cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1019
Views
0
Helpful
6
Replies

ACLs Wildcard Masking

nupey1999
Level 1
Level 1

I am reading a book called Interconnecting Cisco Network Devices, part 2 ICND2. In the book, it gives an example which I'm having a hard time grasping the concept. I've attached the example from the book. Could someone help me?

1 Accepted Solution

Accepted Solutions

See, i told you i get things wrong :-)

the range would actually be

172.30.0.1 -> 172.30.15.254 with 172.30.15.255 being the broadcast

172.30.16.1 -> 172.30.16.254, 172.30.16.255

etc...

Jon

View solution in original post

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

Sherman

Do you understand normal subnet masks ?

So the range the administrator wants is

172.30.16.0 -> 172.30.31.0.

The subnet mask that goes with this would be 255.255.240.0

256 - 240 = 16 so the networks go up in 16s

172.30.0.0 -> 172.30.15.0

172.30.16.0 -> 172.30.31.0

172.30.32.0 -> 172.30.47.0

etc..

Notice how each new range starts with a multiple of 16.

Now to work out the wildcard mask from the subnet mask is a simple bit of maths.

255.255.240.0 is the subnet mask.

With the wildcard mask you flip the bits so where you have a 255 you now have a 0 and where you have a 0 you now have a 255.

255.255.240.0 = 0.0.?.255

To calculate the 3rd octet in this mask -

255 - value of octet ie. 255 - 240 = 15

so wildcard mask becomes 0.0.15.255

Hope this makes sense. If you aren't that familiar with normal subnetting as described at start of post then it may not :-)

Jon

I am new to all of this and still learning about subnet mask. Thanks for your quick response. After reviewing your response, the only question I have is why or how did you know to use the mask 255.255.240.0 with 172.30.16.0 -> 172.30.31.0?

Sherman

172.30.0.0 is a class B network. The natural mask for a class B network is 255.255.0.0

So 172.30.0.0 255.255.0.0 means 172.30. is the network address and the remaining 2 octets ie. 0.0 are used for host addresses.

But the administrator doesn't want that large a network. As your example states the network administrator wants 16 subnets from that range each subnet using a /24 mask ie. 255.255.255.0

So he needs 16 subnets. 240 is the value of the octet that will give you 16 ie.

128 64 32 16 8 4 2 1

1 1 1 1 0 0 0 0

128 + 64 + 32 + 16 = 240

Rather than do it in binary a quicker way to work it out is

256 - 16 = 240

so the original subnet mask of 255.255.0.0 now changes to 255.255.240.0

and the network ranges are

172.30.0.0 -> 172.30.15.0

172.30.16.0 -> 172.30.31.0

172.30.32.0 -> 172.30.47.0

etc..

172.30.240.0 -> 172.30.255.0

Any of the above ranges would have given the administrator 16 subnets.

Subnetting is one of those things that eventually clicks with people. At first it often just seems confusing but then it all suddenly just makes sense.

The above examples are quick ways to work these things out in your head. If you are in any doubt then write it out in binary as the books often show.

Jon

Leo Laohoo
Hall of Fame
Hall of Fame

Hi Jon,

Not trying to criticize the "master", but shouldn't the subnet be the following:

172.30.0.0 -> 172.30.15.255

172.30.16.0 -> 172.30.31.255

172.30.32.0 -> 172.30.47.255

:)

Leo

Feel free to criticize, i get things wrong just like the next person :-)

The example posted by the OP was talking about having 16 /24 subnets so i was trying to show the range of subnets ie.

172.30.0.0 -> 172.30.15.0 =

172.30.1.0

172.30.2.0

172.30.3.0

...

172.30.15.0

but if you used the whole range as one subnet then it would be

172.30.0.1 -> 172.30.15.255

172.30.16.1 -> 172.30.31.255

Jon

See, i told you i get things wrong :-)

the range would actually be

172.30.0.1 -> 172.30.15.254 with 172.30.15.255 being the broadcast

172.30.16.1 -> 172.30.16.254, 172.30.16.255

etc...

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: