🔐 Subnet Mask vs Wildcard Mask
📌 The Basics
When configuring network devices (especially Access Control Lists, ACLs), two common operations are:
- Permit (allow) packets
- Deny (block) packets
The logic of which packets are matched is determined by masks.
- Subnet Mask → Defines the network portion (must follow the rule of consecutive 1s, then 0s).
- Wildcard Mask → Defines matching rules (0 = exact match required, 1 = ignore).
🧩 Subnet Mask
- Always structured with continuous 1s followed by 0s.
- Used for dividing networks and hosts.
Example:
255.255.255.0 → /24 11111111.11111111.11111111.00000000
🎭 Wildcard Mask
- Conceptually the opposite of a subnet mask.
- 0 = must match
- 1 = don’t care (ignore this bit)
- Commonly used in ACLs and OSPF network definitions.
Example:
0.0.0.255 → The last 8 bits can vary → The first 24 bits must match exactly
📝 Subnet Mask ↔ Wildcard Mask Mapping
Subnet MaskWildcard MaskMeaning
| 255.255.255.255 | 0.0.0.0 | Match a single IP exactly |
| 255.255.255.0 | 0.0.0.255 | Match an entire /24 network |
| 255.255.0.0 | 0.0.255.255 | Match an entire /16 network |
| 255.0.0.0 | 0.255.255.255 | Match an entire /8 network |
| 0.0.0.0 | 255.255.255.255 | Match everything (any address) |
| 255.255.255.252 | 0.0.0.3 | Match an entire /30 network |
| 255.255.255.248 | 0.0.0.7 | Match an entire /29 network |
| 255.255.255.240 | 0.0.0.15 | Match an entire /28 network |
🔎 Key Takeaways
- Subnet Mask → Defines the network itself
- Wildcard Mask → Defines how to match addresses in ACLs
Think of it this way:
- Subnet mask = “Who am I?”
- Wildcard mask = “Who do I match against?”
✅ Example in Cisco IOS:
access-list 10 permit 192.168.1.0 0.0.0.255
This ACL line permits the entire 192.168.1.0/24 network.
'Software Define' 카테고리의 다른 글
| Subneting Skil (0) | 2025.08.12 |
|---|