Wildcard mask is one of the important numbers used in computer networking like subnet mask. In this lesson, we will learn what is wildcard mask in networking, why we use wildcard masks and how we use these numbers. We will also compare wildcard masks and subnet masks. You can check this comparison also in subnetting cheat sheet.  At the end of this lesson, you can also find a list for this comparement.

## What is Wildcard Mask in Networking?

Wildcard mask is basically a 32-bit binary number used in networking like a subnet mask. It is showed with decimal numbers separated with dots in 4 octets like a subnet mask but it works different than subnet masks. 32-bit wildcard mask number shows that which parts of the ip address will match and which parts will not, while, subnet mask bits show network and host parts of the ip address.

Below, you can find some wildcard mask examples:

• 0.0.0.3
• 0.0.0.255
• 0.0.127.255
• 0.255.255.255

We use wild card masks in networking with Routing protocol configurations like OSPF, EIGRP, in Access Control List (ACL) Configurations, in Network Address Translation (NAT) and IP Address Summarization. In the following titles, we will learn how to use wild card masks in different parts of networking.

## How to Calculate Wildcard Mask?

Wildcard Mask calculation is easy. To do this calculation, the first method is subtracting subnet mask from 255.255.255.255. For example, if our subnet mask is 255.255.0.0, we can do this calculation like below:

255.255.255.255 – 255.255.0.0 = 0.0.255.255

The result will give Wild card mask.

Subnet masks and wildcard masks are two important numbers used in networking. They have some similar points, so, network engineers sometimes mix these two numbers. Let’s compare subnet mask vs wildcard mask and see the similarities and the difference of these two numbers.

First of all, let’s check the similarities of subnet mask and wildcard mask.

Subnet mask and wild card mask both has 32 bits log and uses binary ones and zeros. Both of these numbers are used with ip addresses to express a meaningful network number. Both of these numbers use four decimal numbers divided by a dot between them.

If we compare subnet mask vs wildcard mask, the first difference thing is about bits. In subnetting as you know we use 1s and 0s in the binary format of subnet mask. Here, 1s indicate network parts and 0s indicate host parts of the ip address. Wildcard masks also use 1s and 0s, but in different meaning. Here, 1s means than do not care about it. 0s means that, these bits must match. In other words, wild card masks used to express network sizes for routing protocols or ip range used in ACLs.

Another difference is about the beginning of the binary number. In subnet masks, 1s are at the beginning, but in wildcard masks, 0s are at the beginning.

255.255.255.252              /30                        0.0.0.3

255.255.255.0                   /24                        0.0.0.255

255.255.128.0                   /17                        0.0.127.255

255.0.0.0                            /8                          0.255.255.255

You can check full subnet mask and wildcard mask list on Subnet Mask and Wildcard Mask Cheat Sheet page and at the end of this lesson.

While using these numbers to simplfy some situations, we can use wildcard mask keywords. In Cisco IOS, there are two different keywords used with wildcard masks. These are:

• host
• any

host means, 0.0.0.0 and this means that all bits must match and shows single ip address.

any means, 255.255.255.255 and this means none of the bits must match, all the ip addresses.

Below, we have configured two lines both writing the full form of wildcard mask and writing with keywords. The first one is the full version:

Router (config)# access-list 10 permit 192.168.1.1 0.0.0.0

Router (config)# access-list 20 permit 0.0.0.0 255.255.255.255

The second one is the version that we use keywords.

Router (config)# access-list 10 permit host 192.168.1.1

Router (config)# access-list 20 permit any

## Where We Use Wildcard Masks?

We use Wildcard Masks in different areas of computer networks. Access Control List (ACL), Routing Protocols, NAT (Network Address Translation) and IP Summarization are some of the areas that we use Wildcard Masks. Now, let’s see what we do with these numbers in different network areas.

### Access Control Lists (ACLs)

As you know, to filter traffic in networking, we use access lists (ACLs). While writing an access list, to indicate which ip address range will be allowed and which one will be denied, we use wildcards. Let’s show how to use wildcard mask with ACLs with an example.

We have ip address 192.168.1.0/24 and we will permit 254 hosts in this network. How to write a permit line of an access-list?

Or subnet mask is 255.255.255.0 and we can calculate wildcard mask by subtracting this from 255.255.255.255. The result is 0.0.0.255. Our access list will be like below:

Router (config)# access-list 10 permit 192.168.1.0 0.0.0.255

### Routing Protocols

#### OSPF (Open Shortes Path First)

In routing protocols like OSPF (Open Shortes Path First) and EIGRP (Enhanced Interior Gateway Routing Protocol), we use wildcard masks too. In this part of computer networking, we use wildcards to show the size of the network and area. Let’s give an OSPF Area configuration that we use these numbers.

Here, we have network 192.168.1.0/24. Here, we will find the wildcard mask for /24 (255.255.255.0) and write it in the area 0 configuration line.

