ACLs Wildcard Masking

Answered Question
Jul 16th, 2009

I am reading a book called Interconnecting Cisco Network Devices, part 2 ICND2. In the book, it gives an example which I'm having a hard time grasping the concept. I've attached the example from the book. Could someone help me?

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 3 months ago

See, i told you i get things wrong :-)

the range would actually be -> with being the broadcast ->,



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jon Marshall Thu, 07/16/2009 - 07:12


Do you understand normal subnet masks ?

So the range the administrator wants is ->

The subnet mask that goes with this would be

256 - 240 = 16 so the networks go up in 16s -> -> ->


Notice how each new range starts with a multiple of 16.

Now to work out the wildcard mask from the subnet mask is a simple bit of maths. is the subnet mask.

With the wildcard mask you flip the bits so where you have a 255 you now have a 0 and where you have a 0 you now have a 255. = 0.0.?.255

To calculate the 3rd octet in this mask -

255 - value of octet ie. 255 - 240 = 15

so wildcard mask becomes

Hope this makes sense. If you aren't that familiar with normal subnetting as described at start of post then it may not :-)


nupey1999 Thu, 07/16/2009 - 08:02

I am new to all of this and still learning about subnet mask. Thanks for your quick response. After reviewing your response, the only question I have is why or how did you know to use the mask with ->

Jon Marshall Thu, 07/16/2009 - 08:28

Sherman is a class B network. The natural mask for a class B network is

So means 172.30. is the network address and the remaining 2 octets ie. 0.0 are used for host addresses.

But the administrator doesn't want that large a network. As your example states the network administrator wants 16 subnets from that range each subnet using a /24 mask ie.

So he needs 16 subnets. 240 is the value of the octet that will give you 16 ie.

128 64 32 16 8 4 2 1

1 1 1 1 0 0 0 0

128 + 64 + 32 + 16 = 240

Rather than do it in binary a quicker way to work it out is

256 - 16 = 240

so the original subnet mask of now changes to

and the network ranges are -> -> ->

etc.. ->

Any of the above ranges would have given the administrator 16 subnets.

Subnetting is one of those things that eventually clicks with people. At first it often just seems confusing but then it all suddenly just makes sense.

The above examples are quick ways to work these things out in your head. If you are in any doubt then write it out in binary as the books often show.


Leo Laohoo Thu, 07/16/2009 - 15:30

Hi Jon,

Not trying to criticize the "master", but shouldn't the subnet be the following: -> -> ->


Jon Marshall Fri, 07/17/2009 - 00:38


Feel free to criticize, i get things wrong just like the next person :-)

The example posted by the OP was talking about having 16 /24 subnets so i was trying to show the range of subnets ie. -> =


but if you used the whole range as one subnet then it would be -> ->


Correct Answer
Jon Marshall Fri, 07/17/2009 - 02:10

See, i told you i get things wrong :-)

the range would actually be -> with being the broadcast ->,




This Discussion