Wildcard or subnet mask

Did some searching, but haven't seen a nice easy method of memorizing when a subnet mask vs a wildcard mask is required. Is there a good rule of thumb, or does it just require memorization?

Thanks!

-Pete

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

networker050184

Just memorize it. After you configure things a few times it sticks.

chargen

Cool, thanks

DevilWAH

hit the ? mark button

I find in general when assigning applying a ip / range you use a subnet mask. when your are defining an range for filter/routing you use a wild card mask.

but that is in no way 100% true

peanutnoggin

networker050184 wrote: »

Just memorize it. After you configure things a few times it sticks.

+1

If you get some hands on configuration... it'll become one of those 2nd nature things that you don't really realize that you know it.

-Peanut

johnwest43

most of the time interfaces & dhcp settings = mask, everything else is wild-card. Definitely not an absolute though.

Another goofy thing to remember is routers use wild-cards for acls and cisco pix/asa firewalls use masks.

DevilWAH

Another thing to rember is that

255.0.0.255 could be a valid wild card mask which would mean the middel octecs must match but the first and last could be anything.

on the other hand a subnet mask must be split network bits / host bits
255.248.0.0

Wildcard masks are not reverse subnet (althogh 99% of the time we use revese subnet masts becuase we want to filter a subnet block of addresses)

So if you are declaring what subnet and IP should be in, then you need a subnet mask, for filtering like ACL's its a wild card mask.

Once ou have lernt a few diffent places you use each you will find there is a patten and logic to wheer you whould use each.

peanutnoggin

DevilWAH wrote: »

Another thing to rember is that

255.0.0.255 could be a valid wild card mask which would mean the middel octecs must match but the first and last could be anything.

Very interesting... I've never tried that. I'll have to lab it up. I couldn't see it as being too useful for me at the moment, but that would be a "show off" type of command on an ACL.

Thanks.

-Peanut

DevilWAH

peanutnoggin wrote: »

Very interesting... I've never tried that. I'll have to lab it up. I couldn't see it as being too useful for me at the moment, but that would be a "show off" type of command on an ACL.

Thanks.

-Peanut

I have seen it used

and it can be quite usefull,

Imagen you have the following subnets below, and you want a filter that seperates between the x.x.10.x and x.x.20.x ranges

usign subnet masks you whould have to have four statments. but using a wild card you could do it with one.

address 172.16.10.0 wildcard 0.3.0.255, 1st octet match172 , second octet is 16 to 19. third octct match 10, and last octet can be any thing. And there you are, your mask is pulling out only the x.x.10.x networks from the list.

so if you know how to use them they can be much more flexable and ecnomical than a subnet mask.

172.16.10.x
172.16.20.x
172.17.10.x
172.17.20.x
172.18.10.x
172.18.20.x
172.19.10.x
172.19.20.x