• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 687
  • Last Modified:

CIDR and 10.x.x.x block

I am configuring a relay in Exchange 2010 to send email to external sources. Needless to say, I want to make sure this address is the only one that can relay. My internal ip's are 10.x.x.x on subnet 255.0.0.0. The address I want to be able to relay is 10.0.0.22. The example I saw said to use the /32 prefix, but that was on a 255.255.255.0 subnet. Will the 10.0.0.22/32 setting only allow that address to relay, or does the 255.0.0.0 use a different prefix?
0
imccoy
Asked:
imccoy
  • 2
1 Solution
 
Fred MarshallPrincipalCommented:
The notation is used in two different ways:

If one is referring to  a network subnet as in 10.0.0.0 / 255.255.0.0 or /16 in CIDR notation... same thing ... then that means:
10.0.0.0 is the *network* address.
10.0.0.255 is the *broadcast* address.
All addresses in between are available for "hosts", i.e. computers, printers, servers, routers, etc.

In this context, the smallest subnet must have 4 addresses in total:
- one for nettwork
- two for hosts
- one for broadcast.
That's because the next power of 2 below 2 is zero so a network:
10.0.0.0 /31 or 255.255.255.254 would have:
10.0.0.0 for the network
10.0.0.1 for the broadcast
and no addresses for any hosts at all!
Some IP calculators won't accept CIDR numbers greater than 30 for that reason.

THE OTHER CONTEXT IS:

Let's say that you want to specify an address range in a firewall for filtering purposes.
Let's say that the range is 10.0.0.16 to 10.0.0.31 for a total of 16 addresses within 10.0.0.0/16.
Some devices will let you enter 10.0.0.16-10.0.0.31.
Some devices will let you enter 10.0.0.16 / 28 meaning the same thing.
BUT this isn't a subnet.  It's just an address range so ALL the addresses from 16 to 31 are affected.

... a small difference perhaps but possibly a source of confusion.

In the latter case, /32 means "this address only".  Certainly used often in Juniper Networks equipment.

0
 
imccoyAuthor Commented:
I tried understanding CIDR, but I didn't even have to duck when it went over my head. Thanks for the solution, I'll use the /32 to specify to only use that address.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Note: The broadcast address as stated above is not correct. A CIDR notation of 10.0.0.0/16 means that the broadcast address is 10.0.255.255, not 10.0.0.255 . Broadcast address is always all-ones (in bits) for the host part, which is 16 bit in this case.
0
 
Fred MarshallPrincipalCommented:
Olemo:  You are correct.  My mistake!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now