WildCard Masks

KMAN24KMAN24 Posts: 44Member ■■□□□□□□□□
Could someone break down wildcard masks for me ? For instance what does the 0.0.0.7 Wildcard mask in the following access-list actually tell me ? access-list 105 deny tcp 192.168.1.4 0.0.0.7 eq 20 ?

Thanks

Comments

  • netheadnethead Posts: 43Member ■■□□□□□□□□
    Ok with the wildcard masks you just add up the bits in the other direction, ie. from right to left instead of left to right.

    In order for an address to match the access list entry the bits are compared, if the bit in the wild card is 0 then it must be matched in the address being compared, if the bit in the wild card is 1 then this bit of the address does not have to match (it is ignored).

    so with 192.168.1.4 0.0.0.7
    7 = 1 + 2 + 4

    So when comparing an address every bit except the last 3 bits must match.

    Therefore 192.168.1.0-7 will match this access list.

    Looking at these addresses in bit format for the last eight bits:

    192.168.1.0 00000000
    192.168.1.1 00000001
    .....
    192.168.1.4 00000100
    ...
    192.168.1.6 00000110
    192.168.1.7 00000111
    192.168.1.8 00001000

    The first 5 bits above all match for .0 - .7 so these addresses will match against the access list. The first 5 bits for .8 do not match so this address will be rejected against this access list.

    HTH
    "The time for talking is over. Now call it extreme if you like, but I propose we hit it hard, and we hit it fast, with a major, and I mean major, leaflet campaign. "
    - Rimmer, Polymorph
  • KMAN24KMAN24 Posts: 44Member ■■□□□□□□□□
    That clears it up some, I need some more practice though !!
  • rossonieri#1rossonieri#1 Posts: 800Member
    addition to basic wild card mask,
    specify the subnet you want to filter : 128-192-224-240-248-252-254-255
    the wildcard is :
    255-128=127
    255-192=63
    255-224=31
    255-240=15
    255-252=7
    255-254=1
    255-255=0
    the More I know, that is more and More I dont know.
  • tunerXtunerX Posts: 447Member ■■■□□□□□□□
    Even easier. Broadcast mask minus the netmask.

    255.255.255.255
    - 255.255.255.248
    0. 0. 0. 7

    Then add the inverse mask to the network number to get the range.

    192.168.1.0
    0. 0.0.0
    192.168.1.7

    The range for your first net is 0-7.
  • fuseboxfusebox Posts: 87Member ■■□□□□□□□□
    KMAN24 wrote:
    That clears it up some, I need some more practice though !!

    I agree.... You asked an excellent question.
    Im a newbie.... please be easy on me.
Sign In or Register to comment.