Adder Technology 5000 Calculating the mask for IP access control, Single locations, All locations

Page 81

Calculating the mask for IP access control

The IP access control function uses a standard IP address and a net mask notation to specify both single locations and ranges of addresses. In order to use this function correctly, you need to calculate the mask so that it accurately encompasses the required address(es).

Single locations

Some of the simplest addresses to allow or deny are single locations. In this case you enter the required IP address into the ‘Network/Address’ field and simply enter the ‘Mask’ as 255.255.255.255 (255 used throughout the mask means that every bit of the address will be compared and so there can only be one unique address to match the one stated in the ‘Network/Address’ field).

All locations

The other easy setting to make is ALL addresses, using the mask 0.0.0.0 As standard, the IP access control section includes the entry: +0.0.0.0/0.0.0.0 The purpose of this entry is to include all IP addresses. It is possible to similarly exclude all addresses, however, take great care not to do this as you instantly render all network access void. There is a recovery procedure should this occur.

Address ranges

Although you can define ranges of addresses, due to the way that the mask operates, there are certain restrictions on the particular ranges that can be set. For any given address you can encompass neighbouring addresses in blocks of either 2, 4, 8, 16, 32, 64, 128, etc. and these must fall on particular boundaries. For instance, if you wanted to define the local address range:

192.168.142.67 to 192.168.142.93

The closest single block to cover the range would be the 32 addresses from:

192.168.142.64 to 192.168.142.95.

The mask needed to accomplish this would be: 255.255.255.224

When you look at the mask in binary, the picture becomes a little clearer. The above mask has the form: 11111111.11111111.11111111.11100000

Ignoring the initial three octets, the final six zeroes of the mask would ensure that the 32 addresses from .64 (01000000) to .95 (01011111) would all be treated in the same manner. See Net masks - the binary explanation for details.

When defining a mask, the important rule to remember is:

There must be no ‘ones’ to the right of a ‘zero’.

For instance, (ignoring the first three octets) you could not use a mask that had 11100110 because this would affect intermittent addresses within a range in an impractical manner. The same rule applies across the octets. For example, if you have zeroes in the third octet, then all of the fourth octet must be zeroes.

The permissible mask values (for all octets) are as follows:

Mask octet

Binary

Number of addresses encompassed

255

11111111

1 address

254

11111110

2 addresses

252

11111100

4 addresses

248

11111000

8 addresses

240

11110000

16 addresses

224

11100000

32 addresses

192

11000000

64 addresses

128

10000000

128 addresses

0

00000000

256 addresses

If the access control range that you need to define is not possible using one address and one mask, then you could break it down into two or more entries. Each of these entries could then use smaller ranges (of differing sizes) that, when combined with the other entries, cover the range that you require.

For instance, to accurately encompass the range in the earlier example:

192.168.142.67 to 192.168.142.93

You would need to define the following six address and mask combinations in the IP access control section:

Network/address entry

Mask entry

 

192.168.142.67

255.255.255.255

defines 1 address (.67)

192.168.142.68

255.255.255.252

defines 4 addresses (.68 to .71)

192.168.142.72

255.255.255.248

defines 8 addresses (.72 to .79)

192.168.142.80

255.255.255.248

defines 8 addresses (.80 to .87)

192.168.142.88

255.255.255.252

defines 4 addresses (.88 to .92)

192.168.142.93

255.255.255.255

defines 1 address (.93)

   



