Aug 30th, 2007

What exactly is the wildcard mask doing in this line:

access-list 10 deny 192.168.10.128 0.0.0.31

Thanks

Hi Guys,

For the Wildcard mask, I have a best practise to calculate it as follows:

1- you take the original Subnetmask of the Network ID and Subtract it by(255.255.255.255).

Example:

you have the Network : 192.168.10.128/27

192.168.10.128 255.255.255.224

** always take (255.255.255.255) -

(255.255.255.224)

So the wildcard mask for 192.16.10.128/27

equals 192.168.10.128 0.0.0.31, which will match 31 bit hosts from 129 - 159.

Note: the last octet 159 is the broadcast of the subnet & its included in the calculation.

Regards,

Mohamed Sobair

Overall Rating: 5 (1 ratings)

## Replies

purohit_810 Thu, 08/30/2007 - 07:00
• Silver, 250 points or more

It will deny all IP address start from

192.168.10.128 to 139 {129 and 140 both will comver}

Block size is 0 to 31 mean it covers 32 Ip address.

Regards,

Dharmesh Purohit

Hello,

The host range should be 192.168.10.129 to 192.168.10.158 which will be denied. Or i understood it wrong. 192.168.10.128/27

Purohit,

I guess it is a typo. Shouldn't it be 192.168.10.128 to 159 ?

regards,

Mohamed Sobair Thu, 08/30/2007 - 10:46
• Gold, 750 points or more

Hi Guys,

For the Wildcard mask, I have a best practise to calculate it as follows:

1- you take the original Subnetmask of the Network ID and Subtract it by(255.255.255.255).

Example:

you have the Network : 192.168.10.128/27

192.168.10.128 255.255.255.224

** always take (255.255.255.255) -

(255.255.255.224)

So the wildcard mask for 192.16.10.128/27

equals 192.168.10.128 0.0.0.31, which will match 31 bit hosts from 129 - 159.

Note: the last octet 159 is the broadcast of the subnet & its included in the calculation.

Regards,

Mohamed Sobair