jskfan
asked on
Wild Card Mask
In the topology above , I have EIGRP configured on both routers.
I have advertised all the networks to EIGRP
these are the interfaces in R2:
R2(config-router)# do show ip interface bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.12.2 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
FastEthernet1/0 unassigned YES unset administratively down down
FastEthernet1/1 unassigned YES unset administratively down down
Loopback0 172.16.0.2 YES manual up up
Loopback1 172.16.1.2 YES manual up up
Loopback2 172.16.2.2 YES manual up up
Loopback3 172.16.3.2 YES manual up up
R2(config-router)#
in R2 , when I advertise R2(config-router)#network 172.16.0.0 0.0.3.255
I do not get any error, and all 172.x.x.x networks will show up in R1 routing table:
R1#sh ip route eigrp
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 4 subnets
D 172.16.0.0 [90/156160] via 192.168.12.2, 00:02:02, FastEthernet0/0
D 172.16.1.0 [90/156160] via 192.168.12.2, 00:02:02, FastEthernet0/0
D 172.16.2.0 [90/156160] via 192.168.12.2, 00:02:02, FastEthernet0/0
D 172.16.3.0 [90/156160] via 192.168.12.2, 00:02:02, FastEthernet0/0
R1#
but if I try different wild card mask I get error :
R2(config-router)#network 172.16.0.0 0.0.4.255
%EIGRP: Invalid mask (discontiguous)
but if I try these wild card masks one a time after Negating one of them , it will work:
R2(config-router)#network 172.16.0.0 0.0.1.255
R2(config-router)#network 172.16.0.0 0.0.0.255
***So the ones that worked (one a time) are:
R2(config-router)#network 172.16.0.0 0.0.1.255
R2(config-router)#network 172.16.0.0 0.0.0.255
R2(config-router)#network 172.16.0.0 0.0.3.255
the :172.16.0.0 0.0.2.255 ,172.16.0.0 0.0.4.255,172.16.0.0 0.0.5.255........172.16.0.
I get this error :%EIGRP: Invalid mask (discontiguous)
Any idea why ?
Thank you
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jeremy
I see you took efforts to explain it. however I still do not see why it is non contiguous:
I see you took efforts to explain it. however I still do not see why it is non contiguous:
IP 172.16.0.0 - 10101100.00010000.00000000.00000000
Mask 0.0.2.255 - 00000000.00000000.00000010.11111111
Invalid because not contiguous... ^^
The mask needs to be continuous meaning that all the zeros need to be next to each other.
These are examples of contiguous patterns:
- 00011111
- 00001111
- 00000001
These would not be contiguous because some of the zeros are broken up by ones:
- 00101111
- 00001110
- 01000001
Does that make sense?
These are examples of contiguous patterns:
- 00011111
- 00001111
- 00000001
These would not be contiguous because some of the zeros are broken up by ones:
- 00101111
- 00001110
- 01000001
Does that make sense?
ASKER
from those subnets if I need to advertise just these:
172.16.0.1
172.16.1.1
172.16.2.1
I thought I would do Network 172.16.0.0 0.0.2.255
172.16.0.1
172.16.1.1
172.16.2.1
I thought I would do Network 172.16.0.0 0.0.2.255
Let's again take a look at the binary and see what would match a 0.0.2.255 mask. From that we should see why it needs to be contiguous.
Keep in mind that zeros (0) need to match and ones (1) don't. So that means that everything in an IP address that lines up with a zero of the mask must match the network IP.
So to cover these three networks we need to use two entries.
Net IP 172.16.0.0 wildcard mask 0.0.1.255
Net IP 172.16.2.0 wildcard mask 0.0.0.255
In binary the comparison and ranges would look like this:
Keep in mind that zeros (0) need to match and ones (1) don't. So that means that everything in an IP address that lines up with a zero of the mask must match the network IP.
IP Net 172.16.0.0 - 10101100.00010000.00000000.00000000
Mask 0.0.2.255 - 00000000.00000000.00000010.11111111
IP match 172.16.0.1 - 10101100.00010000.00000000.00000001
IP Net 172.16.0.0 - 10101100.00010000.00000000.00000000
Mask 0.0.2.255 - 00000000.00000000.00000010.11111111
IP not match 172.16.1.1 - 10101100.00010000.00000001.00000001
This bit does not match the network:-->^
IP Net 172.16.0.0 - 10101100.00010000.00000000.00000000
Mask 0.0.2.255 - 00000000.00000000.00000010.11111111
IP match 172.16.2.1 - 10101100.00010000.00000010.00000001
From that I hope you can see that there's a gap in the range. This is why for network operations the mask needs to be contiguous. So to cover these three networks we need to use two entries.
Net IP 172.16.0.0 wildcard mask 0.0.1.255
Net IP 172.16.2.0 wildcard mask 0.0.0.255
In binary the comparison and ranges would look like this:
IP Net 172.16.0.0 - 10101100.00010000.00000000.00000000
Mask 0.0.1.255 - 00000000.00000000.00000001.11111111
Start IP 172.16.0.1 - 10101100.00010000.00000000.00000001
End IP 172.16.1.254 - 10101100.00010000.00000001.11111110
IP Net 172.16.2.0 - 10101100.00010000.00000010.00000000
Mask 0.0.0.255 - 00000000.00000000.00000000.11111111
Start IP 172.16.0.1 - 10101100.00010000.00000010.00000001
End IP 172.16.1.254 - 10101100.00010000.00000010.11111110
ASKER
let's say we have :
172.16.0.0/24
172.16.1.0/24
172.16.2.0/24
172.16.3.0/24
From the networks above, if I want to advertise just the first 3 : 172.16.0.0/24 and 172.16.1.0/24 and 172.16.2.0/24
Wildcard mask should be this:
172.16.0.0 0.0.2.0
if I want to advertise just 172.16.0.0/24 and 172.16.1.0/24
Wildcard mask should be this: 176.16.0.0 0.0.1.0
is that how you do it ?
172.16.0.0/24
172.16.1.0/24
172.16.2.0/24
172.16.3.0/24
From the networks above, if I want to advertise just the first 3 : 172.16.0.0/24 and 172.16.1.0/24 and 172.16.2.0/24
Wildcard mask should be this:
172.16.0.0 0.0.2.0
if I want to advertise just 172.16.0.0/24 and 172.16.1.0/24
Wildcard mask should be this: 176.16.0.0 0.0.1.0
is that how you do it ?
I know I'm trying to relay some information that is difficult to grasp.
So 0.0.2.0, 0.0.1.0, and 0.0.2.255 are all invalid because they are not contiguous in binary.
0.0.2.0 is 00000000.00000000.00000010.00000000 (zeros are broken up by a one)
0.0.1.0 is 00000000.00000000.00000001.00000000 (zeros are broken up by a one)
0.0.2.255 is 00000000.00000000.00000010.11111111 (zeros are broken up by a one)
If you want to advertise 172.16.0.0/24 and 172.16.1.0/24 you would use:
176.16.0.0 0.0.1.255
If you want to advertise 172.16.0.0/24, 172.16.1.0/24, and 172.16.2.0/24 you would use:
176.16.0.0 0.0.1.255 and 172.16.2.0 0.0.0.255
So 0.0.2.0, 0.0.1.0, and 0.0.2.255 are all invalid because they are not contiguous in binary.
0.0.2.0 is 00000000.00000000.00000010.00000000 (zeros are broken up by a one)
0.0.1.0 is 00000000.00000000.00000001.00000000 (zeros are broken up by a one)
0.0.2.255 is 00000000.00000000.00000010.11111111 (zeros are broken up by a one)
If you want to advertise 172.16.0.0/24 and 172.16.1.0/24 you would use:
176.16.0.0 0.0.1.255
If you want to advertise 172.16.0.0/24, 172.16.1.0/24, and 172.16.2.0/24 you would use:
176.16.0.0 0.0.1.255 and 172.16.2.0 0.0.0.255
ASKER
Thanks Jeremy.
