Adder Technology X200A/R, X200AS/R Calculating the mask for IP access control, Single locations

Page 103

Calculating the mask for IP access control

The IP access control function uses a standard IP address and a net mask notation to specify both single locations and ranges of addresses. In order to use this function correctly, you need to calculate the mask so that it accurately encompasses the required address(es).

Single locations

Some of the simplest addresses to allow or deny are single locations. In this case you enter the required IP address into the ‘Network/Address’ field and simply enter the ‘Mask’ as 255.255.255.255 (255 used throughout the mask means that every bit of the address will be compared and so there can only be one unique address to match the one stated in the ‘Network/Address’ field).

All locations

The other easy setting to make is ALL addresses, using the mask 0.0.0.0 As standard, the IP access control section includes the entry: +0.0.0.0/0.0.0.0 The purpose of this entry is to include all IP addresses. It is possible to similarly exclude all addresses, however, take great care not to do this as you instantly render all network access void. There is a recovery procedure should this occur.

Address ranges

Although you can define ranges of addresses, due to the way that the mask operates, there are certain restrictions on the particular ranges that can be set. For any given address you can encompass neighbouring addresses in blocks of either 2, 4, 8, 16, 32, 64, 128, etc. and these must fall on particular boundaries. For instance, if you wanted to define the local address range:

192.168.142.67 to 192.168.142.93

The closest single block to cover the range would be the 32 addresses from:

192.168.142.64 to 192.168.142.95.

The mask needed to accomplish this would be: 255.255.255.224

When you look at the mask in binary, the picture becomes a little clearer. The above mask has the form: 11111111.11111111.11111111.11100000

Ignoring the initial three octets, the final six zeroes of the mask would ensure that the 32 addresses from .64 (01000000) to .95 (01011111) would all be treated in the same manner. See Net masks - the binary explanation for details.

When defining a mask, the important rule to remember is:

There must be no ‘ones’ to the right of a ‘zero’.

For instance, (ignoring the first three octets) you could not use a mask that had 11100110 because this would affect intermittent addresses within a range in an impractical manner. The same rule applies across the octets. For example, if you have zeroes in the third octet, then all of the fourth octet must be zeroes.

The permissible mask values (for all octets) are as follows:

Mask octet

Binary

Number of addresses encompassed

255

11111111

1 address

254

11111110

2 addresses

252

11111100

4 addresses

248

11111000

8 addresses

240

11110000

16 addresses

224

11100000

32 addresses

192

11000000

64 addresses

128

10000000

128 addresses

0

00000000

256 addresses

If the access control range that you need to define is not possible using one address and one mask, then you could break it down into two or more entries. Each of these entries could then use smaller ranges (of differing sizes) that, when combined with the other entries, cover the range that you require.

For instance, to accurately encompass the range in the earlier example:

192.168.142.67 to 192.168.142.93

You would need to define the following six address and mask combinations in the IP access control section:

Network/address entry

Mask entry

 

192.168.142.67

255.255.255.255

defines 1 address (.67)

192.168.142.68

255.255.255.252

defines 4 addresses (.68 to .71)

192.168.142.72

255.255.255.248

defines 8 addresses (.72 to .79)

192.168.142.80

255.255.255.248

defines 8 addresses (.80 to .87)

192.168.142.88

255.255.255.252

defines 4 addresses (.88 to .92)

192.168.142.93

255.255.255.255

defines 1 address (.93)

   



