Scribd
Upload
989 views6 pages

Choices For Using Wildcard Masks

The document discusses using wildcard masks to match specific IP addresses, ranges of addresses, entire subnets, or all addresses in access control lists (ACLs). It provides examples of wildcard masks for single host matches, entire subnet matches, address range matches, and matches for all addresses. It also discusses how to create wildcard masks by taking the inverse of the subnet mask and using zeros to match and ones to ignore bits. Finally, it provides problems for creating wildcard masks and identifying address ranges permitted or denied by sample ACL statements.

Uploaded by

Kjell15
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
989 views6 pages

Choices For Using Wildcard Masks

The document discusses using wildcard masks to match specific IP addresses, ranges of addresses, entire subnets, or all addresses in access control lists (ACLs). It provides examples of wildcard masks for single host matches, entire subnet matches, address range matches, and matches for all addresses. It also discusses how to create wildcard masks by taking the inverse of the subnet mask and using zeros to match and ones to ignore bits. Finally, it provides problems for creating wildcard masks and identifying address ranges permitted or denied by sample ACL statements.

Uploaded by

Kjell15
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 6

1

Choices for Using Wildcard Masks

Wildcard masks are usually set up to do one of four things:


1. Match a specific host.
2. Match an entire subnet.
3. Match a specific range.
4. Match all addresses.

1. Matching a specific host.


For standard access lists:
Access-List 10 permit 192.168.150.50 0.0.0.0
or
Access-List 10 permit 192.168.150.50
or
Access-List 10 permit host 192.168.150.50

For extended access lists:


Access-list 110 deny ip 192.168.150.50 0.0.0.0 any
or
Access-list 110 deny ip host 192.168.150.50 any

2. Matching an entire subnet


Example 1 : Address: 192.168.50.0 Subnet Mask: 255.255.255.0
Access-list 25 deny 192.168.50.0 0.0.0.255

Example 2 : Address: 172.16.0.0 Subnet Mask: 255.255.0.0


Access-list 12 permit 172.16.0.0 0.0.255.255

Example 3 Address: 10.0.0.0 Subnet Mask: 255.0.0.0


Access-list 125 deny udp 10.0.0.0 0.255.255.255 any
(standard ACL’s assume a 0.0.0.0 mask)

3. Match a specific range


Example 1: Address: 10.250.50.112 Subnet Mask: 255.255.255.224
• 255.255.255.255
custom mask: 255.255.255.224
---------------------
0 . 0 . 0. 31

Access-list 125 permit udp 10.250.50.112 0.0.0.31 any

Example 2: Address Range: 192.168.16.0 to 192.168.16.127


• 192.168.16.127
192.168.16.0
---------------------
wildcard: 0 . 0 . 0.127

Access-list 125 deny ip 192.168.16.0 0.0.0.127 any


(This ACL would block the lower half of the subnet.)
2
Example 3: Address: 172.250.16.32 to 172.250.31.63
• 172.250.31.63
172.250.16.32
---------------------
wildcard 0 . 0 . 15..31

Access-list 125 permit ip 172.250.16.32 0.0.15.31 any

4. Match everyone.
For standard access lists:
Access-List 15 permit any
or
Access-List 15 deny 0.0.0.0 255.255.255.255

For extended access lists:


Access-List 175 permit ip any any
or
Access-List 175 deny tcp 0.0.0.0 255.255.255.255 any

Creating Wildcard Masks


 Just like a subnet mask the wildcard mask tells the router what part of the address to check or
ignore. Zero (0) must match exactly, one (1) will be ignored.
 The source address can be a single address, a range of addresses, or an entire subnet.
 As a rule of thumb the wildcard mask is the reverse of the subnet mask.

Example #1:
IP Address and subnet mask: 204.100.100.0 255.255.255.0
IP Address and wildcard mask: 204.100.100.0 0.0.0.255

 All zero’s (or 0.0.0.0) means the address must match exactly.
Example #2:
10.10.150.95 0.0.0.0 (This address must match exactly.)

 One’s will be ignored.


Example #3:
10.10.150.95 0.0.0.255 (Any 10.10.150.0 subnet address will match.
10.10.150.0 to 10.10.150.255)

 This also works with subnets.


Example #4:
IP Address and subnet mask: 192.170.25.30 255.255.255.224
IP Address and wildcard mask: 192.170.25.30 0.0.0.31
(Subtract the subnet mask from 255.255.255.255 to create the wildcard)
Do the math... 255 - 255 = 0 (This is the inverse of the subnet mask.)
255 - 224 = 31
3
Example #5:
IP Address and subnet mask: 172.24.128.0 255.255.128.0
IP Address and wildcard mask: 172.24.128.0 0.0.127.255
Do the math... (This is the inverse of the subnet mask.)