Router (config)# router ospf 100

Router (config-router)# network 192.168.1.0 0.0.0.0 area 0

For this configuration, 192.168.1.0/24 is in OSPF area 0.

#### EIGRP (Enhanced Interior Gateway Routing Protocol)

Again, we can use wildcard mask in EIGRP (Enhanced Interior Gateway Routing Protocol). We do this while we add the networks under eigrp network. Let’s add 192.168.1.0/24 network under EIGRP (Enhanced Interior Gateway Routing Protocol). For this network, our subnet mask is 255.255.255.0 and the wildcard mask for it is 0.0.0.255.

Router (config)# router eigrp 100

Router (config-router)# network 192.168.1.0 0.0.0.255

We use ip address summarization to summarize ip addresses to reduce network overhead. In IP address summarization, we use wildcard masks to identify which bits are fixed and which ones are variable.

In NAT, we also use wildcard masks. Here, the address range that we will translate with Network Address Translation will be determined with these numbers.

## Different CIDR Values and Wildcard Masks

The subnet mask for CIDR /24 is 255.255.255.0. There are 256 addresses are available with this subnet mask. The wildcard for /24 is 0.0.0.255. Here, all the host bits that are 0 in subnet mask is converted to 1 in wildcard mask.  We can find wildcard mask value by subtracting each octet’s value from 255. To calculate the first three octets, we use 255-255=0. The lasst octet is 255-0=255.

The subnet mask of CIDR /25 is 255.255.255.128. 128 addresses are available with this subnet mask. The wildcard mask of /25 is 0.0.0.127. For last octet we will subtract 128 from 255. It is equal to 127. The other parts are 255-255=0.

The subnet mask of CIDR /30 is 255.255.255.252. There are 4 addresses available with this subnet mask. The wildcard mask of /30 is 0.0.0.3. We can find this value by subtract 252 from 255.

The wildcard mask for /31, 255.255.255.254 is 0.0.0.1. You can find this value by subtracting 1 from 255.

The wildcard for /32, 255.255.255.255 is 0.0.0.0. Again, we can find last octet of wildcard mask by subtracting 255 from 255.

 CIDR SUBNET MASK ADDRESSES WILDCARD /32 255.255.255.255 1 0.0.0.0 /31 255.255.255.254 2 0.0.0.1 /30 255.255.255.252 4 0.0.0.3 /29 255.255.255.248 8 0.0.0.7 /28 255.255.255.240 16 0.0.0.15 /27 255.255.255.224 32 0.0.0.31 /26 255.255.255.192 64 0.0.0.63 /25 255.255.255.128 128 0.0.0.127 /24 255.255.255.0 256 0.0.0.255 /23 255.255.254.0 512 0.0.1.255 /22 255.255.252.0 1024 0.0.3.255 /21 255.255.248.0 2048 0.0.7.255 /20 255.255.240.0 4096 0.0.15.255 /19 255.255.224.0 8192 0.0.31.255 /18 255.255.192.0 16384 0.0.63.255 /17 255.255.128.0 32768 0.0.127.255 /16 255.255.0.0 65536 0.0.255.255 /15 255.254.0.0 131072 0.1.255.255 /14 255.252.0.0 262144 0.3.255.255 /13 255.248.0.0 524288 0.7.255.255 /12 255.240.0.0 1048576 0.15.255.255 /11 255.224.0.0 2097152 0.31.255.255 /10 255.192.0.0 4194304 0.63.255.255 /9 255.128.0.0 8388608 0.127.255.255 /8 255.0.0.0 16777216 0.255.255.255 /7 254.0.0.0 33554432 1.255.255.255 /6 252.0.0.0 67108864 3.255.255.255 /5 248.0.0.0 134217728 7.255.255.255 /4 240.0.0.0 268435456 15.255.255.255 /3 224.0.0.0 536870912 31.255.255.255 /2 192.0.0.0 1073741824 63.255.255.255 /1 128.0.0.0 2147483648 127.255.255.255 /0 0.0.0.0 4294967296 255.255.255.255

### What is a subnet mask?

A subnet mask is a number used in computer networking to define network and host parts of an ip address.

### What is the main difference between subnet mask and wildcard mask?

Subnet mask is used to define network bits and host bits of an ip address. Wildcard mask is used to match an ip address range.

### Why We Use Wildcard Mask with Access Lists?

To define ip address range in an access lists (ACLs) that we will accept ot deny, we use wildcard masks with ip address.

### Why We Use Wildcard Mask with OSPF?

In Open Shortest Path First (OSPF) area configuration, we define ip address range that will be in the configured area with a wildcard mask.

No. They have both different purposes in computer networks.

### Are there any Wildcard Mask Cheat Sheet?

Yes. You can use Subnetting Cheat Sheet as also Wildcard Mask Cheat Sheet to check the mildcard mask values quickly.

Back to: CCNA 200-301 v1.1 > IPv4 Addressing

Collapse
Expand