WildCard Masks
KMAN24
Member Posts: 44 ■■□□□□□□□□
in CCNA & CCENT
Could someone break down wildcard masks for me ? For instance what does the 0.0.0.7 Wildcard mask in the following access-list actually tell me ? access-list 105 deny tcp 192.168.1.4 0.0.0.7 eq 20 ?
Thanks
Thanks
Comments
-
nethead
Member Posts: 43 ■■□□□□□□□□
Ok with the wildcard masks you just add up the bits in the other direction, ie. from right to left instead of left to right.
In order for an address to match the access list entry the bits are compared, if the bit in the wild card is 0 then it must be matched in the address being compared, if the bit in the wild card is 1 then this bit of the address does not have to match (it is ignored).
so with 192.168.1.4 0.0.0.7
7 = 1 + 2 + 4
So when comparing an address every bit except the last 3 bits must match.
Therefore 192.168.1.0-7 will match this access list.
Looking at these addresses in bit format for the last eight bits:
192.168.1.0 00000000
192.168.1.1 00000001
.....
192.168.1.4 00000100
...
192.168.1.6 00000110
192.168.1.7 00000111
192.168.1.8 00001000
The first 5 bits above all match for .0 - .7 so these addresses will match against the access list. The first 5 bits for .8 do not match so this address will be rejected against this access list.
HTH"The time for talking is over. Now call it extreme if you like, but I propose we hit it hard, and we hit it fast, with a major, and I mean major, leaflet campaign. "
- Rimmer, Polymorph -
rossonieri#1
Member Posts: 799 ■■■□□□□□□□
addition to basic wild card mask,
specify the subnet you want to filter : 128-192-224-240-248-252-254-255
the wildcard is :
255-128=127
255-192=63
255-224=31
255-240=15
255-252=7
255-254=1
255-255=0the More I know, that is more and More I dont know. -
tunerX
Member Posts: 447 ■■■□□□□□□□
Even easier. Broadcast mask minus the netmask.
255.255.255.255
- 255.255.255.248
0. 0. 0. 7
Then add the inverse mask to the network number to get the range.
192.168.1.0
0. 0.0.0
192.168.1.7
The range for your first net is 0-7.