-
Ultimate Member
Question about IP Range
I have a router at work that has about 25% utilization all the time. The traffic is from Pandora. I decided to block all traffic to Pandora using their IP range in a Cisco ACL.
When I perform the ARIN lookup, I get these results for the IP range:
NetRange: 208.85.40.0 - 208.85.47.255
CIDR: 208.85.40.0/21
The CIDR notation does not make sense to me. The IP range includes 8 class C networks. The /21 is a class b subnet of 255.255.248.0. How does that work?
Shoudl I block "208.85.40.0 0.0.7.255" in my ACL or should I create 8 entries to block the networks like this:
208.85.40.0 0.0.0.255
208.85.41.0 0.0.0.255
.
.
.
Thanks.
-
-
Ultimate Member
Thanks for the Link.
After thinking about this for a while, I think I will create 8 rules for blocking Pandora. If I use the the first rule to block addresses, I will block more Internet addresses than Pandora.
In case you haven't used a Cisco router before, the subnet mask in the access rules is inverse. So a subnet mask of 255.255.255.0 would be listed in the cisco ACL as 0.0.0.255. In my ARIN lookup for Pandora the mask is listed as /21 or 255.255.248.0 so the Csico ACL lists the mask as 0.0.7.255 (255-248=7).
I think the /21 is simply there for the purpose of routing. I don't want to use that in building an access control list. I posted the same question to Cisco Forums so I will see what they tell me too.
-
Cisco home yes, business routers, never .
-
CIDR ranges are cleaner - every IP address is broken down to binary.
A /21 just means everything after the 21st bit is in that range.
If you need a CIDR calculator... Check out this site:
http://www.unlocktheinbox.com/ipcidr...=208.85.47.255
You can see the results.
CIDR: 208.85.40.0/21
Some ranges will have multiple results based on how the bit's line up in the ranges.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|