Wild card mask for a range of hosts?

Hi all,

First post here...

I couldn't find this in the ICND2 book I have, or from many hours of searching online..

What is the maths used to determine the wild card mask for a range of ip hosts?

Any help with this would be amazing, this seems to be the last thing that I'm kicking myself about, and it's doing my head in haha.

Regards

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

networker050184

Not sure what you are asking. Can you clarify your question or give an example?

Darwin84

Woah, that was fast

Okay, so I'm looking to deny, let's say telnet access from a range of hosts, but not the full subnet.

For example, from the 192.168.1.0 /27 network
hosts 192.168.1.1 -> 192.168.1.15

Thanks

fadhil

to obtain a wildcard mask take 255.255.255.255 minus a subnet mask of a network
for example 192.16.1.0/27
255.255.255.255
- 255.255.255.224
0 .0 .0 .31 this will a wildcard mask of of that network.
but the above wildcard mask will work for 32 host.
for hosts
hosts 192.168.1.1 -> 192.168.1.15
the wild card mask will be 0.0.0.14

joluis9

I didn't give too much thought. But I think you can do deny to 192.168.1.0 0.0.0.16. That would deny only from .1 to .15 basically making it a /28 which is inside the /27 network you have. I'd try it and see if it work.

networker050184

You have two options. Write it out in binary and find the interesting bits and build your mask off that.

The easier way for a simple one like this is to use your subnetting abilities you already have! You want to match on .1-.15 and that this is a block size of 16. A /28 which is 255.255.255.240 uses a block size of 16. The inverse of your subnet mask give you the wildcard needed for your ACL 0.0.0.15.

Is that what you are asking?

Darwin84

Thanks very much, all of you. I think I've got it sussed..

One thing that I'm still wondering, what if I was to want to mask from .16 to 30?

networker050184

You would deny 192.168.1.16 0.0.0.15.

fadhil

Darwin84 wrote: »

Thanks very much, all of you. I think I've got it sussed..

One thing that I'm still wondering, what if I was to want to mask from .16 to 30?

write an ip address that you want to start for example 192.168.1.16 0.0.0.14.

Darwin84

Wow, thanks everyone.. got it now.

Feeling a bit silly, as now that I can see it, it makes perfect sense.

Guys, thanks.

networker050184

No problem. Welcome to the forums!

Darwin84

Cheers man.