Access list Wildcard Masks

To control the access for a group of hosts, the phenomena which is used is called wild cards.

A wildcard mask can be defined easily; the main purpose of wildcard mask is to identify which collection of addresses an access list entry should be appropriate.

The wildcard mask is a little confusing phenomenon. The wildcard mask 0.0.0.255. The 0s in the beginning of the mask inform the router that the connected bits in the basic address must match accurately. The 3 octets in the wildcard mask are set to binary 0 as default settings; the router is well aware of this, that the first three octets must match 192.168.30 completely. All the binary 1s in the mask indicate the router to counterpart any possible value present. Any of the address starting with192.168.30 would match the access list and would be denied for case under consideration.

If the Ip address is starting with10.10 then it tells the router to allow the traffic among the host.

RouterA(config)#access-list 40 deny 10.10.0.0 0.0.255.255

We start with the address 192.168.1.4 and it comprises of 4 addresses. The actual work of wildcard mask is to specify the bits that the router should think when proceeding to determine which hosts to permit or deny.

00000000 00000000 00000000 00000011

Observe that only the last two bits are set to 1 in the above mentioned set of numbers. It means that “start at 192.168.1.4, and comprise any values for those of the last two bits”.

Wildcard mask let know the router that beginning with the address 192.168.1.4, allows the last two address bits to be place to any value and using this value it can decide to permit or deny traffic. We can also allow the hosts of our choice to connect to the network.