224.0.0.0 /4 and 240.0.0.0/4

[dliu123]

Hi, the multicast and experimental range is represented by
224.0.0.0 /4 and 240.0.0.0/4.

in all literature for denying these ranges, it is represented by:

access-list 50 deny 224.0.0.0 31.255.255.255
access-list 50 deny 240.0.0.0 31.255.255.255

Shouldn't this be represented by the following instead?

access-list 50 deny 224.0.0.0 15.255.255.255
access-list 50 deny 240.0.0.0 15.255.255.255

 

[pansophic]

By "all literature" I must assume that you are referring to all of the Cisco literature that you can find.

In your examples:

CIDR addressing:
224.0.0.0/4 = 224.0.0.0 - 239.255.255.255
240.0.0.0/4 = 240.0.0.0 - 255.255.255.255

Classful addressing:
224.0.0.0 31.255.255.255 = 224.0.0.0 - 255.255.255.255
240.0.0.0 31.255.255.255 = 240.0.0.0 - 271.255.255.255

Your classful addressing:
224.0.0.0 15.255.255.255 = 224.0.0.0 - 239.255.255.255
240.0.0.0 15.255.255.255 = 240.0.0.0 - 255.255.255.255

As you can see, all of the above should work. The second "access-list 50 deny" (from literature) command is unnecessary, since it is already covered by the first command. No address space exists beyond 255 for any of the octets, so extending the blocking out to 271.255.255.255 really isn't even possible.

It is possible, maybe even probable, that the first guy to write the access list commands down used the oversized masks that you point out, and everyone since has just copied that error. But your initial comment is correct, the wrong netmask appears to have been applied.


pansophic