Link to home
Start Free TrialLog in
Avatar of jskfan
jskfanFlag for Cyprus

asked on

Wild Card Mask

User generated image
In the topology above , I have EIGRP configured on both routers.
I have advertised all the networks to EIGRP

these are the interfaces in R2:
R2(config-router)# do show ip interface bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.12.2    YES manual up                    up      
FastEthernet0/1            unassigned      YES unset  administratively down down    
FastEthernet1/0            unassigned      YES unset  administratively down down    
FastEthernet1/1            unassigned      YES unset  administratively down down    
Loopback0                  172.16.0.2      YES manual up                    up      
Loopback1                  172.16.1.2      YES manual up                    up      
Loopback2                  172.16.2.2      YES manual up                    up      
Loopback3                  172.16.3.2      YES manual up                    up      
R2(config-router)#

Open in new window


in R2 , when I advertise R2(config-router)#network 172.16.0.0 0.0.3.255
I do not get any error, and all 172.x.x.x networks will show up in R1 routing table:

R1#sh ip route  eigrp 

Gateway of last resort is not set

      172.16.0.0/24 is subnetted, 4 subnets
D        172.16.0.0 [90/156160] via 192.168.12.2, 00:02:02, FastEthernet0/0
D        172.16.1.0 [90/156160] via 192.168.12.2, 00:02:02, FastEthernet0/0
D        172.16.2.0 [90/156160] via 192.168.12.2, 00:02:02, FastEthernet0/0
D        172.16.3.0 [90/156160] via 192.168.12.2, 00:02:02, FastEthernet0/0
R1#

Open in new window


but if I try different wild card mask I get error  :
R2(config-router)#network 172.16.0.0 0.0.4.255
%EIGRP: Invalid mask (discontiguous)

but if I try these wild card masks one a time after Negating one of them , it will work:
R2(config-router)#network 172.16.0.0 0.0.1.255
R2(config-router)#network 172.16.0.0 0.0.0.255  

***So the ones that worked (one a time) are:
R2(config-router)#network 172.16.0.0 0.0.1.255
R2(config-router)#network 172.16.0.0 0.0.0.255  
R2(config-router)#network 172.16.0.0 0.0.3.255

the :172.16.0.0 0.0.2.255 ,172.16.0.0 0.0.4.255,172.16.0.0 0.0.5.255........172.16.0.0 0.0.254.255

I get this error :%EIGRP: Invalid mask (discontiguous)

Any idea why  ?

Thank you
SOLUTION
Avatar of Mitul Prajapati
Mitul Prajapati
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jeremy Weisinger
Jeremy Weisinger
Wildcard and subnet masks are best understood in binary. They don't represent numbers but places or positions. They mark out the bits to compare versus the bits you don't need to compare. This is how a subnet is determined by a network device.

In a subnet mask, the ones (1) represent the match and zeros (0) represent not matched and wildcards are the opposite.
Since this is not for an ACL the wildcard mask must be contiguous. (this hopefully will become clear in the below examples).

So let's take a look at the wildcard masks you tried and hopefully you'll see why some don't work. Here I've laid out 0 - 5 in the 3rd octet of the wildcard mask in binary to demonstrate why it works or doesn't work:
IP      172.16.0.0 - 10101100.00010000.00000000.00000000
Mask     0.0.0.255 - 00000000.00000000.00000000.11111111
Bits that won't be mached:                   ...nnnnnnnn   
Range that matches: 172.16.0.0 - 172.16.0.255


IP      172.16.0.0 - 10101100.00010000.00000000.00000000
Mask     0.0.1.255 - 00000000.00000000.00000001.11111111
Bits that won't be mached:                 ...n.nnnnnnnn   
Range that matches: 172.16.0.0 - 172.16.1.255


IP      172.16.0.0 - 10101100.00010000.00000000.00000000
Mask     0.0.2.255 - 00000000.00000000.00000010.11111111
Invalid because not contiguous...            ^^   


IP      172.16.0.0 - 10101100.00010000.00000000.00000000
Mask     0.0.3.255 - 00000000.00000000.00000011.11111111
Bits that won't be mached:                ...nn.nnnnnnnn   
Range that matches: 172.16.0.0 - 172.16.3.255


