# Help with access list

Jun 27th, 2008

Is there an easier way to understand the wildcard mask when configuring ACLs? I hardly understand how to get the correct wcm.

Chris

Easiest way for me is to flip the bits from the normal subnet mask (sb) eg.

sb -> 255.255.255.0 = wcm -> 0.0.0.255

sb -> 255.255.0.0 = wcm -> 0.0.255.255

They are the easy ones, where there is a 255 in the sb make it a 0 for the wcm and where there is a 0 in the sb make it a 255 in the wcm.

To come up a wildcard mask for others eg.

sb -> 255.255.255.128 = wcm = 0.0.0.127

sb -> 255.255.255.192 = wcm = 0.0.0.63

sb -> 255.255.255.248 = wcm 0.0.0.7

quick way to work out - take the octet that isn't 255 and subtract it from 256 then subtract 1 ie.

sb -> 255.255.255.192 =

256 - 192 = 64 - 1 = 63 so

wcm = 0.0.0.63

sb -> 255.255.224.0 =

256 - 224 = 32 - 1 = 31 so

wcm = 0.0.31.255

Hope that makes sense

Jon

Overall Rating: 5 (1 ratings)

## Replies

Jon Marshall Fri, 06/27/2008 - 19:31
• Super Blue, 32500 points or more
• Hall of Fame,

Founding Member

• Cisco Designated VIP,

2017 LAN, WAN

Chris

Easiest way for me is to flip the bits from the normal subnet mask (sb) eg.

sb -> 255.255.255.0 = wcm -> 0.0.0.255

sb -> 255.255.0.0 = wcm -> 0.0.255.255

They are the easy ones, where there is a 255 in the sb make it a 0 for the wcm and where there is a 0 in the sb make it a 255 in the wcm.

To come up a wildcard mask for others eg.

sb -> 255.255.255.128 = wcm = 0.0.0.127

sb -> 255.255.255.192 = wcm = 0.0.0.63

sb -> 255.255.255.248 = wcm 0.0.0.7

quick way to work out - take the octet that isn't 255 and subtract it from 256 then subtract 1 ie.

sb -> 255.255.255.192 =

256 - 192 = 64 - 1 = 63 so

wcm = 0.0.0.63

sb -> 255.255.224.0 =

256 - 224 = 32 - 1 = 31 so

wcm = 0.0.31.255

Hope that makes sense

Jon

chrisblaze Fri, 06/27/2008 - 20:25