I got the explained contiguous part , as you said 0s should not be broken by 1s example 00010010 in the 3rd octet
however when they give you 172.16.0.0/24, 172.16.1.0/24, and 172.16.2.0/24 and will tell you advertise them.. What were the steps that you took to get to the wild card mask result :
176.16.0.0 0.0.1.255 and 172.16.2.0 0.0.0.255
I got the explained contiguous part , as you said 0s should not be broken by 1s example 00010010 in the 3rd octet
however when they give you 172.16.0.0/24, 172.16.1.0/24, and 172.16.2.0/24 and will tell you advertise them.. What were the steps that you took to get to the wild card mask result :
176.16.0.0 0.0.1.255 and 172.16.2.0 0.0.0.255
Well the over simplified method is just doing the inverse of the subnet mask to get the wildcard mask. We have to look at the binary to see what range the mask would cover. We would start with the inverse of the subnet mask and work on making it as broad as we can without including addresses we don't want. Having worked with this for over a decade I can now just do it in my head but here's how you'd work it out:
- We know the subnet mask of each of the networks is 255.255.255.0. The inverse of that is 0.0.0.255 which is the wildcard mask that will match the network
I know this stuff can be arcane and this is a pretty hard setting to communicate the concepts. But let me know if you have any questions and I'll do my best to explain.
- We know the subnet mask of each of the networks is 255.255.255.0. The inverse of that is 0.0.0.255 which is the wildcard mask that will match the network
SNM 11111111.11111111.11111111.00000000
WCM 00000000.00000000.00000000.11111111
- We know the network addresses we want to include are 172.16.0.0 - 172.16.2.255Start IP 172.16.0.0 - 10101100.00010000.00000000.00000000
End IP 172.16.2.255 - 10101100.00010000.00000010.11111111
- Now we can expand the mask to see what fits. Test 1
Original inverse. Good but only covers one subnet.
Start IP 172.16.0.0 - 10101100.00010000.00000000.00000000
WCM 0.0.0.255 - 00000000.00000000.00000000.11111111
End IP 172.16.0.255 - 10101100.00010000.00000000.11111111
Test 2
Decrease mask by 1 bit. Still good but only covers two subnets.
Start IP 172.16.0.0 - 10101100.00010000.00000000.00000000
WCM 0.0.1.255 - 00000000.00000000.00000001.11111111
End IP 172.16.1.255 - 10101100.00010000.00000001.11111111
Test 3
Decrease mask by 2 bit. Too far as it goes into 172.16.3.0 network.
Start IP 172.16.0.0 - 10101100.00010000.00000000.00000000
WCM 0.0.3.255 - 00000000.00000000.00000011.11111111
End IP 172.16.3.255 - 10101100.00010000.00000011.11111111
Test 4
So we use test 2 which covers 172.16.0.0 and 172.16.1.0.
Now we test 172.16.2.0 starting again with the orginal inverse of the subnet mask.
This is good as it covers the remaing addresses.
Start IP 172.16.2.0 - 10101100.00010000.00000010.00000000
WCM 0.0.0.255 - 00000000.00000000.00000000.11111111
End IP 172.16.2.255 - 10101100.00010000.00000010.11111111
I know this stuff can be arcane and this is a pretty hard setting to communicate the concepts. But let me know if you have any questions and I'll do my best to explain.
ASKER
OK Jeremy..
almot to the end :-)
172.16.1.0
172.16.2.0
Let's focus on the 3rd Octet. that's were the difference is
Binary= 00000001 = 1 in Decimal
Binary= 00000010 = 2 in decimal
Bits in Common =000000= 6 bits , if we go from Left position to the right position: 128+64+32+16+8+4=252
Then we subtract 252 from 255 : 255-252=3
So the WildCard mask that covers 172.16.1.0 and 172.16.2.0 is 0.0.3.255
Correct ?
almot to the end :-)
172.16.1.0
172.16.2.0
Let's focus on the 3rd Octet. that's were the difference is
Binary= 00000001 = 1 in Decimal
Binary= 00000010 = 2 in decimal
Bits in Common =000000= 6 bits , if we go from Left position to the right position: 128+64+32+16+8+4=252
Then we subtract 252 from 255 : 255-252=3
So the WildCard mask that covers 172.16.1.0 and 172.16.2.0 is 0.0.3.255
Correct ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent !!
Glad to help. :)
In a subnet mask, the ones (1) represent the match and zeros (0) represent not matched and wildcards are the opposite.
Since this is not for an ACL the wildcard mask must be contiguous. (this hopefully will become clear in the below examples).
So let's take a look at the wildcard masks you tried and hopefully you'll see why some don't work. Here I've laid out 0 - 5 in the 3rd octet of the wildcard mask in binary to demonstrate why it works or doesn't work:
Open in new window
0.0.7.255 is the next valid mask. Hopefully that makes sense. :)