Showing results for 
Search instead for 
Did you mean: 

ACL Wildcard Masking...


Hello everyone, I am reading the Cisco 5.2.3 ACL WIldcard Masking chapter and I have come across a stump....something that I cannot get myself to understand.

With the image that I've attached, you will see that cisco is using the IP and a wildcard mask of  I am guessing it's safe to say that with the inverse mask being, that the subnet would be thus being a /16 subnet.

My problem is understanding why Cisco choose to use for  Why didn't they use


I have asked a few others but it just gets me more and more confused.  

Can somebody explain to me why they used for the wildcard mask? why not use

thank you!

3 Replies 3

Ryan Gadwood
Cisco Employee
Cisco Employee


From what I can see from the image it shows an IP address of which is a valid IP address with the mask of a /16( It would not be a valid IP address if it was a /24( since that would be a host address which is the reason for the wild card mask they choose to show. Hope this helps.


Thank you Ryan, so maybe I am getting confused with this...

When you state is a valid IP address with a mask of /16...what makes it that?

when looking at, how can I see that it is a valid address with a /16?  I belive that is why I am getting confused.


I'm not sure how familiar you are with subnetting but I'll try to make this hopefully easy to follow...

So for with a /16( mask you would have a valid IP range of..


so would fall within that range of usuable.

For with a /24( mask you would have a valid range of..


So from the above example you can see that would not be a valid ip address with a /24. If it was then it would be and then the picture you posted before might show the wildcard mask as

I can see how the picture can be confusing.

Hope this clears things up.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers