42 ULTRAVIEW REMOTE 2 INSTALLATIO N AND OPERATIONS MANUAL
Setting IP access control
The golden rule with this feature is ‘Include before you ex clude’ or to put it another way ‘Arrange allowed addres ses
in the list before the denied addresses’.
This is because the positions of entries in the list are vita lly important. Once a range of addresses is denied acces s, it
is not possible to make exceptions for particular addres ses within that range. For instance, if the range of addres ses
from A to F are denied access first, then the address C could no t be granted access lower down the list. Address C
needs to be placed in the list before the denied range.
IMPORTANT: This feature should be configured with extr eme caution as it is possible to deny access to everyone. If
such an error occurs, see Clear IP access control for details a bout how to regain access.
In the list, access control addresses prefixed by ‘+’ are al low entries while those prefixed
by ‘– ‘ are deny entries.
To define a new IP access control entry, click the Add button to display a popup dialog:
Network/Address
Enter the network address that is allowed or denied acc ess. If a range of
addresses is being specified then specify any one of the ad dresses within
the range and use the Mask entry to indicate the size of the r ange. (See
address range and mask sections)
The IP access control function uses a standard IP address and a net mask notation to specify both single locations
and ranges of addresses. In order to use this function cor rectly, you need to calculate the mask so that it accuratel y
encompasses the required addresses.
Single locations
Some of the simplest addresses to allow or deny are single l ocations. In this case you enter the required IP address
into the ‘Network/Address’ field and simply enter the ‘Mask ’ as 255.255.255.255 (255 used throughout the mask
means that every bit of the address will be compared and so t here can only be one unique address to match the one
stated in the ‘Network/Address’ field).
All locations
The other easy setting to make is ALL addresses are allo wed or denied. Using the mask 0.0.0.0 as standard, the IP
access control section includes the entry: +0.0.0.0/0.0.0.0.T he purpose of this entry is to include all IP addresses. It
is possible to similarly exclude all address es, however, take great care not to do this as you instantl y render all
network access void. There is a recovery procedure should this occur.
Address ranges
Although you can define ranges of addresses, due to the way the mask operates, there are certain restrictions on the
particular ranges that can be set. For any given address you can encompass neighboring addresses in blocks of
either 2, 4, 8, 16, 32, 64, 128, etc. and these must fall on part icular boundaries. For instance, if you wanted to define
the local address range:
192.168.142.67 to 192.168.142.93
The closest single block to cover the range would be the 3 2 addresses from:
192.168.142.64 to 192.168.142.95.
The mask needed to accomplish this would be: 255.255.255.2 24
When you look at the mask in binary, the picture becom es a little clearer. The above mask has the form:
11111111.11111111.11111111.11100000