Assume that the IP address is a Class B address (the ?¬?rst two octets are the network
number), with 8 bits of subnetting. (The third octet is for subnets.) The administrator wants to use
the IP wildcard masking bits to match subnets 172.30.16.0/24 to 172.30.31.0/24.
Figure 6-10 Masking a Range of Addresses
To use one ACL statement to match this range of subnets, use the IP address 172.30.16.0 in the
ACL, which is the ?¬?rst subnet to be matched, followed by the required wildcard mask.
The wildcard mask matches the ?¬?rst two octets (172.30) of the IP address using corresponding 0
bits in the ?¬?rst two octets of the wildcard mask.
Because there is no interest in an individual host, the wildcard mask ignores the ?¬?nal octet by using
the corresponding 1 bit in the wildcard mask. For example, the ?¬?nal octet of the wildcard mask is
255 in decimal.
In the third octet, where the subnet address occurs, the wildcard mask of decimal 15, or binary
00001111, matches the high-order 4 bits of the IP address. In this case, the wildcard mask matches
subnets starting with the 172.30.16.0/24 subnet. For the ?¬?nal (low-end) 4 bits in this octet, the
wildcard mask indicates that the bits can be ignored.
Pages:
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337