07-31-2008 04:25 AM - edited 03-03-2019 10:58 PM
Dear Friends,
I need a clarification on wild card masks.
1.Why wild card masks are used?
2.Why can't we use Subnetmask inplace of wild card mask , when both are represeting the same?
Please do not give the same answer of cisco as wild card mask is more flexible
If u r saying that please give me an example which subnetmask can not represent and wild card can.
please help.
Solved! Go to Solution.
07-31-2008 05:41 AM
It allows for faster processing of ACLs.
0 = care bit
1 = don't care bit
While the router reads the information from left to right, it's much faster to check the bits you care first and discard the 'don't care' - then move on to the next ACL entry.
HTH,
__
Edison.
07-31-2008 05:41 AM
It allows for faster processing of ACLs.
0 = care bit
1 = don't care bit
While the router reads the information from left to right, it's much faster to check the bits you care first and discard the 'don't care' - then move on to the next ACL entry.
HTH,
__
Edison.
07-31-2008 06:29 AM
As stated above, subnet masks depend on all the bits from left to right. This prevents you from matching address where the ones and zeros don't run in order like a subnet mask. Let's say you use 1.1.0.0 for all your office floors subnets, broken into /24s, and that all your printers are 1.1.x.8, 1.1.x.16, and 1.1.x.24 in each subnet. Now let's say you want to write an ACL that allows the print server to only reach these printers, you can match on the single bits that meet this requirement
1.1.0.0 0.0.255.24
Wildcard mask in binary:
(00000000.00000000.11111111.00011000)
This is unusual in production networks, but it comes up a lot in certification exams.
(I came up with this quickly, if my mask is screwed up feel free to correct me).
The short answer is: wildcard masks are more flexible (you can match anything, subnet masks can't match addresses that are not on a subnet boundary).
Good luck,
Ryan
07-31-2008 06:35 AM
1.1.0.0 255.255.0.115
Wildcard mask in binary:
(11111111.11111111.00000000.11100111)
The binary portion represents the subnet mask. If you want the wildcard mask, you need to flip the 1s and 0s.
__
Edison.
07-31-2008 06:38 AM
Thanks Edison, I've edited my above post. That's what I get for skipping my morning coffee :)
07-31-2008 06:58 AM
Lets say for example you want to filter out a route to 192.168.100.0/24, and only routes with an even third octet should be seen by the other routers in your network
access-list #
access-list #
access-list #
Remember at the end of every access list there is an implicit deny statement on traffic
07-31-2008 11:42 PM
Thank u guys.
That was extremly helpful.Rated all u full ;)
thanks again.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: