A wildcard mask is a
mask of
bits that indicates which parts of an
IP address
An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface i ...
are available for examination. In the
Cisco IOS,
[Cisco Wide Area Application Services Command Reference](_blank)
Cisco Command Reference they are used in several places, for example:
* To indicate the size of a network or subnet for some routing protocols, such as
OSPF.
* To indicate what IP addresses should be permitted or denied in
access control list
In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object or facility). An ACL specifies which users or system processes are granted access to resources, as well as what operations are ...
s (ACLs).
A wildcard mask can be thought of as an inverted
subnet mask. For example, a subnet mask of 255.255.255.0 () inverts to a wildcard mask of 0.0.0.255 ().
A wild card mask is a matching rule.
[Matching Guide](_blank)
OmniSecu Site The rule for a wildcard mask is:
* 0 means that the equivalent bit must match
* 1 means that the equivalent bit does not matter
Any wildcard bit-pattern can be masked for examination. For example, a wildcard mask of 0.0.0.254 () applied to IP address 10.10.10.2 () will match even-numbered IP addresses 10.10.10.0, 10.10.10.2, 10.10.10.4, 10.10.10.6 etc. Same mask applied to 10.10.10.1 () will match odd-numbered IP addresses 10.10.10.1, 10.10.10.3, 10.10.10.5 etc.
A network and wildcard mask combination of 1.1.1.1 0.0.0.0 would match an interface configured exactly with 1.1.1.1 only, and nothing else.
Wildcard masks are used in situations where subnet masks may not apply. For example, when two affected hosts fall in different subnets, the use of a wildcard mask will group them together.
References
{{reflist
Routing
IP addresses
Internet architecture