Dear Web User:
For Better View Of This Web Page, Please Use Any Latest Web Browser, Because Some Elements Are Not Work In The Old Web Browser (Might Not Be Displayed Properly Or Are Not Appearing properly!). The Target Audience Is Anyone Who Desires A Practical And Technical Introduction To The Field Of Networking. This Includes High School, Community College, And Lifelong-Learning Students Who Are Interested In Careers As Network Technicians, Network Engineers, Network Administrators, And Network Help-Desk Staff. Plz Note: Some Topics That You Might Want To Pursue On Your Own That We Did Not Cover In This Article Are Listed Here. This Page Discusses “Wildcard Mask”, And Also We Request To The Students, Please Go Through All The Articles That Are We Posted In This Web Site And Also Identify All The CISCO IOS Commands In The Lab Practice Before Going To Access This Page. Experience Is The Sequence Of Hands-On LABs.Thank You!FOR MORE REFERENCES:
◙ - ➤ For More Reference - > BASIC COLLECTION OF NETWORKING CONCEPTS:
◙ - ➤ For More Reference - > IPv4 & IPv6:
◙ - ➤ For More Reference - >IP ADDRESSING AND SUBNETTING:
◙ - ➤ For More Reference - > VARIABLE LENGTH SUBNET MASK (VLSM):
◙ - ➤ For More Reference - > BASIC NETWORKING QUESTIONS AND ANSWER:
◙ - ➤ For More Reference- > IP ROUTING QUESTIONS AND ANSWERS:
WILDCARD MASK
WILDCARD MASK:
A Wildcard Mask Is A Sequence Of Numbers That Streamlines Packet Routing Within The Subnets Of A Proprietary Network. Wildcards Also Known As Inverse Masks Are Mostly Used When Configuring Mask For IP ACL. Masks Are Used With IP Addresses In IP ACLs To Specify What Should Be Permitted And Denied. Masks In Order To Configure IP Addresses On Interfaces Start With 255 And Have The Large Values On The Left Side, For Example, IP Address 172.16.2.14 With A 255.255.255.0 Mask. Masks For IP ACLs Are The Reverse, In This Example, Mask 0.0.0.255. This Is Sometimes Called An Inverse Mask Or A Wildcard Mask. When The Value Of The Mask Is Broken Down Into Binary (0s And 1s), The Results Determine Which Address Bits Are To Be Considered In Processing The Traffic. A 0 Indicates That The Address Bits Must Be Considered (Exact Match); A 1 In The Mask Is A "No". Wild Card Mask Is Just The Opposite Or Reverse Of A Subnet Mask. Subnet Mask Is A 32 Bits Value Which Differentiate The Host Portion & Network Portion Of An IP Address. Where Network Portion Is Designate By The 1's & Host Portion 0's. Wild Card Mask Defines Which IP Addresses Are Allowed And Which Are Blocked. Wild Card Mask Matches (Wildly With A Zero) Everything In The Network Portion Of An IP Address. Where 0's Defines The Accurate Match Where Non Zero Value Defines Any Value On The Corresponding Octete. The Wildcard Mask Usually Shows A String Of Binary Digits Over The Subnet Number, Telling The Router The Parts Of The Subnet Number To Look At. A Binary "0" Over A Particular Digit In The Subnet Number Represents The Message "Pay Attention To This Digit. Similarly A “1” Represents The Message “Ignore This Digit”. All The Binary “1”S In A Subnet Mask Is Replaced By “0”S And All The “0”S Is Replaced By “1”S In A Wild Card Mask.THE RULES OF WILDCARD MASK (So There Are Two Basic Rules Of A Wild Card Mask):
◙ - ➤ 0-Bit = Match◙ - ➤ 1-Bit = Ignore ACLs Statements Include Wildcard Masks. A Wildcard Mask Is A String Of Binary Digits Telling The Router Which Parts Of The Subnet Number To Look At.
The Numbers 1 And 0 In The Mask Identify How To Treat The Corresponding IP Address Bits.
Wildcard Masks Are Referred To As An Inverse Mask. Wildcard Masks And Subnet Masks Differ In The Way They Match Binary 1s And 0s. Wildcard Masks Use The Following Rules To Match Binary 1s And 0s: Wildcard Mask Bit 0 - Match The Corresponding Bit Value In The Address
Wildcard Mask Bit 1 - Ignore The Corresponding Bit Value In The Address
WHAT CAN WILD CARD MASKS TARGET?
◙ A Single Host (Or A Single IP Address)◙ An Entire Network (I.E, Class A, B, Or C)
◙ An Entire Subnet
◙ A Range Of IP Addresses
TARGETING A SINGLE HOST:
To Target A Single Host With A Wild Card Means That Every Bit Within The IP Address Of The Host Must Match. The Bit That Means We Are Matching Is A Zero (0-Bit). So A Wild Card Mask For A Host Would Be -- 0.0.0.0TARGETING AN ENTIRE NETWORK:
To Target An Entire Network Means That Every Bit Within The NETWORK Portion Of The IP Address Must Match. All Others We Can Ignore. So For A Class-C Network (I.E., 192.168.1.0) The Wild Card Mask Would Be -- 0.0.0.255TARGETING A SUBNET:
To Target A Particular Subnet (Not Classful) We Will Still Need To Match On Every Bit On The NETWORK Portion, However Now We Need To Find The Proper Bit Boundary In The Last Octet Used By Our Network. For Example We Need To Find The Wild Card Mask For The Network 192.168.1.128/25. The Easiest Way To Do This Is To Simply Subtract The Subnet Mask (255.255.255.128) From 255.255.255.255. 255.255.255.255 Minus 255.255.255.128 Equals A Wild Card Mask Of -- 0.0.0.127 THE FIRST EXAMPLE THE WILDCARD MASK STIPULATES THAT EVERY BIT IN THE IP 192.168.1.1MUST MATCH EXACTLY. The Wildcard Mask Is 0.0.0.0. IN THE SECOND EXAMPLE, THE WILDCARD MASK STIPULATES THAT ANYTHING WILL MATCH. The Wildcard Mask Is 255.255.255.255. IN THE THIRD EXAMPLE, THE WILDCARD MASK STIPULATES THAT IT WILL MATCH ANY HOST WITHIN THE 192.168.1.0 /24 NETWORK. The Wildcard Mask Is 0.0.0.255. In Example 1, The First Two Octets And First Four Bits Of The Third Octet Must Match Exactly. This Checks For 192.168.16.0 To 192.168.31.0 The Wildcard Mask Is 0.0.15.255. Example 2 , A Wildcard Mask That Matches The First Two Octets, And The Least Significant Bit In The Third Octet. The Result Is A Mask That Would Permit Or Deny All Hosts From Odd Subnets (/24) From The 192.168.0.0 Major Network.
The Wildcard Mask Is 0.0.254.255. CALCULATING WILDCARD MASKS EASILY BY SUBTRACTING THE SUBNET MASK FROM 255.255.255.255. Example 1: Assume You Wanted To Permit Access To All Users In The 192.168.3.0 Network. Because The Subnet Mask Is 255.255.255.0, You Could Take The 255.255.255.255 And Subtract From The Subnet Mask. The Solution Produces The Wildcard Mask 0.0.0.255.
Example 2: Now Assume You Wanted To Permit Network Access For The 14 Users In The Subnet 192.168.3.32 /28. The Subnet Mask For The IP Subnet Is 255.255.255.240, Take 255.255.255.255 And Subtract The Subnet Mask 255.255.255.240 The Solution This Time Produces The Wildcard Mask 0.0.0.15.
Example 3: Assume You Wanted To Match Only Networks 192.168.10.0 And 192.168.11.0. Take 255.255.255.255 And Subtract The Subnet Mask 255.255.254.0. The Result Is 0.0.1.255.
EXAMPLE 1:
Subnet Mask - 11111111.11111111.11111111.00000000
Wildcard Mask - 00000000.00000000.00000000.11111111 THE DECIMAL REPRESENTATION OF THE ABOVE IP ADDRESS AND WILDCARD MASK IS GIVEN BELOW. 172.16.0.0 0.0.0.255 The Above Example States That The Values Of First Three Octects Should Exactly Match And The Values Of The Last Octet Can Be Any. This Statement Can Match All The IP Addresses Of 172.16.0.0/24 Network.
EXAMPLE 2:
Subnet Mask - 11111111.11111111.1111 | 0000.00000000
Wildcard Mask - 00000000.00000000.0000 | 1111.11111111 THE DECIMAL REPRESENTATION OF THE ABOVE IP ADDRESS, SUBNET MASK AND WILDCARD MASK ARE GIVEN BELOW: IP Address - 172.16.240.0
Subnet Mask - 255.255.240.0
Wildcard Mask -0.0.15.255
EXAMPLE3:
Subnet Mask - 255.255.255.0 (Decimal)
Mask - 11111111.11111111.11111111.00000000 (Binary) Subtract The Normal Mask From 255.255.255.255 In Order To Determine The ACL Inverse Mask Or Wilcard. In This Example, The Inverse Mask Is Determined For Network Address 192.168.20.0 With A Normal Mask Of 255.255.255.0. - 255.255.255.255
- 255.255.255.0
= 0. 0. 0. 255 - This Is The Wild Card Or Inverse Mask E.G #3.2: Subnet Mask Of 255.255.255.192 - 255.255.255.255
-255.255.255.192
= 0. 0. 0. 63 (This Is The Wildcard) Calculating Wilcards Is Fun If You Could Understand That Is Just Simple Subtraction Of The Net Mask Of A Given IP Address From 255.255.255.255.
EXAMPLE4:
0.0.0.255 = 00000000.0000000.00000000.11111111 The Theory Says That The Zero Bits Of The Wildcard Mask Have To Match The Same Position In The IP Address. So, Let's Write The Wildacard Mask Below The IP Address: 00001010.00000000.00000001.00000000
00000000.00000000.00000000.11111111 As You Can See From The Output Above, The Last Octet Doesen't Have To Match, Because The Wildcard Mask Bits Are All Ones. The First 24 Bits Have To Match, Because Of The Wildcard Mask Bits Of All Zeros. So, In This Case, Wildcard Mask Will Match All Addresses That Begins With 10.0.1.X. In Our Case, Only One Network Will Be Matched, 10.0.1.0/24. WHAT IS WE WANT TO MATCH BOTH 10.0.0.0/24 AND 10.0.1.0/24? THAN WE WILL HAVE TO USE DIFFERENT WILDCARD MASK. We Need To Use The Wildcard Mask Of 0.0.1.255. WHY IS THAT? WELL, WE AGAIN NEED TO WRITE DOWN ADDRESSES IN BINARY: 00001010.00000000.00000000.00000000 = 10.0.0.0
00001010.00000000.00000001.00000000 = 10.0.1.0
00000000.00000000.00000001.11111111 = 0.0.1.255 From The Output Above, We Can See That Only The First 23 Bits Have To Match. That Means That All Addresses In The Range Of 10.0.0.0 – 10.0.1.255 Will Be Matched.
CONCLUSION:
The Goal Of This Article Is To Give An Easy Way To Understand The “WILDCARD MASK" And Also We Hope This Guide Will Help Every Beginner Who Are Going To Start Cisco Lab Practice Without Any Doubts. Some Topics That You Might Want To Pursue On Your Own That We Did Not Cover In This Article Are Listed Here!Hands - On Experience Is An Invaluable Part Of Preparing For The Lab Exam And Never Pass Up An Opportunity To Configure Or Troubleshoot A Router ( If You Have Access To Lab Facilities, Take Full Advantage Of Them) There Is No Replacement For The Experience You Can Gain From Working In A Lab, Where You Can Configure Whatever You Want To Configure And Introduce Whatever Problems You Want To Introduce, Without Risk Of Disrupting A Production Network. Thank You And Best Of Luck
This Article Written Author By: Mr. Premakumar Thevathasan - CCNA And CCNP (Routing & Switching), MCSE, MCSA, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+ And Etc.
WARNING AND DISCLAIMER:
Routers Direct And Control Much Of The Data Flowing Across Computer Networks. This Guide Provides Technical Guidance Intended To Help All Network Students, Network Administrators And Security Officers Improve Of Their Demonstrated Ability To Achieve Specific objectives Within Set Timeframes.This Document Carries No Explicit Or Implied Warranty. Nor Is There Any Guarantee That The Information Contained In This Document Is Accurate. Every Effort Has Been Made To Make All Articles As Complete And As Accurate As Possible, But No Warranty Or Fitness Is Implied.
It Is Offered In The Hopes Of Helping Others, But You Use It At Your Own Risk. The Author Will Not Be Liable For Any Special, Incidental, Consequential Or Indirect Any Damages Due To Loss Of Data Or Any Other Reason That Occur As A Result Of Using This Document. But No Warranty Or Fitness Is Implied. The Information Provided Is On An "As Is" Basic. All Use Is Completely At Your Own Risk.
Home Page Of - > The School Of Cisco Networking (SCN)
Page Of - > SCN InF4 TECH
Contact Details / About Us Page
To Send Email
No comments:
Post a Comment