Cisco Cisco Content Security Management Appliance M160 사용자 가이드
B-2
AsyncOS 8.1 for Cisco Content Security Management User Guide
Appendix B Assigning Network and IP Addresses
The purpose of a netmask is to divide an IP address into a network address and a host address. The
network address can be thought of as the network part (the bits matching the netmask) of the IP address.
The host address is the remaining bits of the IP address. The number of bits in a four octet address that
are significant are sometimes expressed in Classless Inter-Domain Routing (CIDR) style. This is a slash
followed by the number of bits (1-32).
network address can be thought of as the network part (the bits matching the netmask) of the IP address.
The host address is the remaining bits of the IP address. The number of bits in a four octet address that
are significant are sometimes expressed in Classless Inter-Domain Routing (CIDR) style. This is a slash
followed by the number of bits (1-32).
A netmask can be expressed in this way by simply counting the ones in binary, so
255.255.255.0
becomes “
/24
” and
255.255.240.0
becomes “
/20.
”
Sample Interface Configurations
This section shows sample interface configurations based on some typical networks. The example uses
two interfaces called Int1 and Int2. In the case of the content security appliance, these interface names
can represent any two interfaces out of the three interfaces (Management, Data1, Data2).
two interfaces called Int1 and Int2. In the case of the content security appliance, these interface names
can represent any two interfaces out of the three interfaces (Management, Data1, Data2).
Network 1:
Separate interfaces must appear to be on separate networks.
Data addressed to
192.168.1.X
(where X is any number from 1 through 255, except for your own
address, 10 in this case) go out on Int1. Anything addressed to
192.168.0.X
goes out on Int2. Any packet
headed for some other address not in these formats, most likely out on a WAN or the Internet, is sent to
the default gateway, which must be on one of these networks. The default gateway then forwards the
packet on.
the default gateway, which must be on one of these networks. The default gateway then forwards the
packet on.
Network 2:
The network addresses (network parts of the IP addresses) of two different interfaces cannot be the same.
This situation presents a conflict in that two different Ethernet interfaces have the same network address.
If a packet from the content security appliance is sent to
If a packet from the content security appliance is sent to
192.168.1.11
, there is no way to decide which
Ethernet interface should be used to deliver the packet. If the two Ethernet interfaces are connected to
two separate physical networks, the packet may be delivered to the incorrect network and never find its
destination. The content security appliance does not allow you to configure your network with conflicts.
two separate physical networks, the packet may be delivered to the incorrect network and never find its
destination. The content security appliance does not allow you to configure your network with conflicts.
You can connect two Ethernet interfaces to the same physical network, but you must construct IP
addresses and netmasks to allow the content security appliance to select a unique delivery interface.
addresses and netmasks to allow the content security appliance to select a unique delivery interface.
Interface
IP Address
Netmask
Net Address
Int1
192.168.1.10
255.255.255.0
192.168.1.0/24
Int2
192.168.0.10
255.255.255.0
192.168.0.0/24
Ethernet Interface
IP Address
Netmask
Net Address
Int1
192.168.1.10
255.255.0.0
192.168.0.0/16
Int2
192.168.0.10
255.255.0.0
192.168.0.0/16