Screen-friendly
page
Printer-friendly
pageCalculating Firewall Ranges
This page contains information about how to calculate IP address ranges for use with the campus firewall groups.
Mathematical and visual representations
Understanding how to calculate valid network ranges can be challenging, so there are several methods of calculation offered below:
- The mathematical Powers of Two approach
(including information on CIDR network notation and subnet masks)
- The visual Network Tree approach
(including sample cases)
- A firewall worksheet
(including both a blank worksheet and completed examples)
Campus recommendations
The Network Design Office recommends that departments reserve the first 10 addresses on their network for networking equipment. They also recommend placing networking equipment in the Fully Closed category.
Since each group must be a power of 2, network admins may want to consider placing the first block of at least 16 hosts in the Fully Closed category.
Additional resources
An online netmask calculator:
http://jodies.de/ipcalc
An online net aggregation calculator:
http://www.csc.fi/english/funet/calc/laskin2.html
For administrators with access to a UNIX variant, nmcalc is a nice
command-line tool to check out your netmasks. The source is available
at:
http://web.mit.edu/ktools/dist/nmcalc/
For administrators using Windows, the following tool gets good reviews:
http://www.solarwinds.net/Download-Tools.htm