Wildcard mask ranges

StoticStotic Member Posts: 248
in CCNA & CCENT
I understand how to get the wildcard mask when asked to find it for a particular address. Subtract it from 255.255.255.255. What confuses me is when they give a list of addresses and say to provide the wildcard mask for these addresses. Can anyone give me the simple explaination that I don't see in books?
· Share on FacebookShare on Twitter

Comments

  • NeonNoodleNeonNoodle Member Posts: 92 ■■□□□□□□□□
    Sorry for the long lists, but hopefully this will help you. (As you are following along, think about why we can't use the subnet mask 0.0.0.15.)

    Here's a group of addresses:
    192.168.1.4
    192.168.1.5
    192.168.1.6
    192.168.1.7
    192.168.1.8
    192.168.1.9
    192.168.1.10
    192.168.1.11
    192.168.1.12
    192.168.1.13
    192.168.1.14
    192.168.1.15
    192.168.1.16
    192.168.1.17
    192.168.1.18
    192.168.1.19

    Convert the group of addresses to binary.
    192.168.1.4 = 11000000.10101000.00000001.00000100
    192.168.1.5 = 11000000.10101000.00000001.00000101
    192.168.1.6 = 11000000.10101000.00000001.00000110
    192.168.1.7 = 11000000.10101000.00000001.00000111
    192.168.1.8 = 11000000.10101000.00000001.00001000
    192.168.1.9 = 11000000.10101000.00000001.00001001
    192.168.1.10 = 11000000.10101000.00000001.00001010
    192.168.1.11 = 11000000.10101000.00000001.00001011
    192.168.1.12 = 11000000.10101000.00000001.00001100
    192.168.1.13 = 11000000.10101000.00000001.00001101
    192.168.1.14 = 11000000.10101000.00000001.00001110
    192.168.1.15 = 11000000.10101000.00000001.00001111
    192.168.1.16 = 11000000.10101000.00000001.00010000
    192.168.1.17 = 11000000.10101000.00000001.00010001
    192.168.1.18 = 11000000.10101000.00000001.00010010
    192.168.1.19 = 11000000.10101000.00000001.00010011

    Where a bit varies in the addresses, the corresponding bit in the wildcard mask is assigned a 1. Where the bit doesn't vary in the addresses, the corresponding bit in the wildcard mask is assigned a 0.

    We'll have to break up the above group into smaller groups because the number of bits that vary varies icon_biggrin.gif (if you want to make sure your wildcard mask only include addresses in the original group, that is)!

    Find the number bits in the group that vary. Here there are two:
    192.168.1.4 = 11000000.10101000.00000001.00000100
    192.168.1.5 = 11000000.10101000.00000001.00000101
    192.168.1.6 = 11000000.10101000.00000001.00000110
    192.168.1.7 = 11000000.10101000.00000001.00000111
    Therefore, the wildcard mask is
    0.0.0.3 = 00000000.00000000.00000000.00000011

    For this group three bits vary:
    192.168.1.8 = 11000000.10101000.00000001.00001000
    192.168.1.9 = 11000000.10101000.00000001.00001001
    192.168.1.10 = 11000000.10101000.00000001.00001010
    192.168.1.11 = 11000000.10101000.00000001.00001011
    192.168.1.12 = 11000000.10101000.00000001.00001100
    192.168.1.13 = 11000000.10101000.00000001.00001101
    192.168.1.14 = 11000000.10101000.00000001.00001110
    192.168.1.15 = 11000000.10101000.00000001.00001111
    Therefore the wildcard mask is
    0.0.0.7 = 00000000.00000000.00000000.00000111

    For this group two bits vary:
    192.168.1.16 = 11000000.10101000.00000001.00010000
    192.168.1.17 = 11000000.10101000.00000001.00010001
    192.168.1.18 = 11000000.10101000.00000001.00010010
    192.168.1.19 = 11000000.10101000.00000001.00010011
    Therefore, the wildcard mask is
    0.0.0.3 = 00000000.00000000.00000000.00000011

    That's the gist of it. Of course for the group above, we could've just used a wildcard mask of 0.0.0.31, but that's sloppy especially when working with access lists where you really need to be specific. So, try to group the addresses into the largest groups you can that only includes addresses in the list.

    Another thing you need to think about when assigning IP addresses is minimizing the amount of groups you have. Had the above group been from 192.168.1.0 to 192.168.1.15, we would have had the same number of addresses, but we would have only needed one wildcard address, 0.0.0.15.

    Once you understand how to group them in binary, you can do the computation in dotted decimal by using powers of two. It's a bit.
    I recognize the lion by his paw.
    --Jacob Bernoulli
    · Share on FacebookShare on Twitter
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    That's a lot of binary. :)

    Remember your subnet ranges and you should be ok, try to take the block of addresses and see if you can arrange them into a single subnet (or block of networks or whatever)

    192.168.4.0/24
    192.168.5.0/24
    192.168.6.0/24
    192.168.7.0/24

    That will all fit neatly into a 192.168.4.0/22 so the wildcard mask (using the method of subtracting from 255.255.255.255) would be 0.0.3.255

    Usually any examples will fit into a single subnet range, but you may need to make multiple entries in the access list to meet the goals.

    say we want to deny the following subnets

    192.168.100.16/28
    192.168.100.32/28
    192.168.100.48/28
    192.168.100.64/28
    192.168.100.80/28

    They don't fit into a single range so we need to make 3 entries in the ACL

    192.168.100.16/28
    192.168.100.32/27
    192.168.100.64/27

    Then convert them into wildacard masks
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • StoticStotic Member Posts: 248
    Wow thanks alot! I'm very thankful.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.