![]() |
![]() |
1.5 | Access List Overview |
![]() |
1.5.6 | How to use wildcard mask bits |
IP access lists use wildcard masking. Wildcard masking for
IP address bits uses the number 1 and the number 0 to identify how to treat the
corresponding IP address bits.
By carefully setting wildcard masks, an administrator can
select single or several IP addresses for permit or deny tests. Refer to the example in
the Figure NOTE: Wildcard masking for access lists operates differently from an IP subnet mask. A zero in a bit position of the access list mask indicates that the corresponding bit in the address must be checked; a one in a bit position of the access list mask indicates the corresponding bit in the address is not "interesting" and can be ignored. You have seen how the zero and one bits in an access list
wildcard mask cause the access list to either check or ignore the corresponding bit in the
IP address An administrator wants to test an IP address for subnets that will be permitted or denied. Assume the IP address is Class B (first two octets are the network number) with eight bits of subnetting (the third octet is for subnets). The administrator wants to use IP wildcard masking bits to match subnets 172.30.16.0 to 172.30.31.0. Here is how to use the wildcard mask to do this:
In this example, the address 172.30.16.0 with the wildcard mask 0.0.15.255 matches subnets 172.30.16.0 to 172.30.31.0.
|