Results 1 to 5 of 5

Thread: Question about IP Range

  1. #1
    Ultimate Member rraehal's Avatar
    Join Date
    Jan 2002
    Location
    Denver, Colorado, USA
    Posts
    3,874

    Question about IP Range

    I have a router at work that has about 25% utilization all the time. The traffic is from Pandora. I decided to block all traffic to Pandora using their IP range in a Cisco ACL.

    When I perform the ARIN lookup, I get these results for the IP range:
    NetRange: 208.85.40.0 - 208.85.47.255
    CIDR: 208.85.40.0/21

    The CIDR notation does not make sense to me. The IP range includes 8 class C networks. The /21 is a class b subnet of 255.255.248.0. How does that work?

    Shoudl I block "208.85.40.0 0.0.7.255" in my ACL or should I create 8 entries to block the networks like this:
    208.85.40.0 0.0.0.255
    208.85.41.0 0.0.0.255
    .
    .
    .

    Thanks.
    -- Mathias

  2. #2
    Lifetime Friend of Staff
    Join Date
    May 2007
    Location
    Sheboygan, WI
    Posts
    3,921
    Maybe this range block Idea will help out.
    http://www.mediawiki.org/wiki/Help:Range_blocks

  3. #3
    Ultimate Member rraehal's Avatar
    Join Date
    Jan 2002
    Location
    Denver, Colorado, USA
    Posts
    3,874
    Thanks for the Link.

    After thinking about this for a while, I think I will create 8 rules for blocking Pandora. If I use the the first rule to block addresses, I will block more Internet addresses than Pandora.

    In case you haven't used a Cisco router before, the subnet mask in the access rules is inverse. So a subnet mask of 255.255.255.0 would be listed in the cisco ACL as 0.0.0.255. In my ARIN lookup for Pandora the mask is listed as /21 or 255.255.248.0 so the Csico ACL lists the mask as 0.0.7.255 (255-248=7).

    I think the /21 is simply there for the purpose of routing. I don't want to use that in building an access control list. I posted the same question to Cisco Forums so I will see what they tell me too.
    -- Mathias

  4. #4
    Lifetime Friend of Staff
    Join Date
    May 2007
    Location
    Sheboygan, WI
    Posts
    3,921
    Cisco home yes, business routers, never .

  5. #5
    Junior Member
    Join Date
    Mar 2012
    Posts
    1
    CIDR ranges are cleaner - every IP address is broken down to binary.

    A /21 just means everything after the 21st bit is in that range.

    If you need a CIDR calculator... Check out this site:

    http://www.unlocktheinbox.com/ipcidr...=208.85.47.255

    You can see the results.

    CIDR: 208.85.40.0/21

    Some ranges will have multiple results based on how the bit's line up in the ranges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •