Cisco access lists ACL and wildcard mask

From Ever changing code
Jump to navigation Jump to search

Wild card mask

WILDCARD                    NETWORK MASK
0 - means match             0 - hosts part of a network address
1 - means ignore            1 - match, identifies network bits that need matching for all hosts in the same subnet

Calculate wild card mask

                   255.255.255.255
  subnet mask     -255.255.192.0
                 -----------------
 wild card mask      0.  0. 63.255

Examples

                        pattern     wildcard
access-list 33 permit 198.51.100.58 0.0.0.63
ip packet evaluated   198.51.100.3

in binary
ACL IP pattern        198.51.100.58 11000110.00110011.01100100.00111010
Wildcard mask           0. 0.  0.63 00000000.00000000.00000000.00111111
Logic applied                       \   these bits must match   /\ ignore,it/
                                     \ ________________________/  | can be |
                                                                  | 0 or 1 |
Addresses
matching         from 198.51.100.0  11000110.00110011.01100100.00000000
the rule:          to 198.51.100.63 11000110.00110011.01100100.00111111

Ip packet evaluated   198.51.100.3  11000110.00110011.01100100.00000011  MATCH!
Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Cisco_access_lists_ACL_and_wildcard_mask&oldid=1553