Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1105
Views
4
Helpful
5
Replies

Ip Range

netperception
Level 1
Level 1

‎08-12-2008 06:20 AM - edited ‎03-11-2019 06:29 AM

Say I have a network object group object in my firewall, and I wish to add in not just an IP but a range of IP's. 12.12.12.1 to like 12.12.12.10? I hope I am doing this wrong by entering in 10 ips vs just a range of some sort.

Chuck

Labels:
0 Helpful
5 Replies 5

sundar.palaniappan
Level 10
Level 10

‎08-12-2008 06:31 AM

Chuck

To enter a range of addresses you can use the appropriate network mask to keep the number of network objects required to a minimum.

In your scenario this can be done with 3 network objects rather than 10 host network objects like this.

object-group network TEST

network-object 12.12.12.0 255.255.255.248

network-object 12.12.12.8 255.255.255.254

network-object host 12.12.12.10

HTH

Sundar

0 Helpful

netperception
Level 1
Level 1
In response to sundar.palaniappan

‎08-12-2008 06:58 AM

How do you go from 0 to 8 to 10? And then even choose the net mask from 248 to 254? I'm trying to figure a pattern to so I can replicate this into more ranges. I can read relative links. Like say I'd block a whole range. 10.1.1.*

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to netperception

‎08-12-2008 09:01 AM

248 indicates the first 5 bits of the 3rd octet need to match but it doesn't care about the last 3 bits (address range of 0-7). A quick search on Netpro should find lot of useful links on subnetting. Here's one I found on google that may find helpful.

http://www.timothytuohy.com/subnetting_101.htm

HTH

Sundar

netperception
Level 1
Level 1
In response to sundar.palaniappan

‎08-21-2008 05:32 AM

Thanks Sundar,

I will continue to read this article. I still don't fully understand sub netting but maybe can you tell me how to block this range 200.63.42.* and it may bring my understanding closer.

I want to block these bastard IP's from a Panama set of servers that is abusive. This example I would like to block 200.63.42.* basically everyone in that range.

0 Helpful

netperception
Level 1
Level 1
In response to netperception

‎08-21-2008 07:45 AM

Too bad there wasn't a Cisco website tool like http://www.cisco.com/cgi-bin/Support/IpSubnet/home.pl that we could enter a desired range and have it calculate it. That would be perfect while reading your article as I read theory but sometimes (like this time) need to exercise correct and incorrect'ed'ness to help reinforce understanding.

Got more articles? I tried searching netpro but got lots of unrelated articles.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card