Wildcard masks are used to specify a range of network addresses. They are commonly used with routing protocols (like OSPF) and access lists.
Just like a subnet mask, a wildcard mask is 32 bits long. It acts as an inverted subnet mask, but with a wildcard mask, the zero bits indicate that the corresponding bit position must match the same bit position in the IP address. The one bits indicate that the corresponding bit position doesn’t have to match the bit position in the IP address.
Here is an example of using a wildcard mask to include only the desired interfaces in the OSPF routing process:
Router R1 has three networks directly connected. To include only the 10.0.1.0 subnet in the OSPF routing process, the following network command can be used:
R1(config)#router ospf 1 R1(config-router)#network 10.0.1.0 0.0.0.255 area 0
Let’s break down the wildcard part of the command. To do that, we need to use binary numbers instead of decimal notation.
10.0.1.0 = 00001010.00000000.00000001.00000000 0.0.0.255 = 00000000.0000000.00000000.11111111
The theory says that the zero bits of the wildcard mask have to match the same position in the IP address. So, let’s write the wildcard mask below the IP address:
As you can see from the output above, the last octet doesn’t have to match, because the wildcard mask bits are all ones. The first 24 bits have to match, because of the wildcard mask bits of all zeros. So, in this case, the wildcard mask will match all addresses that begin with 10.0.1.X. In our case, only one network will be matched, 10.0.1.0/24.
What if we want to match both 10.0.0.0/24 and 10.0.1.0/24? Then we will have to use different wildcard masks. We need to use the wildcard mask of 0.0.1.255. Why is that? Well, we again need to write down the addresses in binary:
00001010.00000000.00000000.00000000 = 10.0.0.0 00001010.00000000.00000001.00000000 = 10.0.1.0 00000000.00000000.00000001.11111111 = 0.0.1.255
From the output above, we can see that only the first 23 bits have to match (notice that the third octet of the wildcard mask has a 1 at the end). That means that all addresses in the range of 10.0.0.0 – 10.0.1.255 will be matched. So, in our case, we have successfully matched both addresses, 10.0.0.0 and 10.0.1.0.
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: