Options

Member Posts: 248
I understand how to get the wildcard mask when asked to find it for a particular address. Subtract it from 255.255.255.255. What confuses me is when they give a list of addresses and say to provide the wildcard mask for these addresses. Can anyone give me the simple explaination that I don't see in books?

• Options
Member Posts: 92 ■■□□□□□□□□
Sorry for the long lists, but hopefully this will help you. (As you are following along, think about why we can't use the subnet mask 0.0.0.15.)

192.168.1.4
192.168.1.5
192.168.1.6
192.168.1.7
192.168.1.8
192.168.1.9
192.168.1.10
192.168.1.11
192.168.1.12
192.168.1.13
192.168.1.14
192.168.1.15
192.168.1.16
192.168.1.17
192.168.1.18
192.168.1.19

Convert the group of addresses to binary.
192.168.1.4 = 11000000.10101000.00000001.00000100
192.168.1.5 = 11000000.10101000.00000001.00000101
192.168.1.6 = 11000000.10101000.00000001.00000110
192.168.1.7 = 11000000.10101000.00000001.00000111
192.168.1.8 = 11000000.10101000.00000001.00001000
192.168.1.9 = 11000000.10101000.00000001.00001001
192.168.1.10 = 11000000.10101000.00000001.00001010
192.168.1.11 = 11000000.10101000.00000001.00001011
192.168.1.12 = 11000000.10101000.00000001.00001100
192.168.1.13 = 11000000.10101000.00000001.00001101
192.168.1.14 = 11000000.10101000.00000001.00001110
192.168.1.15 = 11000000.10101000.00000001.00001111
192.168.1.16 = 11000000.10101000.00000001.00010000
192.168.1.17 = 11000000.10101000.00000001.00010001
192.168.1.18 = 11000000.10101000.00000001.00010010
192.168.1.19 = 11000000.10101000.00000001.00010011

Where a bit varies in the addresses, the corresponding bit in the wildcard mask is assigned a 1. Where the bit doesn't vary in the addresses, the corresponding bit in the wildcard mask is assigned a 0.

We'll have to break up the above group into smaller groups because the number of bits that vary varies (if you want to make sure your wildcard mask only include addresses in the original group, that is)!

Find the number bits in the group that vary. Here there are two:
192.168.1.4 = 11000000.10101000.00000001.00000100
192.168.1.5 = 11000000.10101000.00000001.00000101
192.168.1.6 = 11000000.10101000.00000001.00000110
192.168.1.7 = 11000000.10101000.00000001.00000111
0.0.0.3 = 00000000.00000000.00000000.00000011

For this group three bits vary:
192.168.1.8 = 11000000.10101000.00000001.00001000
192.168.1.9 = 11000000.10101000.00000001.00001001
192.168.1.10 = 11000000.10101000.00000001.00001010
192.168.1.11 = 11000000.10101000.00000001.00001011
192.168.1.12 = 11000000.10101000.00000001.00001100
192.168.1.13 = 11000000.10101000.00000001.00001101
192.168.1.14 = 11000000.10101000.00000001.00001110
192.168.1.15 = 11000000.10101000.00000001.00001111
0.0.0.7 = 00000000.00000000.00000000.00000111

For this group two bits vary:
192.168.1.16 = 11000000.10101000.00000001.00010000
192.168.1.17 = 11000000.10101000.00000001.00010001
192.168.1.18 = 11000000.10101000.00000001.00010010
192.168.1.19 = 11000000.10101000.00000001.00010011
0.0.0.3 = 00000000.00000000.00000000.00000011

That's the gist of it. Of course for the group above, we could've just used a wildcard mask of 0.0.0.31, but that's sloppy especially when working with access lists where you really need to be specific. So, try to group the addresses into the largest groups you can that only includes addresses in the list.

Another thing you need to think about when assigning IP addresses is minimizing the amount of groups you have. Had the above group been from 192.168.1.0 to 192.168.1.15, we would have had the same number of addresses, but we would have only needed one wildcard address, 0.0.0.15.

Once you understand how to group them in binary, you can do the computation in dotted decimal by using powers of two. It's a bit.
I recognize the lion by his paw.
--Jacob Bernoulli
• Options
Member Posts: 2,378 ■■■■□□□□□□
That's a lot of binary.

Remember your subnet ranges and you should be ok, try to take the block of addresses and see if you can arrange them into a single subnet (or block of networks or whatever)

192.168.4.0/24
192.168.5.0/24
192.168.6.0/24
192.168.7.0/24

That will all fit neatly into a 192.168.4.0/22 so the wildcard mask (using the method of subtracting from 255.255.255.255) would be 0.0.3.255

Usually any examples will fit into a single subnet range, but you may need to make multiple entries in the access list to meet the goals.

say we want to deny the following subnets

192.168.100.16/28
192.168.100.32/28
192.168.100.48/28
192.168.100.64/28
192.168.100.80/28

They don't fit into a single range so we need to make 3 entries in the ACL

192.168.100.16/28
192.168.100.32/27
192.168.100.64/27

Then convert them into wildacard masks
The only easy day was yesterday!
• Options
Member Posts: 248
Wow thanks alot! I'm very thankful.