cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1384
Views
5
Helpful
6
Replies

wild card mask

rajivrajan1
Level 3
Level 3

Dear Friends,

I need a clarification on wild card masks.

1.Why wild card masks are used?

2.Why can't we use Subnetmask inplace of wild card mask , when both are represeting the same?

Please do not give the same answer of cisco as wild card mask is more flexible

If u r saying that please give me an example which subnetmask can not represent and wild card can.

please help.

1 Accepted Solution

Accepted Solutions

Edison Ortiz
Hall of Fame
Hall of Fame

It allows for faster processing of ACLs.

0 = care bit

1 = don't care bit

While the router reads the information from left to right, it's much faster to check the bits you care first and discard the 'don't care' - then move on to the next ACL entry.

HTH,

__

Edison.

View solution in original post

6 Replies 6

Edison Ortiz
Hall of Fame
Hall of Fame

It allows for faster processing of ACLs.

0 = care bit

1 = don't care bit

While the router reads the information from left to right, it's much faster to check the bits you care first and discard the 'don't care' - then move on to the next ACL entry.

HTH,

__

Edison.

4rmorris
Level 1
Level 1

As stated above, subnet masks depend on all the bits from left to right. This prevents you from matching address where the ones and zeros don't run in order like a subnet mask. Let's say you use 1.1.0.0 for all your office floors subnets, broken into /24s, and that all your printers are 1.1.x.8, 1.1.x.16, and 1.1.x.24 in each subnet. Now let's say you want to write an ACL that allows the print server to only reach these printers, you can match on the single bits that meet this requirement

1.1.0.0 0.0.255.24

Wildcard mask in binary:

(00000000.00000000.11111111.00011000)

This is unusual in production networks, but it comes up a lot in certification exams.

(I came up with this quickly, if my mask is screwed up feel free to correct me).

The short answer is: wildcard masks are more flexible (you can match anything, subnet masks can't match addresses that are not on a subnet boundary).

Good luck,

Ryan

1.1.0.0 255.255.0.115

Wildcard mask in binary:

(11111111.11111111.00000000.11100111)

The binary portion represents the subnet mask. If you want the wildcard mask, you need to flip the 1s and 0s.

__

Edison.

Thanks Edison, I've edited my above post. That's what I get for skipping my morning coffee :)

Lets say for example you want to filter out a route to 192.168.100.0/24, and only routes with an even third octet should be seen by the other routers in your network

access-list #deny 192.168.100.0

access-list #deny 192.168.1.0 0.0.6.0

access-list #permit any

Remember at the end of every access list there is an implicit deny statement on traffic

Thank u guys.

That was extremly helpful.Rated all u full ;)

thanks again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco