Main Content for Page

Institutional Access

IP Address Authentication Tips

There are as many variations of IP usage and ways to express them as there are people that use them. For the Media Servers to properly understand and respect yours, certain syntax rules must be adhered to.

Following these syntax rules, your IP Ranges are Validated to a properly constructed list of IP addresses that the Media Servers can understand. Below are some examples of how to represent IP Addresses and Ranges that your institution uses.

e.g. 168.156.27.25. This is a single IP address that demonstrates each of the 4 octets using numeric values, and separated with dots. A similar format of 168.156.027.025 that appears to be the same, is not! IP addresses use numbers, but are not actually numbers, so the leading 0's make it a different (and incorrect) IP address.

In most cases, you will want to use wildcards. Since each octect can be any number between 0 and 255, it would be very cumbersome to have to enter every IP address between 168.156.27.0 and 168.156.27.255. This full range of 0-255 can easily be represented using an asterisk as wildcard character.

A single entry of this: 168.156.27.*
is the same as entering 256 consecutive entries like this: 168.156.27.1168.156.27.2168.156.27.3...168.156.27.255.

Wildcards are very useful for representing Full Ranges, but often every value between 0 and 255 is too inclusive. Let's say that only 5 consecutive IP addresses are to be used - this is referred to as a "Partial Range" and can be represented used a hyphen (-).

A single entry of this: 168.156.27.33-38
is the same as entering 6 consecutive entries like this: 168.156.27.33 168.156.27.34 168.156.27.35 168.156.27.36 168.156.27.37 168.156.27.38.

Consider Wildcards instead of Partial Ranges!
Suppose you have an IP Range of 168.159.27.1-250
While this is an accurate range, specifiying 168.159.27.* might be a better way to enter it because Transforming that range will result in 250 individual IP Address being stored, whereas the wildcard will store only 1 - quite a difference!

The differences? The two possibilities are virtually identical, except that the example IP Range simply disallows 5 IP Address (the ones that end in .251, 252, 253, 254, and 255). If your Server is already preventing those 5 IP address from accessing the videos, it is unnecessary to double-check here - thus using a wildcard will be faster because it doesn't have to consider the 5 exceptions.

You can use both Full and Partial Ranges in a single entry that represents hundreds, or even thousands, of individual IP Address entries.

A single entry of this: 123.55.250-255.*
is the same as entering 6 entries like this:
123.55.250.* (256 IP addresses represented with a wildcard)
123.55.251.* (256 IP addresses represented with a wildcard)
123.55.252.* (256 IP addresses represented with a wildcard)
123.55.253.* (256 IP addresses represented with a wildcard)
123.55.254.* (256 IP addresses represented with a wildcard)
123.55.255.* (256 IP addresses represented with a wildcard).

So, the single entry shown represents 1,536 individual IP Addresses (the six lines shown multiplied by the 256 IP addresses that each includes).

These addresses are reserved for specific Internet purposes and cannot be used in your IP Ranges. Refer to RFC 5735 at The Internet Engineering Task Force for technical details.

CIDR IP Range Purpose
0.0.0.0/8 0.0.0.0 – 0.255.255.255 Used for broadcast messages to the current ("this") network as specified by RFC 1700, page 4.
10.0.0.0/8 10.0.0.0 – 10.255.255.255 Used for local communications within a private network as specified by RFC 1918.
100.64.0.0/10 100.64.0.0 – 100.127.255.255 Used for communications between a Service Provider and its subscribers when using a Carrier-grade NAT, as specified by RFC 6598.
127.0.0.0/8 127.0.0.0 – 127.255.255.255 Used for loopback addresses to the local host.
169.254.0.0/16 169.254.0.0 – 169.254.255.255 Used for autoconfiguration between two hosts on a single link when no IP address is otherwise specified, such as would have normally been retrieved from a DHCP server.
172.16.0.0/12 172.16.0.0 – 172.31.255.255 Used for local communications within a private network as specified by RFC 1918
192.0.2.0/24 192.0.2.0 – 192.0.2.255 Assigned as "TEST-NET" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
192.88.99.0/24 192.88.99.0 – 192.88.99.255 Used by 6to4 anycast relays as specified by RFC 3068.
192.168.0.0/16 192.168.0.0 – 192.168.255.255 Used for local communications within a private network as specified by RFC 1918.
198.18.0.0/15 198.18.0.0 – 198.19.255.255 Used for testing of inter-network communications between two separate subnets as specified in RFC 2544.
198.51.100.0/24 198.51.100.0 – 198.51.100.255 Assigned as "TEST-NET-2" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
203.0.113.0/24 203.0.113.0 – 203.0.113.255 Assigned as "TEST-NET-3" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
224.0.0.0/4 224.0.0.0 – 239.255.255.255 Reserved for multicast assignments as specified in RFC 5771
240.0.0.0/4 240.0.0.0 – 255.255.255.254 Reserved for future use
255.255.255.255/32  255.255.255.255 Reserved for the "limited broadcast" destination address