When you are studying Cisco and access-lists you will encounter the so-called Wildcard Bits. Most CCNA students find these very confusing so I’m here to help you and explain to you how they work. Let’s take a look at an example access-list:
Router#show access-lists
Standard IP access list 1
10 permit 192.168.1.0, wildcard bits 0.0.0.255
20 permit 192.168.2.0, wildcard bits 0.0.0.255
30 permit 172.16.0.0, wildcard bits 0.0.255.255
Access-lists don’t use subnet masks but wildcard bits. This means that in binary a “0” will be replaced by a “1” and vice versa.
Let me show you some examples:
Subnet mask 255.255.255.0 would be 0.0.0.255 as the wildcard mask. To explain this I need to show you some binary:
Bits | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
255 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
This is the the first octet of the subnet mask (255.255.255.0) in binary, as you can see all values have a 1 making the decimal number 255.
Bits | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
This is also the first octet but now with wildcard bits. If you want the wildcard-equivalent you need to flip the bits, if there’s a 1 you need to change it into a 0. That’s why we now have the decimal number 0.
Let me show you another subnet mask…let’s take 255.255.255.128. What would be the wildcard-equivalent of this? We know the 255.255.255.X part so I’m only showing you the .128 part.
Bits | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
128 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
That’s the last octet of our subnet mask, let’s flip the bits: