wild card mask

Answered Question
Jul 31st, 2008

Dear Friends,

I need a clarification on wild card masks.

1.Why wild card masks are used?

2.Why can't we use Subnetmask inplace of wild card mask , when both are represeting the same?

Please do not give the same answer of cisco as wild card mask is more flexible

If u r saying that please give me an example which subnetmask can not represent and wild card can.

please help.

I have this problem too.
0 votes
Correct Answer by Edison Ortiz about 8 years 4 months ago

It allows for faster processing of ACLs.

0 = care bit

1 = don't care bit

While the router reads the information from left to right, it's much faster to check the bits you care first and discard the 'don't care' - then move on to the next ACL entry.

HTH,

__

Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Edison Ortiz Thu, 07/31/2008 - 05:41

It allows for faster processing of ACLs.

0 = care bit

1 = don't care bit

While the router reads the information from left to right, it's much faster to check the bits you care first and discard the 'don't care' - then move on to the next ACL entry.

HTH,

__

Edison.

4rmorris Thu, 07/31/2008 - 06:29

As stated above, subnet masks depend on all the bits from left to right. This prevents you from matching address where the ones and zeros don't run in order like a subnet mask. Let's say you use 1.1.0.0 for all your office floors subnets, broken into /24s, and that all your printers are 1.1.x.8, 1.1.x.16, and 1.1.x.24 in each subnet. Now let's say you want to write an ACL that allows the print server to only reach these printers, you can match on the single bits that meet this requirement

1.1.0.0 0.0.255.24

Wildcard mask in binary:

(00000000.00000000.11111111.00011000)

This is unusual in production networks, but it comes up a lot in certification exams.

(I came up with this quickly, if my mask is screwed up feel free to correct me).

The short answer is: wildcard masks are more flexible (you can match anything, subnet masks can't match addresses that are not on a subnet boundary).

Good luck,

Ryan

Edison Ortiz Thu, 07/31/2008 - 06:35

1.1.0.0 255.255.0.115

Wildcard mask in binary:

(11111111.11111111.00000000.11100111)

The binary portion represents the subnet mask. If you want the wildcard mask, you need to flip the 1s and 0s.

__

Edison.

4rmorris Thu, 07/31/2008 - 06:38

Thanks Edison, I've edited my above post. That's what I get for skipping my morning coffee :)

sdoremus33 Thu, 07/31/2008 - 06:58

Lets say for example you want to filter out a route to 192.168.100.0/24, and only routes with an even third octet should be seen by the other routers in your network

access-list #deny 192.168.100.0

access-list #deny 192.168.1.0 0.0.6.0

access-list #permit any

Remember at the end of every access list there is an implicit deny statement on traffic

rajivrajan1 Thu, 07/31/2008 - 23:42

Thank u guys.

That was extremly helpful.Rated all u full ;)

thanks again.

Actions

This Discussion