Gibo
asked on
Wildcard Mask For an Extended Access List
Can someone help provide the wildcard mask for the this source IP range?
192.168.0.0 to 192.168.56.0
It will be on an extended access list in a Cisco router. Thanks.
***Is there also a wildcard mask calculator that you can recommend?
192.168.0.0 to 192.168.56.0
It will be on an extended access list in a Cisco router. Thanks.
***Is there also a wildcard mask calculator that you can recommend?
ASKER
Or the only way is to explicitly write them one by one like this?
permit ip 192.168.0.0 0.0.0.255 host xx.xx.xx.xx
permit ip 192.168.1.0 0.0.0.255 host xx.xx.xx.xx
permit ip 192.168.2.0 0.0.0.255 host xx.xx.xx.xx
permit ip 192.168.4.0 0.0.0.255 host xx.xx.xx.xx
.
.
.
permit ip 192.168.56.0 0.0.0.255 host xx.xx.xx.xx
Please advise, thanks!
permit ip 192.168.0.0 0.0.0.255 host xx.xx.xx.xx
permit ip 192.168.1.0 0.0.0.255 host xx.xx.xx.xx
permit ip 192.168.2.0 0.0.0.255 host xx.xx.xx.xx
permit ip 192.168.4.0 0.0.0.255 host xx.xx.xx.xx
.
.
.
permit ip 192.168.56.0 0.0.0.255 host xx.xx.xx.xx
Please advise, thanks!
ASKER
Hi Predrag Jovic,
Can you please provide the steps on how were you able to summarize that range? Like in bits?
Thanks,
Gibo
Can you please provide the steps on how were you able to summarize that range? Like in bits?
Thanks,
Gibo
access-list 100 permit ip 192.168.0.0 0.0.31.255 host x.x.x.x
access-list 100 permit ip 192.168.32.0 0.0.15.255 host x.x.x.x
access-list 100 permit ip 192.168.48.0 0.0.7.255 host x.x.x.x
access-list 100 permit ip 192.168.56.0 0.0.0.255 host x.x.x.x
You can use named access list
ip access-list extended MY_LIST
permit ip 192.168.0.0 0.0.31.255 host x.x.x.x
permit ip 192.168.32.0 0.0.15.255 host x.x.x.x
permit ip 192.168.48.0 0.0.7.255 host x.x.x.x
permit ip 192.168.56.0 0.0.0.255 host x.x.x.x
access-list 100 permit ip 192.168.32.0 0.0.15.255 host x.x.x.x
access-list 100 permit ip 192.168.48.0 0.0.7.255 host x.x.x.x
access-list 100 permit ip 192.168.56.0 0.0.0.255 host x.x.x.x
You can use named access list
ip access-list extended MY_LIST
permit ip 192.168.0.0 0.0.31.255 host x.x.x.x
permit ip 192.168.32.0 0.0.15.255 host x.x.x.x
permit ip 192.168.48.0 0.0.7.255 host x.x.x.x
permit ip 192.168.56.0 0.0.0.255 host x.x.x.x
ASKER
Noted, how did you arrive to these ranges by using bits conversion?
I rarely use binary conversion. Typically everyone is having some simplification.
Consecutive network ranges 0-56 simple model that I am using:
Start and included in every range
32 < 56 < 64
first range is decimally 32 digits long in second octet => 0 to 31 (defines beginning and end of the range). Binary math from that point is easy. 192.168.0/19 (/19 binary subent mask is 11111111 11111111 11100000 00000000 wildcard mask is just xor with subnet mask /32 - 111111111.111111111.11111111.11111111 result is 00000000.00000000.00011111.11111111 = 0.0.31.255 ).
Or simplified wildcard mask is just for the third octet is 31-0
56 - 32 = 24
16 < 24 < 32
second range is decimally 16 digits long in second octet => 32 to 47
192.168.32.0/20
Wildcard mask is just for the third octet is 47-32 = 15
24 - 16 = 8
4 < 8 = 8
second range is decimally 8 digits long in second octet => 48 to 55
192.168.48.0/21
Wildcard mask is just for the third octet is 55-48 = 7
+ 56 that should be included is /24
Consecutive network ranges 0-56 simple model that I am using:
Start and included in every range
32 < 56 < 64
first range is decimally 32 digits long in second octet => 0 to 31 (defines beginning and end of the range). Binary math from that point is easy. 192.168.0/19 (/19 binary subent mask is 11111111 11111111 11100000 00000000 wildcard mask is just xor with subnet mask /32 - 111111111.111111111.11111111.11111111 result is 00000000.00000000.00011111.11111111 = 0.0.31.255 ).
