Wildcard mask explained

Wildcard masks are used to specify a range of network addresses. They are usually used with routing protocols (such as EIGRP and OSPF) and access lists.

Just like a subnet mask, a wildcard mask is 32 bits long. It is a sort of inverted subnet masks, with the zero bits indicating that the corresponding bit position must match the same bit position in the IP address. The one bits indicate that the corresponding bit position does not have to match the bit position in the IP address.

The following example will help you understand the concept behind wildcard masks:

wildcard mask topology

In the picture above you can see a network with three hosts and a router. The router is directly connected to three subnets. Let’s say that we want to advertise only the 10.0.1.0/24 subnet in EIGRP. We can use the wildcard mask of 0.0.0.255 in the following network command to do this:

R1(config-router)#network 10.0.1.0 0.0.0.255

Why the wildcard mask of 0.0.0.255? To explain why, first we need to convert the IP address and wildcard mask to binary:

10.0.1.0 = 00001010.00000000.00000001.00000000
0.0.0.255 = 00000000.0000000.00000000.11111111

The zero bits of the wildcard mask have to match the same position in the IP address in order for the network to be included in the network command:

00001010.00000000.00000001.00000000
00000000.00000000.00000000.11111111

As you can see from the output above, the last octet doesn’t have to match, because the wildcard mask bits are all ones. The first 24 bits have to match, because of the wildcard mask bits of all zeros. So, in this case, wildcard mask will match all addresses that begins with 10.0.1.x (10.0.1.0 – 10.0.1.255). In our case, we have only a single network that will be matched – 10.0.1.0/24.

What if we want to include both 10.0.0.0/24 and 10.0.1.0/24 subnets? Well, we need to use the wildcard mask of 0.0.1.255. Here is why:

10.0.0.0 = 00001010.00000000.00000000.00000000
10.0.1.0 = 00001010.00000000.00000001.00000000
0.0.1.255 = 00000000.00000000.00000001.11111111

From the output above you can see that, with the wildcard mask of 0.0.1.255, only the first 23 bits have to match. That means that all addresses in the range of 10.0.0.0 – 10.0.1.255 will be matched. So, in our case, both IP addresses have been matched.

 

The wildcard mask of all zeros (0.0.0.0) means that the entire IP address have to match in order for a statement to execute. For example, if we want to match only the IP address of 192.168.0.1, the command to use is network 192.168.0.1 0.0.0.0. A wildcard mask of all ones (255.255.255.255) means that no bits have to match. This basically means that all addresses will be matched.

CCNA course

Geek University 2022