What's the correct address range?

When you have the typical private network, say a 192.168.x.y / 255.255.255.0, is the proper full address range 192.168.x.0 - 192.168.x.255?

It’s my understanding that anything with a destination of 192.168.x.0 is a broadcast to all the PCs on the same subnet. What’s the 192.168.x.255 address used for?

The reason I’m asking is that I intend to set up the PCs on my network with blocked ranges except for what’s allowed to see any given PC. I’m wondering if I should always allow source addresses of .0 and .255 through, or include either of these in the blocked ranges.

If I block .0, what’s the effect?

If I block .255, what’s the effect?

If you’re using rfc 1918 private addresses the correct notation for the address range you’ve suggested is

192.168.0.0/16 or 192.168.0.0/255.255.0.0

What that actually means is a range of addresses between 192.168.1.1 and 192.168.255.254.

The broadcast address will be 192.168.255.255

I wasn’t clear with my notation. The network identifier is 192.168.5.0 and the broadcast address is 192.168.5.255.

I had confused the network identifier with the broadcast address.

What I want to do is create a Network Zone that will be blocked, and then open specific IP addresses within the network that can see a particular PC.

My question is whether I should allow 192.168.5.0 and/or 192.168.5.255 and what happens if I don’t?

For instance, let’s say the IP of my PC is 192.168.5.101. The router’s IP is 192.168.5.254.

Should I allow inbound to 101 only 254, or should I also allow either 0, 255, or both?

What’s 0 actually used for? Since it’s the network identifier, it can’t be assigned to a device. Is there any adverse effect in blocking it?

Also, since anything sent to 255 is actually broadcast to all devices on the network, should I allow this? Or will the router communicate with me one-on-one without the need to broadcast and then receive a reply from my PC?

As you correctly point out, the 0 (zero) subnet is the network address and the 255 subnet is the broadcast address for that subnet. In RFC 950 the basic rule of subnetting was 2^n -2 subnets, where the -2 equates to the 0 subnet and the 255 subnet, i.e. they cannot be used. However, in RFCs 1812 and 1878, in which we find variable length subnet masks and CIDR notation, the use of the 0 and 255 subnets is perfectible acceptable.

My question is whether I should allow 192.168.5.0 and/or 192.168.5.255 and what happens if I don't?

To encompass the entire subnet you should include those addresses in your defined, or simpley use a mask 192.168.5.0/255.255.255.0 There’s really no reason to exclude these.

For instance, let's say the IP of my PC is 192.168.5.101. The router's IP is 192.168.5.254.

Should I allow inbound to 101 only 254, or should I also allow either 0, 255, or both?

You should allow both the 0 and 255 as these are still used for a variety of purposes, such as DHCP lease acquisition. ARP broadcasts, routing table updates etc.

What's 0 actually used for? Since it's the network identifier, it can't be assigned to a device. Is there any adverse effect in blocking it?

The 0 subnet, as we’ve alread defined is known as the network address, it also defines the default route, i.e. if the path to send a packet is unknown, use the default route. You can actually see this by running a ‘route print’ from a command prompt.

lso, since anything sent to 255 is actually broadcast to all devices on the network, should I allow this? Or will the router communicate with me one-on-one without the need to broadcast and then receive a reply from my PC?

See above.

Just out of interest, if you’re trying to prevent communication between certain devices, why don’t you simply create a small subnet for the devices you wish to allow, something like:

192.168.5.0/255.255.255.248

This gives you 6 hosts: 192.168.5.1 - 192.168.5.6
Subnet ID - 192.168.5.0
Broadcast Address - 192.168.5.7

Using 255.255.255.252 would give you 2 hosts…

Ok. Thanks. This will get me started.

However, in RFCs 1812 and 1878, in which we find variable length subnet masks and CIDR notation, the use of the 0 and 255 subnets is perfectible acceptable.

Shouldn’t we add that 0 and 255 can be used as long as these IPs are not the first or last addresses of the network? When they are, then they can’t.

Perhaps these may help:

Subnet Zero and the All -Ones Subnet PDF
Understanding the zero subnet

Although using the all zero and the all ones as routeable address is accepted practice in modern software, I’d suggest sticking with classful addressing got your needs.