102

Page 102 Page 104
Image 103
Page 102 Page 104
Contents AdderView CATx Contents Re-synchronise mouse Auto calibrateIndex Introduction Front panel buttons AdderView CATx features front and rearWhat you may additionally need What’s in the boxRack brackets MountingConnections Cascading Multiple units Remote switching ControlConnections Modem Multiple video Isdn port Head connectionsTo connect the local user port Local userCable lengths for remote user locations Remote user via X100/X200 extenderTo connect a remote user To connect the Global user IP network port Global user IP network portTo connect a computer system Computer system via CAMComputer video compensation for details To connect a modem or Isdn adapter Modem/ISDN portTo connect the power supply Power in connectionTo connect and address the switch boxes Power control portSystem, called Adder Port Direct Cascading multiple unitsSee also How cascade connections operate CA02 Addressing computers in a cascadeTips for successful cascading Connecting AdderView CATx units in cascadeTo connect units in cascade Testing specific links to cascaded computers Using cascaded computersTo test a specific link Multiple video head connections Host computer port/channel Video off Remote switching controlOverall initial configuration Hotkeys Configuration menusTo access the configuration menu local and remote users To access the configuration menu global usersTo set an Admin password General security and configuration stepsConfiguration menus layout To enable general securityRegistering users edit user list Access to all computers Press Access to no computers PressTo create/edit user accounts Registering computers edit computer list Tips when creating/editing computer entriesTo create/edit computer entries Video compensation See Remote user skew adjustment for detailsTo apply computer video compensation Computer video compensationIf the image controls cannot provide a crisp image Remote user video compensationTo display a suitable high contrast image To apply remote user video compensationCreating a skew test pattern Remote user skew adjustmentTo use skew adjustment Using the supplied skew patternNum Lock for Red, Caps Lock for Green To define an autoscan list To select an autoscan modeAutoscanning To select an autoscan periodPreparations for configuration save/load Saving and restoring configuration settingsTo transfer configuration settings Hints for editing To edit the configuration settingsConfiguration screens What to do if the Admin password has been forgottenTo reset AdderView CATx models To reset the AdderView CATx IP modelsRecognising an IntelliMouse-style mouse Which restore setting do I use?To restore mouse operation when hot plugging Hot plugging and mouse restorationTo use the initial IP-configuration sequence Initial IP configurationTo configure IP-specific settings To configure IP details from a global user location IP configuration by global userUser Accounts AdderView CATx IP encryption settings Encryption settingsViewer encryption settings Positioning AdderView CATx IP in the network Networking issuesPlacing AdderView CATx IP behind a router or firewall Port settingsAddressing DNS addressing To discover a DHCP-allocated IP addressPorts By configuration page via viewerPlacing AdderView CATx IP alongside the firewall Ensuring sufficient securityTo control two or more ports simultaneously Power switching configurationPower control sequences To configure the power sequences for each host computerKvmadmin -setusers users.csv Kvmadmin utilityKvmadmin command ip address parameters Kvmadmin -getconfig kvm1.cfgTo use the KVM Firmware Uploader utility Performing upgradesItems required to use the upgrade utility Upgrading AdderView CATx models and CAMsIssues to consider when performing flash upgrades Select the items to be upgradedSelect the upgrade file to be used Commence the upgradeUpgrading AdderView CATx IP models To upgrade AdderView CATx IP modelsAdderView CATx IP models Accessing the AdderView CATxFront panel controls AdderView CATx modelsSelecting a computer Local and remote user accessTo gain access as a local or remote user To select a computer using the front panel controlsKeep Pressed down until all other Numbers have been entered To select a computer using hotkeysStandard hotkeys Above or for even longer cascaded computersTo select a computer using mouse buttons To select a computer using the on-screen menuTo select a computer using mouse buttons Advanced method Selecting cascaded computers Logging in and outConfirmation box Routing status To change banner colours or disable the bannerTo use the Routing status feature Reminder bannerTo switch a computer on or off Power switching via configuration menuUser preferences and functions Global user access To access via the VNC viewer Global user access via VNC viewerTo download the VNC viewer To access via your web browser Global user access via web browserWhen using the viewer window Using the viewer windowMenu bar To select a host ConfigureMouse pointers Host selectionRe-synchronise mouse Access mode shared/privatePower switching via viewer Auto calibrateResync Mouse Single Mouse ModeControls Mouse ControlKeyboard Control When entering codesVideo Settings KVM switch menuSystem information Using automatic configurationsIncreased by 50% when a slow link is detected Setting the Threshold manuallyTo enter a port number in a Web browser Access via dial up modem or Isdn linkIf you need to enter a port number To initiate a dial up linkLinux Viewer encryption settingsSupported web browsers WindowsUS +1 888 275 TroubleshootingWhen logging on using VNC viewer, I cannot enter a username Getting assistanceTo access the configuration menus Appendix 1 Configuration menusConfigure IP port Functions User Preferences Screen Saver Mouse SwitchingAutoscan Mode Global PreferencesMouse Type User TimeoutOSD Dwell Time RS232 Mouse TypeExclusive Use Setup OptionsKeypad Controls LanguageAdd Computers Settings AUTO, ManualAutomatic Logout AudioDDC Options DDC Source Settings AUTO, LOCAL, DefaultDDC Refresh Settings AT START, Disabled Advanced OptionsForce Mode Settings DISABLED, Enabled Country Code Settings AUTO, MANUAL, DisabledDefault Country Setup OptionsBaud rate, initialisation string, etc Configure IP portIP admin password, encryption settings, etc IP address, net mask, VNC port, etcUnit Configuration Network Configuration Modem Configuration What is IP access control? Clearing IP access controlReset Configuration To reset the AdderView CATx IP configurationTo access the remote configuration pages Appendix 2 Configuration pages via viewerUser accounts Firmware Version Unit configurationAdmin Password Hardware VersionAdvanced unit configuration Time & date configuration IP Gateway Network configurationIP Access Control IP Network MaskTo edit/remove access control entries Setting IP access controlTo define a new IP access control entry To reorder access control entriesPower control port Serial port configurationModem port To create a new host entry Host configurationErase Host Configuration Add entry for unrecognised hostAdder Port Direct Port/host addressing using Adder Port DirectExamples For further details To get here Logging and statusTo copy and paste the log Syslog Server IP AddressPreferred encoding Appendix 3 VNC viewer connection optionsColour/Encoding Auto selectCustomise Enable all inputsDisable all inputs view-only mode InputsMisc ScalingLoad / Save Defaults ReloadDefaults Save IdentitiesAppendix 4 VNC viewer window options Encoding and colour level Appendix 5 Browser viewer optionsSecurity Want to know more? Appendix 6 Addresses, masks and portsIP addresses Net masksNet masks the binary explanation 154Address ranges Calculating the mask for IP access controlSingle locations All locationsPorts Security issues with portsPower switch to power switch daisy chain cable Appendix 7 Cable and connector specificationsRS232 serial flash upgrade cable Multi-head synchronisation cable Permissible key presses Appendix 8 Hotkey sequence codesCreating macro sequences Appendix 9 Supported video modes Safety information WarrantyGeneral Public License Linux End user licence agreement Canadian Department of Communications RFI statement Radio Frequency EnergyEuropean EMC directive 89/336/EEC FCC Compliance Statement United States111 Index 113 114
Top Page Image Contents