When you are studying Cisco and access-lists you will encounter the so-called Wildcard Bits. Most CCNA students find these very confusing so I’m here to help you and explain to you how they work. Let’s take a look at an example access-list:
Router#show access-lists Standard IP access list 1 10 permit 192.168.1.0, wildcard bits 0.0.0.255 20 permit 192.168.2.0, wildcard bits 0.0.0.255 30 permit 172.16.0.0, wildcard bits 0.0.255.255
Access-lists don’t use subnet masks but wildcard bits. This means that in binary, a “0” will be replaced by a “1” and vice versa.
Let me show you some examples:
Subnet mask 255.255.255.0 would be 0.0.0.255 as the wildcard mask. To explain this, I need to show you some binary:
This is the first octet of the subnet mask (255.255.255.0) in binary. As you can see all values have a 1 making the decimal number 255.
This is also the first octet, but now with wildcard bits. If you want the wildcard equivalent, you need to flip the bits. If there’s a 1 you need to change it into a 0. That’s why we now have the decimal number 0.
Let me show you another subnet mask…let’s take 255.255.255.128. What would be the wildcard equivalent of this? We know the 255.255.255.X part, so I’m only showing you the .128 part.
That’s the last octet of our subnet mask. Let’s flip the bits: