Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

wild card mask

Dear Friends,

I need a clarification on wild card masks.

1.Why wild card masks are used?

2.Why can't we use Subnetmask inplace of wild card mask , when both are represeting the same?

Please do not give the same answer of cisco as wild card mask is more flexible

If u r saying that please give me an example which subnetmask can not represent and wild card can.

please help.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Re: wild card mask

It allows for faster processing of ACLs.

0 = care bit

1 = don't care bit

While the router reads the information from left to right, it's much faster to check the bits you care first and discard the 'don't care' - then move on to the next ACL entry.

HTH,

__

Edison.

6 REPLIES
Hall of Fame Super Bronze

Re: wild card mask

It allows for faster processing of ACLs.

0 = care bit

1 = don't care bit

While the router reads the information from left to right, it's much faster to check the bits you care first and discard the 'don't care' - then move on to the next ACL entry.

HTH,

__

Edison.

Bronze

Re: wild card mask

As stated above, subnet masks depend on all the bits from left to right. This prevents you from matching address where the ones and zeros don't run in order like a subnet mask. Let's say you use 1.1.0.0 for all your office floors subnets, broken into /24s, and that all your printers are 1.1.x.8, 1.1.x.16, and 1.1.x.24 in each subnet. Now let's say you want to write an ACL that allows the print server to only reach these printers, you can match on the single bits that meet this requirement

1.1.0.0 0.0.255.24

Wildcard mask in binary:

(00000000.00000000.11111111.00011000)

This is unusual in production networks, but it comes up a lot in certification exams.

(I came up with this quickly, if my mask is screwed up feel free to correct me).

The short answer is: wildcard masks are more flexible (you can match anything, subnet masks can't match addresses that are not on a subnet boundary).

Good luck,

Ryan

Hall of Fame Super Bronze

Re: wild card mask

1.1.0.0 255.255.0.115

Wildcard mask in binary:

(11111111.11111111.00000000.11100111)

The binary portion represents the subnet mask. If you want the wildcard mask, you need to flip the 1s and 0s.

__

Edison.

Bronze

Re: wild card mask

Thanks Edison, I've edited my above post. That's what I get for skipping my morning coffee :)

New Member

Re: wild card mask

Lets say for example you want to filter out a route to 192.168.100.0/24, and only routes with an even third octet should be seen by the other routers in your network

access-list #deny 192.168.100.0

access-list #deny 192.168.1.0 0.0.6.0

access-list #permit any

Remember at the end of every access list there is an implicit deny statement on traffic

New Member

Re: wild card mask

Thank u guys.

That was extremly helpful.Rated all u full ;)

thanks again.

287
Views
5
Helpful
6
Replies
CreatePlease login to create content