IP      172.16.0.0 - 10101100.00010000.00000000.00000000
Mask     0.0.4.255 - 00000000.00000000.00000100.11111111
Invalid because not contiguous...           ^^^   


IP      172.16.0.0 - 10101100.00010000.00000000.00000000
Mask     0.0.5.255 - 00000000.00000000.00000101.11111111
Invalid because not contiguous...           ^^^

Open in new window

0.0.7.255 is the next valid mask. Hopefully that makes sense. :)
Avatar of jskfan
jskfan
Flag of Cyprus image

ASKER

Jeremy

I see you took efforts to explain it. however I still do not see why it is non contiguous:
IP      172.16.0.0 - 10101100.00010000.00000000.00000000
Mask     0.0.2.255 - 00000000.00000000.00000010.11111111
Invalid because not contiguous...            ^^

Open in new window

Avatar of Jeremy Weisinger
Jeremy Weisinger
The mask needs to be continuous meaning that all the zeros need to be next to each other.
These are examples of contiguous patterns:
- 00011111
- 00001111
- 00000001

These would not be contiguous because some of the zeros are broken up by ones:
- 00101111
- 00001110
- 01000001

Does that make sense?
Avatar of jskfan
jskfan
Flag of Cyprus image

ASKER

from those subnets if I need to advertise just these:

172.16.0.1    
172.16.1.1    
172.16.2.1    

I thought I would do Network 172.16.0.0 0.0.2.255
Avatar of Jeremy Weisinger
Jeremy Weisinger
Let's again take a look at the binary and see what would match a 0.0.2.255 mask. From that we should see why it needs to be contiguous.
Keep in mind that zeros (0) need to match and ones (1) don't. So that means that everything in an IP address that lines up with a zero of the mask must match the network IP.

IP Net         172.16.0.0 - 10101100.00010000.00000000.00000000
Mask            0.0.2.255 - 00000000.00000000.00000010.11111111
IP match       172.16.0.1 - 10101100.00010000.00000000.00000001


IP Net         172.16.0.0 - 10101100.00010000.00000000.00000000
Mask            0.0.2.255 - 00000000.00000000.00000010.11111111
IP not match   172.16.1.1 - 10101100.00010000.00000001.00000001
              This bit does not match the network:-->^
               
IP Net         172.16.0.0 - 10101100.00010000.00000000.00000000
Mask            0.0.2.255 - 00000000.00000000.00000010.11111111
IP match       172.16.2.1 - 10101100.00010000.00000010.00000001

Open in new window

From that I hope you can see that there's a gap in the range. This is why for network operations the mask needs to be contiguous.

So to cover these three networks we need to use two entries.

Net IP 172.16.0.0 wildcard mask 0.0.1.255
Net IP 172.16.2.0 wildcard mask 0.0.0.255

In binary the comparison and ranges would look like this:
IP Net         172.16.0.0 - 10101100.00010000.00000000.00000000
Mask            0.0.1.255 - 00000000.00000000.00000001.11111111
Start IP       172.16.0.1 - 10101100.00010000.00000000.00000001
End IP       172.16.1.254 - 10101100.00010000.00000001.11111110

IP Net         172.16.2.0 - 10101100.00010000.00000010.00000000
Mask            0.0.0.255 - 00000000.00000000.00000000.11111111
Start IP       172.16.0.1 - 10101100.00010000.00000010.00000001
End IP       172.16.1.254 - 10101100.00010000.00000010.11111110

Open in new window

Avatar of jskfan
jskfan
Flag of Cyprus image

ASKER

let's say we have :
172.16.0.0/24          
172.16.1.0/24          
172.16.2.0/24          
172.16.3.0/24          

From the networks above, if I want to advertise just the first 3 : 172.16.0.0/24     and  172.16.1.0/24  and 172.16.2.0/24  


Wildcard mask should be this:
172.16.0.0  0.0.2.0

if I want to advertise just 172.16.0.0/24      and  172.16.1.0/24    
Wildcard mask should be this: 176.16.0.0 0.0.1.0

is that how you do it ?
Avatar of Jeremy Weisinger
Jeremy Weisinger
I know I'm trying to relay some information that is difficult to grasp.

