Wildcard Mask

wildcard mask cheat sheet, wild card maask calculation

Wildcard mask is one of the important numbers used in computer networking like subnet mask. In this lesson, we will learn what is wildcard mask in networking, why we use wildcard masks and how we use these numbers. We will also compare wildcard masks and subnet masks. You can check this comparison also in subnetting cheat sheet.  At the end of this lesson, you can also find a list for this comparement.


So, let’s start with the first question, what is wildcard mask?



What is Wildcard Mask in Networking?

Wildcard mask is basically a 32-bit binary number used in networking like a subnet mask. It is showed with decimal numbers separated with dots in 4 octets like a subnet mask but it works different than subnet masks. 32-bit wildcard mask number shows that which parts of the ip address will match and which parts will not, while, subnet mask bits show network and host parts of the ip address.


Below, you can find some wildcard mask examples:



We use wild card masks in networking with Routing protocol configurations like OSPF, EIGRP, in Access Control List (ACL) Configurations, in Network Address Translation (NAT) and IP Address Summarization. In the following titles, we will learn how to use wild card masks in different parts of networking.

wildcard mask cheat sheet, wild card maask calculation

Wildcard Mask Cheat Sheet


How to Calculate Wildcard Mask?

Wildcard Mask calculation is easy. To do this calculation, the first method is subtracting subnet mask from For example, if our subnet mask is, we can do this calculation like below: – =


The result will give Wild card mask.



Subnet Mask vs Wildcard Mask

Subnet masks and wildcard masks are two important numbers used in networking. They have some similar points, so, network engineers sometimes mix these two numbers. Let’s compare subnet mask vs wildcard mask and see the similarities and the difference of these two numbers.


First of all, let’s check the similarities of subnet mask and wildcard mask.


Subnet mask and wild card mask both has 32 bits log and uses binary ones and zeros. Both of these numbers are used with ip addresses to express a meaningful network number. Both of these numbers use four decimal numbers divided by a dot between them.


subnet mask vs wildcard mask comparison table, the differences of subnet mask and wildcard mask

Subnet Mask vs Wildcard Mask


If we compare subnet mask vs wildcard mask, the first difference thing is about bits. In subnetting as you know we use 1s and 0s in the binary format of subnet mask. Here, 1s indicate network parts and 0s indicate host parts of the ip address. Wildcard masks also use 1s and 0s, but in different meaning. Here, 1s means than do not care about it. 0s means that, these bits must match. In other words, wild card masks used to express network sizes for routing protocols or ip range used in ACLs.


Another difference is about the beginning of the binary number. In subnet masks, 1s are at the beginning, but in wildcard masks, 0s are at the beginning.


Let’s show subnet mask, CIDR and wildcard mask together.              /30                                 /24                                 /17                                          /8                


You can check full subnet mask and wildcard mask list on Subnet Mask and Wildcard Mask Cheat Sheet page and at the end of this lesson.



Wildcard Masks Keywords

While using these numbers to simplfy some situations, we can use wildcard mask keywords. In Cisco IOS, there are two different keywords used with wildcard masks. These are:

  • host
  • any


host means, and this means that all bits must match and shows single ip address.

any means, and this means none of the bits must match, all the ip addresses.


Below, we have configured two lines both writing the full form of wildcard mask and writing with keywords. The first one is the full version:


Router (config)# access-list 10 permit

Router (config)# access-list 20 permit


The second one is the version that we use keywords.


Router (config)# access-list 10 permit host

Router (config)# access-list 20 permit any



Where We Use Wildcard Masks?

We use Wildcard Masks in different areas of computer networks. Access Control List (ACL), Routing Protocols, NAT (Network Address Translation) and IP Summarization are some of the areas that we use Wildcard Masks. Now, let’s see what we do with these numbers in different network areas.



Access Control Lists (ACLs)

As you know, to filter traffic in networking, we use access lists (ACLs). While writing an access list, to indicate which ip address range will be allowed and which one will be denied, we use wildcards. Let’s show how to use wildcard mask with ACLs with an example.


We have ip address and we will permit 254 hosts in this network. How to write a permit line of an access-list?


Or subnet mask is and we can calculate wildcard mask by subtracting this from The result is Our access list will be like below:


Router (config)# access-list 10 permit



Routing Protocols

OSPF (Open Shortes Path First)

In routing protocols like OSPF (Open Shortes Path First) and EIGRP (Enhanced Interior Gateway Routing Protocol), we use wildcard masks too. In this part of computer networking, we use wildcards to show the size of the network and area. Let’s give an OSPF Area configuration that we use these numbers.


Here, we have network Here, we will find the wildcard mask for /24 ( and write it in the area 0 configuration line.


Router (config)# router ospf 100

Router (config-router)# network area 0


For this configuration, is in OSPF area 0.



EIGRP (Enhanced Interior Gateway Routing Protocol)

Again, we can use wildcard mask in EIGRP (Enhanced Interior Gateway Routing Protocol). We do this while we add the networks under eigrp network. Let’s add network under EIGRP (Enhanced Interior Gateway Routing Protocol). For this network, our subnet mask is and the wildcard mask for it is


Router (config)# router eigrp 100

Router (config-router)# network



IP Address Summarization

We use ip address summarization to summarize ip addresses to reduce network overhead. In IP address summarization, we use wildcard masks to identify which bits are fixed and which ones are variable.



Network Address Translation (NAT)

In NAT, we also use wildcard masks. Here, the address range that we will translate with Network Address Translation will be determined with these numbers.



Different CIDR Values and Wildcard Masks

/24 wildcard mask:

The subnet mask for CIDR /24 is There are 256 addresses are available with this subnet mask. The wildcard for /24 is Here, all the host bits that are 0 in subnet mask is converted to 1 in wildcard mask.  We can find wildcard mask value by subtracting each octet’s value from 255. To calculate the first three octets, we use 255-255=0. The lasst octet is 255-0=255.



/25 wildcard mask:

The subnet mask of CIDR /25 is 128 addresses are available with this subnet mask. The wildcard mask of /25 is For last octet we will subtract 128 from 255. It is equal to 127. The other parts are 255-255=0.



/30 wildcard mask:

The subnet mask of CIDR /30 is There are 4 addresses available with this subnet mask. The wildcard mask of /30 is We can find this value by subtract 252 from 255.



/31 wildcard mask:

The wildcard mask for /31, is You can find this value by subtracting 1 from 255.



/32 wildcard mask:

The wildcard for /32, is Again, we can find last octet of wildcard mask by subtracting 255 from 255.



List of Wildcard Masks

/32 1
/31 2
/30 4
/29 8
/28 16
/27 32
/26 64
/25 128
/24 256
/23 512
/22 1024
/21 2048
/20 4096
/19 8192
/18 16384
/17 32768
/16 65536
/15 131072
/14 262144
/13 524288
/12 1048576
/11 2097152
/10 4194304
/9 8388608
/8 16777216
/7 33554432
/6 67108864
/5 134217728
/4 268435456
/3 536870912
/2 1073741824
/1 2147483648
/0 4294967296



Frequently Asked Questions

What is a subnet mask?

A subnet mask is a number used in computer networking to define network and host parts of an ip address.



What is the main difference between subnet mask and wildcard mask?

Subnet mask is used to define network bits and host bits of an ip address. Wildcard mask is used to match an ip address range.



How to find wildcard mask?

To find a wildcard mask from a subnet mask, you can subtract subnet mask from If you subnet mask is, your wildcard mask is – =



Why We Use Wildcard Mask with Access Lists?

To define ip address range in an access lists (ACLs) that we will accept ot deny, we use wildcard masks with ip address.



Why We Use Wildcard Mask with OSPF?

In Open Shortest Path First (OSPF) area configuration, we define ip address range that will be in the configured area with a wildcard mask.



Can I use subnet mask instead of wildcard mask?

No. They have both different purposes in computer networks.



Are there any Wildcard Mask Cheat Sheet?

Yes. You can use Subnetting Cheat Sheet as also Wildcard Mask Cheat Sheet to check the mildcard mask values quickly.


Back to: CCNA 200-301 v1.1 > IPv4 Addressing

Leave a Reply

Your email address will not be published. Required fields are marked *

CCNA 200-301 v1.1