General discussion

Locked

Wildcard masks with a twist

By pfafman ·
I bring a question to the folks here on the forums to try and help me explain a wrinkle I recently encountered with respect to wildcard masks...

Now, as I understood wildcard masks, they behave similary to subnet masks in that as you start placing bits in the mask, it works (for subnets) as a contiguous placement from left to right.

Example: 255.255.255.224
11111111.11111111.11111111.11100000

You cannot have something like:

Example: 255.255.224.192
11111111.11111111.11100000.11000000

Now for wildcard masks (and I refer to them when used in Cisco Access Control Lists) they simply work right to left.

Example: 0.0.7.255
00000000.00000000.00000111.11111111

However, I encountered on a Cisco exam a question that would challenge this assumption. The wildcard mask I was given to work with was 0.0.7.254! I must confess that while I am not fluid with wildcard masks, I do understand their basic mechanics - except for this.

Can anyone suggest a method of logic of how this mask would be utilized to filter a particular subnet?

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

It's been a while....

by richsargent In reply to Wildcard masks with a twi ...

but when wildcard masks are used in ACLs then I always would look at it this way:
1's mean that it is ignored(the 1 looks like an I for ignore
0's mean that it needs to be examined to see if there is a match for the ACL
Ex:
deny 10.1.3.0 0.0.0.255

block any thing that match the first 3 octets but ignore(1) the last octet because it already matches

There is alot more to it from what I can remember but it seems to escape at the moment. Hope this helps.

Back to IT Employment Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums