Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 677
  • Last Modified:

CIDR and 10.x.x.x block

I am configuring a relay in Exchange 2010 to send email to external sources. Needless to say, I want to make sure this address is the only one that can relay. My internal ip's are 10.x.x.x on subnet The address I want to be able to relay is The example I saw said to use the /32 prefix, but that was on a subnet. Will the setting only allow that address to relay, or does the use a different prefix?
  • 2
1 Solution
Fred MarshallCommented:
The notation is used in two different ways:

If one is referring to  a network subnet as in / or /16 in CIDR notation... same thing ... then that means: is the *network* address. is the *broadcast* address.
All addresses in between are available for "hosts", i.e. computers, printers, servers, routers, etc.

In this context, the smallest subnet must have 4 addresses in total:
- one for nettwork
- two for hosts
- one for broadcast.
That's because the next power of 2 below 2 is zero so a network: /31 or would have: for the network for the broadcast
and no addresses for any hosts at all!
Some IP calculators won't accept CIDR numbers greater than 30 for that reason.


Let's say that you want to specify an address range in a firewall for filtering purposes.
Let's say that the range is to for a total of 16 addresses within
Some devices will let you enter
Some devices will let you enter / 28 meaning the same thing.
BUT this isn't a subnet.  It's just an address range so ALL the addresses from 16 to 31 are affected.

... a small difference perhaps but possibly a source of confusion.

In the latter case, /32 means "this address only".  Certainly used often in Juniper Networks equipment.

imccoyAuthor Commented:
I tried understanding CIDR, but I didn't even have to duck when it went over my head. Thanks for the solution, I'll use the /32 to specify to only use that address.
QlemoC++ DeveloperCommented:
Note: The broadcast address as stated above is not correct. A CIDR notation of means that the broadcast address is, not . Broadcast address is always all-ones (in bits) for the host part, which is 16 bit in this case.
Fred MarshallCommented:
Olemo:  You are correct.  My mistake!

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now