Wildcard Mask Problems

1. Create a wildcard mask to match this exact address.


IP Address: 192.168.25.70
Subnet Mask: 255.255.255.0 ___________________________________
2. Create a wildcard mask to match this range.
IP Address: 210.150.10.0
Subnet Mask: 255.255.255.0 ___________________________________
3. Create a wildcard mask to match this host.
IP Address: 195.190.10.35
Subnet Mask: 255.255.255.0 __________________________________
4. Create a wildcard mask to match this range.
IP Address: 172.16.0.0
Subnet Mask: 255.255.0.0 __________________________________
5. Create a wildcard mask to match this range.
IP Address: 10.0.0.0
Subnet Mask: 255.0.0.0 __________________________________
6. Create a wildcard mask to match this exact address.
IP Address: 165.100.0.130
Subnet Mask: 255.255.255.192 __________________________________
7. Create a wildcard mask to match this range.
IP Address: 192.10.10.16
Subnet Mask: 255.255.255.224 __________________________________
8. Create a wildcard mask to match this range.
IP Address: 171.50.75.128
Subnet Mask: 255.255.255.192 __________________________________
9. Create a wildcard mask to match this host.
IP Address: 10.250.30.2
Subnet Mask: 255.0.0.0 __________________________________
10. Create a wildcard mask to match this range.
IP Address: 210.150.28.16
Subnet Mask: 255.255.255.248 __________________________________
11. Create a wildcard mask to match this range.
IP Address: 172.18.0.0
Subnet Mask: 255.255.224.0 __________________________________
12. Create a wildcard mask to match this range.
IP Address: 135.35.230.32
Subnet Mask: 255.255.255.248 __________________________________
4
Wildcard Mask Problems

Based on the given information list the usable source addresses or range of usable source addresses
that would be permitted or denied for each access list statement.

1. access-list 10 permit 192.168.150.50 0.0.0.0


Answer: __________________________________________________________________

2. access-list 5 permit any


Answer: __________________________________________________________________

3. access-list 125 deny tcp 195.223.50.0 0.0.0.63 host 172.168.10.1 fragments


Answer: __________________________________________________________________

4. access-list 11 deny 210.10.10.0 0.0.0.255


Answer: __________________________________________________________________

5. access-list 108 deny ip 192.220.10.0 0.0.0.15 172.32.4.0 0.0.0.255


Answer: __________________________________________________________________

6. access-list 171 deny any host 175.18.24.10 fragments


Answer: __________________________________________________________________

7. access-list 105 permit 192.168.15.0 0.0.0.255 any


Answer: __________________________________________________________________

8. access-list 109 permit tcp 172.16.10.0 0.0.0.255 host 192.168.10.1 eq 80


Answer: __________________________________________________________________

9. access-list 111 permit ip any any


Answer: __________________________________________________________________

10. access-list 195 permit udp 172.30.12.0 0.0.0.127 172.50.10.0 0.0.0.255


Answer: __________________________________________________________________

11. access-list 110 permit ip 192.168.15.0 0.0.0.3 192.168.30.10 0.0.0.0


Answer: _________________________________________________________________

12. access-list 120 permit ip 192.168.15.0 0.0.0.7 192.168.30.10 0.0.0.0


Answer: _________________________________________________________________

13. access-list 130 permit ip 192.168.15.0 0.0.0.15 192.168.30.10 0.0.0.0


Answer: _________________________________________________________________

14. access-list 140 permit ip 192.168.15.0 0.0.0.31 192.168.30.10 0.0.0.0


Answer: _________________________________________________________________
5
15. access-list 150 permit ip 192.168.15.0 0.0.0.63 192.168.30.10 0.0.0.0
Answer: _________________________________________________________________

16. access-list 101 Permit ip 192.168.15.0 0.0.0.127 192.168.30.10 0.0.0.0


Answer:__________________________________________________________________

17. access-list 185 permit ip 192.168.15.0 0.0.0.255 192.168.30.0 0.0.0.255


Answer: _________________________________________________________________

18. access-list 160 deny udp 172.16.0.0 0.0.1.255 172.18.10.18 0.0.0.0 gt 22


Answer: _________________________________________________________________

19. access-list 195 permit icmp 172.85.0.0 0.0.15.255 172.50.10.0 0.0.0.255


Answer: _________________________________________________________________

20. access-list 10 permit 175.15.120.0 0.0.0.255


Answer: _________________________________________________________________

21. access-list 190 permit tcp 172.15.0.0 0.0.15.31 any


Answer: _________________________________________________________________

22. access-list 100 permit ip 10.0.0.0 0.255.255.255 172.50.10.0 0.0.0.255


Answer: _________________________________________________________________

Wildcard Mask Problems

Based on the given information list the usable destination addresses or range of usable destination
addresses that would be permitted or denied for each access list statement.

1.access-list 125 deny tcp 195.223.50.0 0.0.0.63 host 172.168.10.1 fragments


Answer: __________________________________________________________________

2. access-list 5 permit any any


Answer: __________________________________________________________________

3. access-list 150 permit ip 192.168.30.10 0.0.0.0 192.168.15.0 0.0.0.63


Answer: __________________________________________________________________

4. access-list 120 deny tcp 172.32.4.0 0.0.0.255 192.220.10.0 0.0.0.15


Answer: __________________________________________________________________

5. access-list 108 deny ip 192.220.10.0 0.0.0.15 172.32.4.0 0.0.0.255


Answer: __________________________________________________________________

6. access-list 101 deny ip 140.130.110.100 0.0.0.0 0.0.0.0 255.255.255.255


Answer: __________________________________________________________________
6
7. access-list 105 permit any 192.168.15.0 0.0.0.255
Answer: __________________________________________________________________

8. access-list 120 permit ip 192.168.15.10 0.0.0.0 192.168.30.0 0.0.0.7


Answer: __________________________________________________________________

9. access-list 160 deny udp 172.16.0.0 0.0.1.255 172.18.10.18 0.0.0.0 eq 21


Answer: __________________________________________________________________

10. access-list 150 permit ip 192.168.15.10 0.0.0.0 192.168.30.0 0.0.0.63


Answer: __________________________________________________________________

1
Prepared by:

ENGR. CECILLE D.ATIENZA-VENAL


CCNA Instructor

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy