wizard IP PlusIf you need to enter a port number Windows Viewer encryption settingsSupported web browsers LinuxGetting assistance TroubleshootingWhen logging on using VNC viewer, I cannot enter a username UK +44 0118 965Appendix 1 Local configuration menus To access the local configuration menusUnit configuration Network configuration Modem configuration Reset configuration To reset the Wizard IP Plus configurationClear IP access control What is IP access control?To clear IP access control Auto select Appendix 2 VNC viewer connection optionsColour/Encoding Preferred encodingInputs Enable all inputsDisable all inputs view-only mode CustomiseScaling MiscIdentities Defaults ReloadDefaults Save Load / SaveAppendix 3 VNC viewer window options Appendix 4 Browser viewer options Encoding and colour levelSecurity Appendix 5 Remote configuration menus To access the remote configuration menusMain configuration menu Logged on users User accounts Firmware Version Screensaver TimeoutHardware Version Host Keyboard LayoutAdvanced unit configuration Time & date configuration IP Access Control IP Network MaskIP Gateway To reorder access control entries Setting IP access controlTo define a new IP access control entry To edit/remove access control entriesSerial port configuration Power control portModem port Host configuration To create a new host entryHotkey sequences Port/host addressing using Port DirectHotkey sequences and Port Direct Port DirectLogging and status To copy and paste the logSyslog Server IP Address Appendix 6 Addresses, masks and ports IP addressesNet masks Binary equivalent Net masks the binary explanationOperation with net mask Binary octet afterAll locations Calculating the mask for IP access controlSingle locations Address rangesSecurity issues with ports PortsPower switch to power switch daisy chain cable Appendix 7 Cable and connector specificationsWizard IP Plus to power switch cable 9pin D-type femaleAppendix 8 Hotkey sequence codes Permissible key pressesCreating macro sequences Appendix 9 Supported video modes Safety information General Public License LinuxEnd user licence agreement FCC Compliance Statement United States Radio Frequency EnergyEuropean EMC directive 89/336/EEC Canadian Department of Communications RFI statementFCC requirements for telephone-line equipment Certification notice for equipment used in CanadaNormas Oficiales Mexicanas NOM electrical safety statement Instrucciones de seguridad Index Connections BlackBox subsidiary contact details Country Web Site/Email Phone Fax
Top Page Image Contents