80

Image 81
Contents AdderView CATxIP Contents Further information Index Many computers CAM formatsCreating larger installations Cascade installationsEnterprise installations AdderView CATxIP 5000 features front and rear What’s in the box What you may additionally need  Mounting Single unit rack bracketsDouble unit rack brackets    ConnectionsTo connect the local user port Local userAdderView CATxIP Rear panel From video monitor From USB keyboard and mouseGlobal users IP network port To connect the IP network port for global usersAdderView CATxIP Front panel To connect a computer system Computer system via CAMPower in connection To connect the power supplyOutput lead from Power adapter Power control port To connect and address the switch boxesSwitch Multiple video head connections Remote switching control Host computer port/channelCable from serial Control device Overall initial configuration ConfigurationInitial configuration Menu layout Main menuHotkeys SecurityTo enable general security General security and configuration stepsTo set an Admin password Registering users and host computersTo clear a password and restore factory default settings What to do if the Admin password has been forgottenClearing IP access control What is IP access control?To clear IP access control To configure the unit from a global user location Full configuration by global userEncryption settings AdderView CATxIP 5000 encryption settingsViewer encryption settings Positioning AdderView CATxIP 5000 in the network Networking issuesPlacing AdderView CATxIP 5000 behind a router or firewall Port settingsAddressing Firewall/router addressDNS addressing To discover a DHCP-allocated IP addressPlacing AdderView CATxIP 5000 alongside the firewall Ensuring sufficient securityPorts Power control sequences Power switching configurationTo configure the power sequences for each host computer To control two or more ports simultaneouslyTo upgrade AdderView CATxIP 5000 models Recovering from a failed upgradeTo invoke backup/recovery mode Upgrading AdderView CATxIP 5000 modelsFront panel indicators Accessing the AdderView CATxIPSelecting a computer Local user accessWhen choosing To select a computer using the Select Host menuStandard hotkeys Select Host menu here you can select computers by nameLogging in and out Show All UsersTo enable/disable the confirmation box Confirmation status boxUser preferences and functions Orange dot indicators in the Select Host menu Global user access What will I see when I first login?How do multiple users coexist? To access via the VNC viewer Global user access via VNC viewerTo download the VNC viewer Options buttonTo access via your web browser Global user access via web browserUsing the viewer window When using the viewer windowMenu bar Mouse pointers ConfigureHost selection To select a hostPower switching Access mode shared/privateAuto calibrate Re-synchronise mouseControls When entering codes Enable Sun TranslationVideo Settings Keyboard ControlIncreased by 50% when a slow link is detected Using automatic configurationsSetting the Threshold manually Screen contains only host system informationShow All Users Advanced Video SettingsCustom Video Modes Reduced BlankingVNC hotkey selection Viewer encryption settings If you need to enter a port numberSupported web browsers When logging on using VNC viewer, I cannot enter a username TroubleshootingGetting assistance US +1 888 275To access the local setup menus Appendix 1 Local setup menusRestore Standard Mouse Power ControlRestore Intellimouse FunctionsSettings Disabled, Enabled Settings Blank, Moving LogoUser Preferences Screen SaverUser Timeout Mouse SwitchingGlobal Preferences OSD Dwell TimeSetup Options Logon SecurityAuto Logout IP admin password, encryption settings, etc ConfigurationCompletely resets the AdderView CATxIP 5000 unit IP address, net mask, VNC port, etcUnit Configuration Network Configuration Settings Power Control, Sync Units Serial ConfigurationSettings 1200, 2400, 4800, 9600, 19200, 38400, 57600 Options PortTo reset the AdderView CATxIP 5000 configuration Reset ConfigurationAppendix 2 Configuration pages via viewer To access the remote configuration pagesMain configuration Logged on users User accounts Unit configuration Advanced unit configuration Time & date configuration IP Access Control Network configurationIP Network Mask IP GatewayTo define a new IP access control entry Setting IP access controlTo reorder access control entries To edit/remove access control entriesSerial port configuration Options Port UseBaud Rate Erase Host Configuration Host configurationAdd entry for unrecognised host SortTo copy and paste the log Logging and statusSyslog Server IP Address For further details To get hereLdap configuration Colour/Encoding Appendix 3 VNC viewer connection optionsAuto select Preferred encodingDisable all inputs view-only mode Enable all inputsInputs CustomiseMisc No Scaling ScalingScale to Window Size Custom SizeDefaults Save Defaults ReloadIdentities Load / SaveAppendix 4 VNC viewer window options Appendix 5 Browser viewer options Encoding and colour levelSecurity Appendix 6 Addresses, masks and ports IP addressesNet masks Operation with net mask Net masks the binary explanationBinary equivalent Binary octet afterSingle locations Calculating the mask for IP access controlAll locations Address rangesPorts Security issues with portsAppendix 7 Cascading multiple units See alsoCascade tree Connecting units in cascade Tips for successful cascadingTo connect units in cascade Addressing computers in a cascade Using cascaded computersAdderView CATxIP 5000 to power switch cable Appendix 8 Cable and connector specificationsPower switch to power switch daisy chain cable Multi-head synchronisation cableAppendix 9 Hotkey sequence codes Permissible key pressesCreating macro sequences Appendix 10 Supported video modes Warranty Safety informationGeneral Public License Linux End user licence agreement European EMC directive 89/336/EEC Radio Frequency EnergyFCC Compliance Statement United States Canadian Department of Communications RFI statementHoe Huat Industrial Building Index Options port Upgrade failure Connection Baud rate