Wildcard or subnet mask

chargen · July 2010

Did some searching, but haven't seen a nice easy method of memorizing when a subnet mask vs a wildcard mask is required. Is there a good rule of thumb, or does it just require memorization?

Thanks!

-Pete

networker050184 · July 2010

Just memorize it. After you configure things a few times it sticks.

chargen · July 2010

Cool, thanks

DevilWAH · July 2010

hit the ? mark button

I find in general when assigning applying a ip / range you use a subnet mask. when your are defining an range for filter/routing you use a wild card mask.

but that is in no way 100% true

peanutnoggin · July 2010

networker050184 wrote: »

Just memorize it. After you configure things a few times it sticks.

+1

If you get some hands on configuration... it'll become one of those 2nd nature things that you don't really realize that you know it.

-Peanut

johnwest43 · July 2010

most of the time interfaces & dhcp settings = mask, everything else is wild-card. Definitely not an absolute though.

Another goofy thing to remember is routers use wild-cards for acls and cisco pix/asa firewalls use masks.

DevilWAH · July 2010

Another thing to rember is that

255.0.0.255 could be a valid wild card mask which would mean the middel octecs must match but the first and last could be anything.

on the other hand a subnet mask must be split network bits / host bits
255.248.0.0

Wildcard masks are not reverse subnet (althogh 99% of the time we use revese subnet masts becuase we want to filter a subnet block of addresses)

So if you are declaring what subnet and IP should be in, then you need a subnet mask, for filtering like ACL's its a wild card mask.

Once ou have lernt a few diffent places you use each you will find there is a patten and logic to wheer you whould use each.

peanutnoggin · July 2010

DevilWAH wrote: »

Another thing to rember is that

255.0.0.255 could be a valid wild card mask which would mean the middel octecs must match but the first and last could be anything.

Very interesting... I've never tried that. I'll have to lab it up. I couldn't see it as being too useful for me at the moment, but that would be a "show off" type of command on an ACL.

Thanks.

-Peanut

DevilWAH · July 2010

peanutnoggin wrote: »

Very interesting... I've never tried that. I'll have to lab it up. I couldn't see it as being too useful for me at the moment, but that would be a "show off" type of command on an ACL.

Thanks.

-Peanut

I have seen it used

and it can be quite usefull,

Imagen you have the following subnets below, and you want a filter that seperates between the x.x.10.x and x.x.20.x ranges

usign subnet masks you whould have to have four statments. but using a wild card you could do it with one.

address 172.16.10.0 wildcard 0.3.0.255, 1st octet match172 , second octet is 16 to 19. third octct match 10, and last octet can be any thing. And there you are, your mask is pulling out only the x.x.10.x networks from the list.

so if you know how to use them they can be much more flexable and ecnomical than a subnet mask.

172.16.10.x
172.16.20.x
172.17.10.x
172.17.20.x
172.18.10.x
172.18.20.x
172.19.10.x
172.19.20.x

Wildcard or subnet mask

Comments