Working with Wildcard Masks

When working with wildcard masks, Cisco recommends sticking to the interface address with all zeros (0) in the mask. If you want to deviate from this method, breaking the mask at 8-bit boundaries is the next recommendation because it reduces the chance of making errors.

With the exception of the global wildcard mask of all zeros — which is special — there is the matching rule. With the matching rule, where there is a binary zero in the mask, the mask requires a match, but where there is a binary 1 in the mask, the mask does not care about the address.

Wildcard masks work differently than subnet masks do. Subnet masks remove the host section of an address, leaving you with a network ID, whereas wildcard masks identify the portions of an address that need to match. If you reverse the bits and perform the logical AND process, you end up matching the same network.

image0.jpg

If the figure matches the scope of your entire network, and Router1 can use these two network lines:

network 192.168.1.0 0.0.0.255 area 192
network 10.0.0.0 0.255.255.255 area 10

Whereas Router2, which has no 10.0.0.0/8 network segments, can use this network command:

network 192.168.0.0 0.0.255.255 area 192

In this example, all networks in the 10.0.0.0/8 range can be routed through Router1, and Router2 can route all of the 192.168.0.0/16 networks. If you add another router to the network and use an address from the 192.168.0.0/16 or 10.0.0.0/8 network blocks, you may encounter routing issues implementing these wildcard masks.

Although you do less typing with the class-based address masks (one network mask, rather than four, for all of Router2), you must do more planning around the network addresses (which you should be doing anyway). So, you can be more limiting in how you assign masks for these network commands. Router1’s commands are as follows:

network 192.168.1.0 0.0.0.255 area 192
network 10.10.0.0 0.0.127.255 area 10

Router2’s network commands are as follows:

network 192.168.1.0 0.0.0.255 area 192
network 192.168.2.0 0.0.127.255 area 192
network 192.168.4.0 0.0.0.255 area 192

In this set of examples, you end up with two big differences. Based on the mask now assigned to the 10.10.0.0/16 network block of Router1, your router identifies itself as the router from all addresses from 10.10.0.0 through 10.10.3.255, which is fine as long as you do not plan to use 10.10.0.0/24 on another area of your network.

On Router2, the router now routes for 192.168.1.0 through 192.168.4.255. If you were not using the network segments on your network, you would identify it as the router for 192.168.0.0 through 192.168.7.255 with this single command:

Network 192.168.0.0 0.0.63.255 area 192

Although you can reduce your typing a little bit by using wildcard masks, doing so can cause a lot of confusion, so using the interface addresses will make life easier.

blog comments powered by Disqus
Advertisement

Inside Dummies.com