WildCard Masks

KMAN24

Could someone break down wildcard masks for me ? For instance what does the 0.0.0.7 Wildcard mask in the following access-list actually tell me ? access-list 105 deny tcp 192.168.1.4 0.0.0.7 eq 20 ?

Thanks

nethead

Ok with the wildcard masks you just add up the bits in the other direction, ie. from right to left instead of left to right.

In order for an address to match the access list entry the bits are compared, if the bit in the wild card is 0 then it must be matched in the address being compared, if the bit in the wild card is 1 then this bit of the address does not have to match (it is ignored).

so with 192.168.1.4 0.0.0.7
7 = 1 + 2 + 4

So when comparing an address every bit except the last 3 bits must match.

Therefore 192.168.1.0-7 will match this access list.

Looking at these addresses in bit format for the last eight bits:

192.168.1.0 00000000
192.168.1.1 00000001
.....
192.168.1.4 00000100
...
192.168.1.6 00000110
192.168.1.7 00000111
192.168.1.8 00001000

The first 5 bits above all match for .0 - .7 so these addresses will match against the access list. The first 5 bits for .8 do not match so this address will be rejected against this access list.

HTH