So 0.0.2.0, 0.0.1.0, and 0.0.2.255 are all invalid because they are not contiguous in binary.
0.0.2.0  is 00000000.00000000.00000010.00000000 (zeros are broken up by a one)
0.0.1.0 is 00000000.00000000.00000001.00000000 (zeros are broken up by a one)
0.0.2.255 is 00000000.00000000.00000010.11111111 (zeros are broken up by a one)

If you want to advertise 172.16.0.0/24 and 172.16.1.0/24 you would use:
176.16.0.0 0.0.1.255

If you want to advertise 172.16.0.0/24, 172.16.1.0/24, and 172.16.2.0/24 you would use:
176.16.0.0 0.0.1.255 and 172.16.2.0 0.0.0.255
Avatar of jskfan
jskfan
Flag of Cyprus image

ASKER

Thanks Jeremy.
I got the explained contiguous part  , as you said 0s should not be broken by 1s example  00010010 in the 3rd octet

however when they give you 172.16.0.0/24, 172.16.1.0/24, and 172.16.2.0/24 and will tell you advertise them.. What were the steps that you took to  get to the wild card mask  result :
176.16.0.0 0.0.1.255 and 172.16.2.0 0.0.0.255
Avatar of Jeremy Weisinger
Jeremy Weisinger
Well the over simplified method is just doing the inverse of the subnet mask to get the wildcard mask. We have to look at the binary to see what range the mask would cover. We would start with the inverse of the subnet mask and work on making it as broad as we can without including addresses we don't want. Having worked with this for over a decade I can now just do it in my head but here's how you'd work it out:

- We know the subnet mask of each of the networks is 255.255.255.0. The inverse of that is 0.0.0.255 which is the wildcard mask that will match the network
SNM 11111111.11111111.11111111.00000000
WCM 00000000.00000000.00000000.11111111

Open in new window

- We know the network addresses we want to include are 172.16.0.0 - 172.16.2.255
Start IP 172.16.0.0   - 10101100.00010000.00000000.00000000
End IP   172.16.2.255 - 10101100.00010000.00000010.11111111

Open in new window

- Now we can expand the mask to see what fits. 
Test 1
Original inverse. Good but only covers one subnet.
Start IP  172.16.0.0 - 10101100.00010000.00000000.00000000
WCM        0.0.0.255 - 00000000.00000000.00000000.11111111
End IP  172.16.0.255 - 10101100.00010000.00000000.11111111

Test 2
Decrease mask by 1 bit. Still good but only covers two subnets.
Start IP  172.16.0.0 - 10101100.00010000.00000000.00000000
WCM        0.0.1.255 - 00000000.00000000.00000001.11111111
End IP  172.16.1.255 - 10101100.00010000.00000001.11111111

Test 3
Decrease mask by 2 bit. Too far as it goes into 172.16.3.0 network.
Start IP  172.16.0.0 - 10101100.00010000.00000000.00000000
WCM        0.0.3.255 - 00000000.00000000.00000011.11111111
End IP  172.16.3.255 - 10101100.00010000.00000011.11111111

Test 4
So we use test 2 which covers 172.16.0.0 and 172.16.1.0.
Now we test 172.16.2.0 starting again with the orginal inverse of the subnet mask. 
This is good as it covers the remaing addresses.
Start IP  172.16.2.0 - 10101100.00010000.00000010.00000000
WCM        0.0.0.255 - 00000000.00000000.00000000.11111111
End IP  172.16.2.255 - 10101100.00010000.00000010.11111111

Open in new window


I know this stuff can be arcane and this is a pretty hard setting to communicate the concepts. But let me know if you have any questions and I'll do my best to explain.
Avatar of jskfan
jskfan
Flag of Cyprus image

ASKER

OK Jeremy..

almot to the end :-)

172.16.1.0
172.16.2.0
Let's focus on the 3rd Octet. that's were the difference is


Binary= 00000001 = 1 in Decimal
Binary= 00000010 = 2 in decimal

Bits in Common =000000= 6 bits , if we go from Left position to the right position: 128+64+32+16+8+4=252

Then we subtract 252 from 255 : 255-252=3

So the WildCard mask that covers 172.16.1.0 and 172.16.2.0  is 0.0.3.255

Correct ?
ASKER CERTIFIED SOLUTION
Avatar of Jeremy Weisinger
Jeremy Weisinger
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jskfan
jskfan
Flag of Cyprus image

ASKER

Excellent !!
Avatar of Jeremy Weisinger
Jeremy Weisinger
Glad to help. :)