NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
I can not add /31 subnet mask 255.255.255.254 in WAN ISP > static IP setting in VPN Firewall SRX5308
Hi,
I can not add /31 subnet mask 255.255.255.254 in WAN ISP > static IP setting in VPN Firewall SRX5308. When I try to apply it, I get the error message popup as "Invalid IP subnet mask. Please enter 0/128/192/224/240/248/252 for octet 4". I am trying to add a fibre optic internet service from the provider's NTU into one of the 4 WAN settings. The provider gave me a /31 IP block and with the subnet mask as 255.255.255.254. Is this is a limitation in this firewall? Do I have to ask the provider to give me a /30 IP block instead? With /30 IP block the subnet mask will be 255.255.255.252 which is allowed by this firewall setting. I have tried this on a different firewall (SnapGear SG560) and it works without any issues. See the screenshots below. Can someone please help?
regards
Ridwan
/31 would be used in specific scenarios where you *really* need to conserve address space and only on point-to-point links. To be fair I've never come across anyone, or any ISP, that uses it. It works on point to point because well, there's no need for broadcast address since there are only two devices on the link (one on each side of the cable).. IP ranges would be; .0 - .1, .2 - .3, etc.
Most (if not all) Netgear devices will prevent you from setting /31, but you'll probably be able to use /30 without issues anyways, depending on the ISP setup I don't think it would cause you any issues really. But if you can, I'd definitely ask for a /30 instead.
3 Replies
Replies have been turned off for this discussion
Hi Ridwan,
The /31 subnet mask is really invalid. I am not sure why it is accepted on the SnapGear SG560. Are you able to go online just with the /31 subnet mask configured on the SnapGear SG560?
Kindly verify the subnet mask given to you to your ISP.
Regards,
DaneA
NETGEAR Community Team
/31 would be used in specific scenarios where you *really* need to conserve address space and only on point-to-point links. To be fair I've never come across anyone, or any ISP, that uses it. It works on point to point because well, there's no need for broadcast address since there are only two devices on the link (one on each side of the cable).. IP ranges would be; .0 - .1, .2 - .3, etc.
Most (if not all) Netgear devices will prevent you from setting /31, but you'll probably be able to use /30 without issues anyways, depending on the ISP setup I don't think it would cause you any issues really. But if you can, I'd definitely ask for a /30 instead.
Thank you Danthem and DaneA for your kind replies. Yes, I can confirm to you that although /31 subnet is very restrictive, it works well from the SnapGear SG560 firewall and note that this firewall is so old that you can't even buy it now! It surely didn't work from the Netgear firewall in question because it wouldn't even allow the /31 subnet mask IP 255.255.255.254 in its WAN ISP > static IP setting. Anyway, my ISP today gave me a /30 IP block with its subnet mask IP of 255.255.255.252 which is accepted in Netgear's WAN ISP > static IP setting, it's all working for me now, I am happy but it's a pity about the restriction of /31 subnet mask, IMO it shouldn't have had that.
regards
Ridwan
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
