Wildcard Bits explained | NetworkLessons.com

Router#show access-lists Standard IP access list 1 10 permit 192.168.1.0, wildcard bits 0.0.0.255 20 permit 192.168.2.0, wildcard bits 0.0.0.255 30 permit 172.16.0.0, wildcard bits 0.0.255.255

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
Full Access to our 641 Lessons. More Lessons Added Every Week!
Content created by Rene Molenaar (CCIE #41726)

Give Membership a try - it's just $1 ►

391 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: Security

Forum Replies

dsimpson says:

Having trouble with the following example: Not clear why A and C are the correct answers.

A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two)

A. access-list 10 permit ip 192.168.146.0 0.0.1.255
B. access-list 10 permit ip 192.168.147.0 0.0.255.255
C. access-list 10 permit ip 192.168.148.0 0.0.1.255
D. access-list 10 permit ip 192.168.149.0 0.0.255.255

... Continue reading in our forum
dsimpson says:

Having trouble with the following example: Not clear why A and C are the correct answers.

A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two)

A. access-list 10 permit ip 192.168.146.0 0.0.1.255
B. access-list 10 permit ip 192.168.147.0 0.0.255.255
C. access-list 10 permit ip 192.168.148.0 0.0.1.255
D. access-list 10 permit ip 192.168.149.0 0.0.255.255

... Continue reading in our forum
dsimpson says:

I think I have the idea. The point was re-enforced after reading the link below where he mentions “You want to target a consecutive range of IP addresses” in usage example number 4.

http://www.networking-forum.com/viewtopic.php?t=3596

Thanks
ReneMolenaar says:

Hi Donald,

You can do some funny things with wildcard masks, you can even match networks that are not contiguous. Something to keep in mind is that your first network has to be an even number. Example #1:

148 – 10010100
149 – 10010101

In this case the first 7 bits are the same so you can use wildcard 00000001

Example #2:

149 - 10010101
150 - 10010110

Only the first 6 bits are the same so the wildcard would be 00000011. The problem of this wildcard is that it will match 4 networks:

148 - 10010100
149 - 10010101
150 - 10010110
151 - 10010111

These 4 networks have
... Continue reading in our forum
aujla3 says:

just to add to Rene’s comments above, the other reason to choose wild card mask over subnet mask is that subnet masks have contiguous number of bits for the network portion and host portions. for example as subnet mask of 255.255.255.0 is 11111111.11111111.11111111.00000000. You can never have a subnet mask of 11110111.00111111.11110111.00000000, however this is not the case with wild card masks. With wild card mask we can turn bits on and off where we want to and therefore having a great deal of flexibility over what we want to match. you can get really creat
... Continue reading in our forum

11 more replies! Ask a question or join the discussion by visiting our Community Forum

Bits	128	64	32	16	8	4	2	1
255	1	1	1	1	1	1	1	1

Bits	128	64	32	16	8	4	2	1
0	0	0	0	0	0	0	0	0

Bits	128	64	32	16	8	4	2	1
128	1	0	0	0	0	0	0	0