Adder Technology CATxIP 1000 manual Calculating the mask for IP access control, Single locations

Page 82

Calculating the mask for IP access control

The IP access control function uses a standard IP address and a net mask notation to specify both single locations and ranges of addresses. In order to use this function correctly, you need to calculate the mask so that it accurately encompasses the required address(es).

Single locations

Some of the simplest addresses to allow or deny are single locations. In this case you enter the required IP address into the ‘Network/Address’ field and simply enter the ‘Mask’ as 255.255.255.255 (255 used throughout the mask means that every bit of the address will be compared and so there can only be one unique address to match the one stated in the ‘Network/Address’ field).

All locations

The other easy setting to make is ALL addresses, using the mask 0.0.0.0 As standard, the IP access control section includes the entry: +0.0.0.0/0.0.0.0 The purpose of this entry is to include all IP addresses. It is possible to similarly exclude all addresses, however, take great care not to do this as you instantly render all network access void. There is a recovery procedure should this occur.

Address ranges

Although you can define ranges of addresses, due to the way that the mask operates, there are certain restrictions on the particular ranges that can be set. For any given address you can encompass neighbouring addresses in blocks of either 2, 4, 8, 16, 32, 64, 128, etc. and these must fall on particular boundaries. For instance, if you wanted to define the local address range:

192.168.142.67 to 192.168.142.93

The closest single block to cover the range would be the 32 addresses from:

192.168.142.64 to 192.168.142.95.

The mask needed to accomplish this would be: 255.255.255.224

When you look at the mask in binary, the picture becomes a little clearer. The above mask has the form: 11111111.11111111.11111111.11100000

Ignoring the initial three octets, the final six zeroes of the mask would ensure that the 32 addresses from .64 (01000000) to .95 (01011111) would all be treated in the same manner. See Net masks - the binary explanation for details.

When defining a mask, the important rule to remember is:

There must be no ‘ones’ to the right of a ‘zero’.

For instance, (ignoring the first three octets) you could not use a mask that had 11100110 because this would affect intermittent addresses within a range in an impractical manner. The same rule applies across the octets. For example, if you have zeroes in the third octet, then all of the fourth octet must be zeroes.

The permissible mask values (for all octets) are as follows:

Mask octet

Binary

Number of addresses encompassed

255

11111111

1 address

254

11111110

2 addresses

252

11111100

4 addresses

248

11111000

8 addresses

240

11110000

16 addresses

224

11100000

32 addresses

192

11000000

64 addresses

128

10000000

128 addresses

0

00000000

256 addresses

If the access control range that you need to define is not possible using one address and one mask, then you could break it down into two or more entries. Each of these entries could then use smaller ranges (of differing sizes) that, when combined with the other entries, cover the range that you require.

For instance, to accurately encompass the range in the earlier example:

192.168.142.67 to 192.168.142.93

You would need to define the following six address and mask combinations in the IP access control section:

Network/address entry

Mask entry

 

192.168.142.67

255.255.255.255

defines 1 address (.67)

192.168.142.68

255.255.255.252

defines 4 addresses (.68 to .71)

192.168.142.72

255.255.255.248

defines 8 addresses (.72 to .79)

192.168.142.80

255.255.255.248

defines 8 addresses (.80 to .87)

192.168.142.88

255.255.255.252

defines 4 addresses (.88 to .92)

192.168.142.93

255.255.255.255

defines 1 address (.93)

   



81

Image 82
Contents AdderView CATxIP Contents Further information Index Many computers Global usersCAM formats AdderView CATxIP 1000 features front and rear What’s in the box What you may additionally needSingle unit rack brackets MountingDouble unit rack brackets CAM Computer Power System Switch ConnectionsLocal user To connect the local user portAdderView CATxIP Front panel Global user IP network portTo connect the Global user IP network port Category 5, 5e or 6 cable from Adder X100/X200 moduleComputer system via CAM To connect a computer systemTo connect the power supply Power in connectionOutput lead from Power adapter To connect and address the switch boxes Power control portSwitch See also Cascading multiple unitsCascade tree Tips for successful cascading Connecting units in cascadeTo connect units in cascade Using cascaded computers Addressing computers in a cascadeIt is recommended that Second CAM in each pair is a Multiple video head connectionsUSB-type and that it is plugged Host computer port/channel Video off Remote switching controlCable from serial Control device Configuration Overall initial configurationInitial configuration Hotkeys Main menuMenu layout SecurityTo set an Admin password General security and configuration stepsTo enable general security Registering users and host computersWhat to do if the Admin password has been forgotten To clear a password and restore factory default settingsWhat is IP access control? Clearing IP access controlTo clear IP access control Full configuration by global user To configure the unit from a global user locationAdderView CATxIP 1000 encryption settings Encryption settingsViewer encryption settings Networking issues Positioning AdderView CATxIP 1000 in the networkAddressing Port settingsPlacing AdderView CATxIP 1000 behind a router or firewall Firewall/router addressTo discover a DHCP-allocated IP address DNS addressingEnsuring sufficient security Placing AdderView CATxIP 1000 alongside the firewallPorts To configure the power sequences for each host computer Power switching configurationPower control sequences To control two or more ports simultaneouslyTo invoke backup/recovery mode Recovering from a failed upgradeTo upgrade AdderView CATxIP 1000 models Upgrading AdderView CATxIP 1000 modelsAccessing the AdderView CATxIP Front panel indicatorsLocal user access Selecting a computerStandard hotkeys To select a computer using the Select Host menuSelect Host menu here you can select computers by name Logging in and out To select a computer using mouse buttonsTo select a computer using mouse buttons Advanced method To logConfirmation box To enable/disable the confirmation boxTo change banner colours or disable the banner Reminder bannerBlue dot indicators in the Select Host menu User preferences and functionsGlobal user access Global UserTo download the VNC viewer Global user access via VNC viewerTo access via the VNC viewer Options buttonGlobal user access via web browser To access via your web browserWhen using the viewer window Using the viewer windowMenu bar Host selection ConfigureMouse pointers To select a hostAuto calibrate Access mode shared/privatePower switching Re-synchronise mouseControls Keyboard Control When entering codesVideo Settings EnterSetting the Threshold manually Using automatic configurationsIncreased by 50% when a slow link is detected AccordinglyCustom Video Modes Advanced SettingsOverlap Capture If you need to enter a port number Viewer encryption settingsSupported web browsers Getting assistance TroubleshootingWhen logging on using VNC viewer, I cannot enter a username US +1 888 275Appendix 1 Local setup menus To access the local setup menusRestore Intellimouse Power ControlRestore Standard Mouse FunctionsReminder Colour User PreferencesReminder Banner Screen SaverGlobal Preferences Mouse SwitchingUser Timeout OSD Dwell TimeSetup Options Auto LogoutCompletely resets the AdderView CATxIP 1000 unit ConfigurationIP admin password, encryption settings, etc IP address, net mask, VNC port, etcUnit Configuration Network Configuration Settings 1200, 2400, 4800, 9600, 19200, 38400, 57600 Serial ConfigurationSettings Power Control, Sync Units Options PortReset Configuration To reset the AdderView CATxIP 1000 configurationTo access the remote configuration pages Appendix 2 Configuration pages via viewerMain configuration Logged on users User accounts Unit configuration Advanced unit configuration Time & date configuration IP Network Mask Network configurationIP Access Control IP GatewayTo reorder access control entries Setting IP access controlTo define a new IP access control entry To edit/remove access control entriesOptions Port Use Serial port configurationBaud Rate Add entry for unrecognised host Host configurationErase Host Configuration To create a new host entrySyslog Server IP Address Logging and statusTo copy and paste the log For further details To get hereLdap configuration Auto select Appendix 3 VNC viewer connection optionsColour/Encoding Preferred encodingInputs Enable all inputsDisable all inputs view-only mode CustomiseMisc Scale to Window Size ScalingNo Scaling Custom SizeIdentities Defaults ReloadDefaults Save Load / SaveAppendix 4 VNC viewer window options Encoding and colour level Appendix 5 Browser viewer optionsSecurity IP addresses Appendix 6 Addresses, masks and portsNet masks Binary equivalent Net masks the binary explanationOperation with net mask Binary octet afterAll locations Calculating the mask for IP access controlSingle locations Address rangesSecurity issues with ports PortsAdderView CATxIP 1000 to power switch cable Appendix 7 Cable and connector specificationsPower switch to power switch daisy chain cable Permissible key presses Appendix 8 Hotkey sequence codesCreating macro sequences Appendix 9 Supported video modes Safety information WarrantyGeneral Public License Linux End user licence agreement FCC Compliance Statement United States Radio Frequency EnergyEuropean EMC directive 89/336/EEC Canadian Department of Communications RFI statementHoe Huat Industrial Building Index 