Summary
CIDR Notation is a way to specify a range of IP addresses. CIDR notation is used in a variety of places inside SecureSchool, so knowing how it works can be very powerful and helpful.
Applies To
SecureSchool, ISBossBox, LibraryDoor
More Information
CIDR stands for Classless InterDomain Routing. When the Internet and IP was first formed, IP addresses were delegated in 3 fixed sixes, with a subnet mask of either 255.0.0.0, 255.255.0.0, or 255.255.255.0, depending on what addresses were assigned to you. This is referred to as classful routing. This proved to be very ineffective because lots of IP addresses were being wasted. Therefore, classless routing (CIDR) took over, allowing ISPs to delegate varying size address blocks (for example, a network with a subnet of 255.255.255.248).
When CIDR took over, a common notation took over to easily specify networks. The notation is formatted by [network address]/[subnet size in bits]. So for example, if your network uses addresses like 10.5.6.7 with a subnet mask of 255.255.255.0, its CIDR network notation would be 10.5.6.0/24.
CIDR notation comes into play in SecureSchool in several places. One of the most important places is in the Firewall. A common example of a firewall rule you may make is for GoToMeeting & other Citrix online services (which is even documented elsewhere in the Knowledgebase). If you perform a packet capture of a workstation and see it trying to go to 67.217.65.26 when you try to use GoToMeeting (and you haven’t allowed it yet), you can do several things to find out the best way to allow that. If you use the WhoIs tool in the web interface to find out who actually owns that address, you’ll see that it’s owned by Citrix Online, LLC. You’ll also see that it’s part of a large range that’s been delegated directly to Citrix, 67.217.64.0/19. That means that you can make a firewall rule for 64.217.64.0/19, which will match all traffic to 67.217.64.0 through 67.217.95.255. Much easier then adding those thousands of addresses one at a time.
Another example would be if your school uses the Proxy Auto Detect feature in browsers to push out proxy settings, you usually want to exclude local traffic from going through the proxy server. SecureSchool’s web interface allows you to configure the proxy auto detect file by specifying CIDR ranges to exclude from the proxy, so when the browser tries going to one of those local addresses it will see that it’s supposed to connect directly and bypass SecureSchool. If you’re network covers the addresses between 10.10.0.0 through 10.10.15.255, your subnet mask would be 255.255.240.0. That subnet mask has 20 “1” bits in it, so the CIDR notation would be 10.10.0.0/20, which is what you would add to the proxy auto detect settings.
There’s a tool in SecureSchool to help you determine what CIDR notation you need to use for different subnet masks: Tools & Tests -> Tools -> CIDR Calculator. You simply enter either the IP address and subnet mask, or the IP address and CIDR notation, then press go, and it gives you output similar to the following:
ip address……….: 10.10.0.0
netmask………….: 255.255.240.0
network address…..: 10.10.0.0
broadcast address…: 10.10.15.255
please wait while host addresses are validated…
total host addresses: 4094
This indicates that you have a range of addresses spanning 10.10.0.0 – 10.10.15.255, with 10.10.0.0 being the network address, and 10.10.15.255 being the broadcast address, and a total of 4094 usable addresses.
This indicates that you have a range of addresses spanning 10.10.0.0 – 10.10.15.255, with 10.10.0.0 being the network address, and 10.10.15.255 being the broadcast address, and a total of 4094 usable addresses.
References