Or simplified wildcard mask is just for the third octet is 31-0
56 - 32 = 24
16 < 24 < 32
second range is decimally 16 digits long in second octet => 32 to 47
192.168.32.0/20
Wildcard mask is just for the third octet is 47-32 = 15
24 - 16 = 8
4 < 8 = 8
second range is decimally 8 digits long in second octet => 48 to 55
192.168.48.0/21
Wildcard mask is just for the third octet is 55-48 = 7
+ 56 that should be included is /24
ASKER
Wow! Great! Thank you so much.
You're welcome.
You can do it in your head...
Each octet has 256 possible values. If your subnet mask is 255.255.255.0, for example, the wildcard mask would be inverse, so 0.0.0.255. We count 0 as the first number, so the last number is 255.
If we have a number in the subnet mask which is 0, the inverse of that would be 255, as above. If the number is not 0 or 255 we need to do a subtraction.
255 - <number in octet> = inverse number
So, for a mask 255.255.224.0 we would get...
255 - 224 = 31
The wildcard would therefore be 0.0.31.255.
In your case the subnet mask to cover the range you require isn't a single one. You can use the closest mask to get the largest range covered, then subnet further to cover the rest. If you were to use a single mask you would cover ranges 192.168.0.0 through to 192.168.63.255. This would be 255.255.192.0, or 0.0.63.255.
The next subnet mask is 255.255.224.0. That covers everything up to 192.168.31.255, leaving 192.168.32.0 through to 192.168.56.0 to cover. You can cover most of that with a 255.255.240.0 mask, or 0.0.15.255 covering 192.168.32.0 through to 192.168.48.255. Then the last part would be 255.255.248.0, or 0.0.7.255, covering 192.168.48.0 through to 192.168.55.255.
RANGE MASK WILDCARD
192.168.0.0 to 192.168.31.255 = 255.255.224.0 = 0.0.31.255
192.168.32.0 to 192.168.47.255 = 255.255.240.0 = 0.0.15.255
192.168.48.0 to 192.168.55.255 = 255.255.248.0 = 0.0.7.255
If you need to cover 192.168.56.0 as a single host use 0.0.0.0 as the wildcard. If it's a range, use 0.0.0.255 to cover 192.168.56.0 to 192.168.56.255.
Each octet has 256 possible values. If your subnet mask is 255.255.255.0, for example, the wildcard mask would be inverse, so 0.0.0.255. We count 0 as the first number, so the last number is 255.
If we have a number in the subnet mask which is 0, the inverse of that would be 255, as above. If the number is not 0 or 255 we need to do a subtraction.
255 - <number in octet> = inverse number
So, for a mask 255.255.224.0 we would get...
255 - 224 = 31
The wildcard would therefore be 0.0.31.255.
In your case the subnet mask to cover the range you require isn't a single one. You can use the closest mask to get the largest range covered, then subnet further to cover the rest. If you were to use a single mask you would cover ranges 192.168.0.0 through to 192.168.63.255. This would be 255.255.192.0, or 0.0.63.255.
The next subnet mask is 255.255.224.0. That covers everything up to 192.168.31.255, leaving 192.168.32.0 through to 192.168.56.0 to cover. You can cover most of that with a 255.255.240.0 mask, or 0.0.15.255 covering 192.168.32.0 through to 192.168.48.255. Then the last part would be 255.255.248.0, or 0.0.7.255, covering 192.168.48.0 through to 192.168.55.255.
RANGE MASK WILDCARD
192.168.0.0 to 192.168.31.255 = 255.255.224.0 = 0.0.31.255
192.168.32.0 to 192.168.47.255 = 255.255.240.0 = 0.0.15.255
192.168.48.0 to 192.168.55.255 = 255.255.248.0 = 0.0.7.255
If you need to cover 192.168.56.0 as a single host use 0.0.0.0 as the wildcard. If it's a range, use 0.0.0.255 to cover 192.168.56.0 to 192.168.56.255.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
192.168.0.0/19 - 192.168.0.0 0.0.31.255
192.168.32.0/20 - 192.168.32.0 0.0.15.255
192.168.48.0/21 - 192.168.48.0 0.0.7.255
192.168.56.0/24 - 192.168.56.0 0.0.0.255
To be able to summarize with one wildcard you should pick proper range from the start, for example you could use/reserve 192.168.0.0/18 for location 192.168.0.0 0.0.63.255 (but that will include IP addresses 192.168.57.0 - 192.168.63.255).
Any subnet calculator will do.
http://www.subnet-calculator.com/