Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  IP ranges

    Posted 10-12-2009 01:33

     

    Hi all,

    I need to configure some IP ranges to let them work in policies: 

    suppose I have a range like this: 192.168.10.18--> 192.168.10.255 (all hosts belonging to network 192.168.10/24, but not hosts form .1 to .17) 

    As I read in previous posts, I should create a number  of networks, in order to fulfill the range (a number of /25, plus some /27 and so on). But in the case shown before, in place of creating that number of network, is it possible to create a network like this: 192.168.10.18/24 (254 hosts from .18 upward)?

    Is it possible? does it work? 

    Thanks in advance for your help 

    Regards 

    Max 



  • 2.  RE: IP ranges

    Posted 10-12-2009 09:08

    hello

     

    if you want  to allow only 192.168.10.18 to 254 you can't use /24 because you will alllow 1 to 17 , you should use VLSM technique to subneting your range  

     

    thansk 

    Message Edited by mehdi on 10-12-2009 05:08 PM


  • 3.  RE: IP ranges

    Posted 10-13-2009 07:36

    OK 

    but I see that there is the possibility to set a /31 mask. Should I use it when I need only two addresses, as for example 192.168.10.11/31 resumes IP addresses 192.168.10.11 and 192.168.11.12 ? 

    Thanks in advance

    Regards 

    Max 



  • 4.  RE: IP ranges
    Best Answer

    Posted 10-13-2009 16:00


    You would need to split your policy into a couple of ranges like so:

    192.168.10.128/25 - Grabs 192.168.10.128-254

    192.168.10.64/26 - Grabs 192.168.10.64-127

    192.168.10.32/27 - Grabs 192.168.10.32-63

    Then some smaller subnets for the 18-31 range. Solarwinds makes a really handy subnet calculator, found here:

    http://www.solarwinds.com/products/freetools/free_subnet_calculator.aspx