nodetool getcidrgroupsofip¶
Finds which CIDR groups contain a specific IP address.
Synopsis¶
nodetool [connection_options] getcidrgroupsofip <ip_address>
Description¶
nodetool getcidrgroupsofip determines which CIDR groups include the specified IP address. This command is useful for troubleshooting authorization issues and verifying that IP addresses are correctly categorized.
Arguments¶
| Argument | Description |
|---|---|
ip_address |
The IP address to look up (IPv4 or IPv6) |
Examples¶
Basic Usage¶
nodetool getcidrgroupsofip 10.1.50.100
Sample output:
CIDR groups containing IP 10.1.50.100:
- internal_network
- datacenter_us
Check External IP¶
nodetool getcidrgroupsofip 203.0.113.50
Sample output (if not in any group):
CIDR groups containing IP 203.0.113.50:
(none)
IPv6 Address¶
nodetool getcidrgroupsofip 2001:db8::1
When to Use¶
Troubleshoot Connection Issues¶
# Check if client IP is in expected groups
nodetool getcidrgroupsofip 10.5.20.100
When clients receive authorization errors, use this command to verify the client's IP address belongs to the expected CIDR groups.
Verify CIDR Configuration¶
# Verify IP categorization after changes
nodetool updatecidrgroup new_subnet '10.5.0.0/16'
nodetool getcidrgroupsofip 10.5.20.100
After modifying CIDR groups, verify that IP addresses are categorized correctly.
Security Auditing¶
# Check what groups an IP belongs to
nodetool getcidrgroupsofip 192.168.1.100
Audit which access groups apply to specific IP addresses during security reviews.
Best Practices¶
Troubleshooting Tips
- Test from client perspective - Use the actual client IP address
- Consider NAT - The IP address must be what Cassandra sees, not the original source
- Check overlapping groups - An IP may belong to multiple groups
- Verify after changes - Always verify IP categorization after modifying CIDR groups
IP Address Format
- Use standard notation for IPv4 (e.g.,
192.168.1.100) - Use standard notation for IPv6 (e.g.,
2001:db8::1) - Do not include port numbers
- Do not include CIDR notation (this looks up a single IP)
Related Commands¶
| Command | Relationship |
|---|---|
| listcidrgroups | List all CIDR groups |
| cidrfilteringstats | View filtering statistics |
| updatecidrgroup | Modify CIDR groups |
| dropcidrgroup | Remove CIDR groups |
| invalidatecidrpermissionscache | Clear CIDR cache |