Wild Card Mask

Unknown February 23, 2016 ACL
On a simpler level you can say wildcard mask is inverted subnet mask

A Wildcard mask is a mask of bits explaining which part of an IP address should be examined and which shouldn’t be, especially in Cisco IOS we use wildcard mask in different places like
  • To indicate the size of a network or subnet for some routing protocols, like in OSPF
  • To indicate what IP Address should be permitted or denied

How wildcard mask works

A wildcard mask is basically a matching rule, it tells us which bits from an IP address should be matched and those which are not important

  • 0 means that the equivalent bit must match
  • 1 means that the equivalent bit doesn’t matter, it matches or not doesn’t makes any difference
Any network, subnet or range of IP addresses can be masked

Types of Wildcard Mask

There are two types of wildcard mask one is used in OSPF and the other is used in ACL
  • OSPF wildcard mask should be continuous
  • ACL wildcard mask can be discontinuous

In OSPF wildcard mask from the first bit which do not matches till the last bit we won’t be matching them we’ll simply switch those bits on (i.e. write 1 for all bits) and in case of ACL we’ll compare every single bit and will write 0 for matching bits and write 1 for not matching bits

Finding Wildcard mask for Network/Subnet

To create wild card mask for a network or a subnet write first and last IP address of the Network or subnet in binary format and where bit matches write 0 and where it do not matches write 1.

Wildcard mask for 192.168.1.0

11000000.10101000.00000001.00000000
11000000.10101000.00000001.11111111
00000000.00000000.00000000.11111111
0.0.0.255


Wildcard mask for 255.255.255.255

00000000.00000000.00000000.00000000
11111111.11111111.11111111.11111111
00000000.00000000.00000000.00000000
0.0.0.0
Wildcard mask for IP range

192.168.1.0 to 192.168.1.31
11000000.10101000.00000001.00000000
11000000.10101000.00000001.00001111
00000000.00000000.00000000.00001111
0.0.0.15

Try Discontinuous Mask with OSPF

R1(config)#router ospf 1
R1(config-router)#network 172.16.10.31 0.0.31.0 a 0
% OSPF: Invalid address/mask combination (discontiguous mask)

You can see discontinuous mask do not works with OSPF

For any correction, improvement or suggestion please do not hesitate to reach out at usman@cyberswats.com

Post a Comment

0 Comments