Add Book to My BookshelfPurchase This Book Online

Chapter 9 - Wild Card Masks

Cisco & IP Addressing
Louis D. Rossi, Louis R. Rossi and Thomas Rossi
  Copyright © 1999 The McGraw-Hill Companies, Inc.

Chapter 9: Wild Card Masks
Overview
No, we are not going to play poker and use wild cards. What we discuss is the concept of wild card or inverse masks.
Wild card masks are used throughout the Cisco IOS. Understanding this concept will help us with some major configuration features, which include but are not limited to:
  Access lists
  Route summarization
  OSPF configuration
  EIGRP configuration
  Dial on Demand routing
In general wild card masks are used to identify particular networks, subnets, a host or group of hosts.
To understand a wild card mask, we should first review a subnet mask:
195.12.10.0 255.255.255.0
The above mask identifies the first 24 bits as network bits. We said that these bits could not be changed. Every time a 1 is in the mask it means do not change the corresponding bit in the address.
Everywhere there is a 0 in the mask it means the corresponding bit can be changed.
In the above example the network of 195.12.10.0 is registered to us, therefore do not change the first 24 bits. The last 8 bits can be changed to provide for subnets and host addressing.
Think of the inverse or a wild card mask working in the opposite manner.
Using the same example as above, the 255 is an octet made up of all 1’s. This means the corresponding bits of the address can change. Where there are 0’s these corresponding bits must remain the same as the address being tested.
In our example, it means we could have any address just as long as the last octet has a value of 0. This has no real meaning and you would never see an inverse mask of this form. So we will use an address and mask you might see.
In 192.12.10.0 0.0.0.255 the first three octets must be 192.12.10 and the last octet can have any value.
All 256 addresses of 192.12.10.0 – 192.12.10.255 would meet the criteria set by the inverse mask of 0.0.0.255.
If we had the statement:
Access-list 10 permit 192.12.10.0 0.0.0.255
All 256 (0–255) addresses listed above would be permitted.
Access-list 10 deny 143.10.2.0 0.0.0.255 would mean the subnet 143.10.2.0 would be denied.
Access-list 10 permit 123.13.2.14 0.0.0.0 identifies a single address because all 32 bits must remain the same or match the tested address.
Wild card masks, just like subnet masks, may have a value other than 0 or 255. For instance, we could have the scenario in Example 9.1:
Example 9.1
Suppose we wanted to permit the following Class C addresses:
192.12.8.2 through 192.12.15.0. We could identify the networks with the following 8 lines:
access-list 10 permit 192.12.8.0 0.0.0.255
access-list 10 permit 192.12.9.0 0.0.0.255
access-list 10 permit 192.12.10.0 0.0.0.255
access-list 10 permit 192.12.11.0 0.0.0.255
access-list 10 permit 192.12.12.0 0.0.0.255
access-list 10 permit 192.12.13.0 0.0.0.255
access-list 10 permit 192.12.14.0 0.0.0.255
access-list 10 permit 192.12.15.0 0.0.0.255
The use of a wild card mask allows us to shorten this access list to one line.
access-list 10 permit 192.12.8.0 0.0.7.255
We can easily see that the first two octets must each have a value of 192.12 and the 4th octet can have any value; but what about the 3rd octet?
Table 9.1  The Third Octet
Value
128
64
32
16
8
4
2
1
Address
0
0
0
0
1
0
0
0
8
Mask
0
0
0
0
0
1
1
1
7
Possibilities
0
0
0
0
1
0
0
0
8
0
0
0
0
1
0
0
1
9
0
0
0
0
1
0
1
0
10
Addresses
0
0
0
0
1
0
1
1
11
0
0
0
0
1
1
0
0
12
0
0
0
0
1
1
0
1
13
0
0
0
0
1
1
1
0
14
0
0
0
0
1
1
1
1
15
0
0
0
1
0
0
0
0
16
Since a value of 0 in the wild card mask means that the corresponding bits of the address must match the bits of the address being tested, and since a value of 1 in the wild card mask means that these corresponding bits can have any value, the 3rd octet can have a value between 8 and 15.
If we extend the addressing to include 16 (Example 9.1) we change the value of the fourth bit, thus not abiding by the wild card mask.
Example 9.2
What address and wild card mask would identify the following host addresses?
134.34.16.5
134.34.16.6
The first three octets will carry an inverse mask value of zero (0) because in both cases they are the same, but the 4th octet can have a value of 5 or 6.
Now we will take a close look at the 4th octet (Tables 9.2 and 9.3).
Table 9.2  The 4th Octet
128
64
32
16
8
4
2
1
Value
0
0
0
0
0
1
0
1
5
0
0
0
0
0
1
1
0
6
0
0
0
0
0
0
1
1
3
Wild Card Mask
Table 9.3  The 4th Octet
128
64
32
16
8
4
2
1
Value
0
0
0
0
0
1
0
0
4
0
0
0
0
0
1
1
1
7
Table 9.2 illustrates that the first 6 bits of both addresses are the same. This alternatively means that the last two bits do not have to match. If we place a 1in the last two bits the result is 3.
Therefore the wild card mask of  0.0.0.3 identifies 134.34.16.5 and 134.34.16.6, but these are NOT the only two addresses this wild card mask would include.
We include values of the 4th octet of 4 and 7 because if we are required to match only the first 6 bits of the 4th octet, the two bits can have any value including both being 0 or 1.
As a result, the following address and mask would identify all four of the above addresses:
134.34.16.4 0.0.0.3
It might be correctly argued that we could use other masks to identify the same addresses but other masks would include additional addresses and this may not be acceptable depending on use.
For instance, if we were to use an address and mask of 132.34.16.8 0.0.0.7 we would have identified 8 addresses. It is possible that it is not desirable to identify these additional addresses, as in the case of an access list where we might want to permit 4th octet values of 5 and 6 but not 9, 10, 11, 12, 13, 14, and 15.

 


 
Books24x7.com, Inc © 2000 –  Feedback