In these positions, the address value can be
binary 0 or binary 1. Thus, the wildcard mask matches subnet 16, 17, 18, and so on up to subnet
31. The wildcard mask does not match other subnets.
In the example, the address 172.30.16.0 with the wildcard mask 0.0.15.255 matches subnets
172.30.16.0/24 to 172.30.31.0/24.
NOTE Wildcard masking for ACLs operates differently from an IP subnet mask. A ???0??? in a
bit position of the ACL mask indicates that the corresponding bit in the address must be matched.
A ???1??? in a bit position of the ACL mask indicates that the corresponding bit in the address is not
interesting and can be ignored.
0 0 0 1 0 0 0 0
0 0 0 0 1 1 1 1
Wildcard Mask:
Match
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
1
:
0
0
0
1
0
0
0
1
0
0
1
1
0
1
0
1
=
=
=
=
16
17
18
:
31
Don??™t Care
Network.Host
172.30.16.0
Access Control List Operation 221
In some cases, you must use more than one ACL statement to match a range of subnets; for
example, to match 10.1.4.0/24 to 10.1.8.0/24, use 10.1.4.0 0.0.3.255 and 10.1.8.0 0.0.0.255.
The 0 and 1 bits in an ACL wildcard mask cause the ACL to either match or ignore the
corresponding bit in the IP address.
Pages:
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338