Scribd Logo
Upload

Welcome to Scribd!

  • ACL - Wildcard Masks

    Uploaded by

    Anonymous s7uIdAvj2R
    126 views3 pages
    ACL

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ACL

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    126 views3 pages

    ACL - Wildcard Masks

    Uploaded by

    Anonymous s7uIdAvj2R
    ACL

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    4/9/2017 AccessControlList(ACL)WildcardMasks

    Home About Us Knowledge Base FAQ Feedback



    Privacy Policy Support Us Contact Us Sitemap

    T&CApply

    Home Knowledgebase Cisco Certified Network Associate (CCNA) Access Control List (ACL) - WildCard Masks

    External
    Tutorials Access Control List (ACL) - Wildcard Masks
    Resources
    Basic Networking Wildcard masks are used in Access Control Lists (ACL) to
    TCP/IP identify (or filter) an individual host, a network, or a range IP
    addresses in a network to permit or deny access .
    IPv6
    When using a wildcard mask, a 0 in a bit position means
    CCNA
    that the corresponding bit position in the address of the
    CCNA Security Access Control Lists (ACL) statement must match the bit
    Security position in the IP address in the examined packet. A "0" bit in
    the wildcard mask means that corresponding part in the IP
    Windows 2003
    address should exactly match and "1" bit means that the
    Windows 2008 corresponding part in IP address can be ignored. Some
    examples of Access Control List (ACL) wildcard masks are
    GNU/Linux
    given below

    How to specify a single host using Access


    Control List (ACL) Wildcard mask
    To specify a single host using Access Control List (ACL)
    Wildcard mask, the IP address and wildcard mask should be
    as below.

    172.16.0.12 0.0.0.0

    The four zeros in the wildcard mask represent each octet of


    the address. As we discussed above, whenever a zero is

    http://www.omnisecu.com/ciscocertifiednetworkassociateccna/accesscontrollistaclwildcardmasks.php 1/5
    4/9/2017 AccessControlList(ACL)WildcardMasks

    present in wildcard mask, correspoding part in IP address


    must match exactly.

    The keyword "host" can also be used to accomplish the


    same result as shown below.

    host 172.16.0.12

    How to specify an entire network using


    Access Control List (ACL) Wildcard mask
    To specify an entire network using Access Control List (ACL)
    Wildcard mask, use a wild card mask of 255 (all bits "1" in
    that octet). The following example can be used to specify all
    IP addresses in 172.16.0.0/16 ntwork.

    172.16.0.0 0.0.255.255

    The above example states that the values of only first two
    octects should exactly match and the values of the last two
    octets can be any. This statement can match all the IP
    addresses of 172.16.0.0/16 network.

    How to specify a range of IP addresses in


    a network using Access Control List (ACL)
    Wildcard mask

    To specify a range of IP addresses in a network using Access


    Control List (ACL) Wildcard mask, use the "1" bit only for the
    subnetted bits.

    Example 1: The following example can be used to specify all


    IP addresses of a classs B network, 172.16.0.0, which is
    subnetted by using a class C subnet mask (172.16.0.0/24).

    The binary representation of above network address,


    subnet mask and wild card mask is as shown below.

    IP address - 10101100.00010000.00000000.00000000
    Subnet Mask - 11111111.11111111.11111111.00000000
    Wildcard Mask - 00000000.00000000.00000000.11111111

    The decimal representation of the above IP Address and


    wildcard mask is given below.

    172.16.0.0 0.0.0.255

    http://www.omnisecu.com/ciscocertifiednetworkassociateccna/accesscontrollistaclwildcardmasks.php 2/5
    4/9/2017 AccessControlList(ACL)WildcardMasks

    The above example states that the values of first three


    octects should exactly match and the values of the last octet
    can be any. This statement can match all the IP addresses of
    172.16.0.0/24 network.

    Example 2: The following example can be used to specify all


    IP addresses of a classs B network, 172.16.240.0/20 (Subnet
    Mask 255.255.240.0). Click the following link to learn more
    about class B subnetting.

    The binary representation of above network address, subnet


    mask and wild card mask is as shown below.

    IP address - 10101100.00010000.0000 | 0000.00000000


    Subnet Mask - 11111111.11111111.1111 | 0000.00000000
    Wildcard Mask - 00000000.00000000.0000 | 1111.11111111

    The decimal representation of the above IP Address, Subnet


    Mask and Wildcard mask are given below.

    IP address - 172.16.240.0
    Subnet Mask - 255.255.240.0
    Wildcard Mask -0.0.15.255

    The above example states that the values of first 20 bits


    must exactly match and the last 12 bits can be any. This
    statement can match all the IP addresses of 172.16.240.0/20
    network shown below.

    Network address - 172.16.240.0/20


    First usable IP address - 172.16.240.1/20
    Last usable IP Address - 172.16.255.254/20
    Broadcast address - 172.16.255.255/20


    JajishThomas on

    << Where should a Standard How to create and configure


    Access Control List (ACL) be Standard Access Control
    placed Lists (ACLs) >>

    http://www.omnisecu.com/ciscocertifiednetworkassociateccna/accesscontrollistaclwildcardmasks.php 3/5

    You might also like