Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2623
Views
10
Helpful
4
Replies

wildcard mask & subnet mask

Go to solution
Dopamine
Level 1
Level 1

‎12-30-2021 12:04 PM

Hello everyone.
Why do we use a wildcard mask Instead subnet mask?
I know that in the wildcard mask; 0 is important and in the subnet mask 1 is important. but I can't understand why we use a wildcard mask?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-31-2021 08:14 PM - edited ‎12-31-2021 08:15 PM

Hello @Dopamine ,

just to add to what @Richard Burts and @Joseph W. Doherty have already explained.

 

wildcard masks are not constrained to a single transition '0' to '1' subnet masks they are.

I mean for use in IP ACLs and extended ACLs wildcard masks provide more flexibility.

a wild card mask like 0.7.0.255 can be used in an extendel ACL line  there is no single subnet mask equivalent,

 

For routing exchange prefix-lists have been introduced in IOS 12.0 but they do not process user traffic.

On the other hand, when configuring an ACL on an ASA we cannot use wild card masks but we can use objects and object groups !

 

Hope to help

Giuseppe

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎12-30-2021 12:46 PM

It was an implementation decision made by Cisco in the very early days of developing their products. I remember a discussion (many years ago) in which the statement was made that the machine architecture made it more efficient to process the matching for access lists using the wildcard format rather than the subnet format. 

HTH

Rick

Go to solution
Dopamine
Level 1
Level 1
In response to Richard Burts

‎12-31-2021 03:49 AM

Thankful
Is wildcard mask faster than subnet mask?

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎12-31-2021 08:02 AM

Do you understand what a "mask" is when doing boolean logic, especially using the "and" operator?

Reason I ask, it explains much about subnet masks.

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-31-2021 08:14 PM - edited ‎12-31-2021 08:15 PM

Hello @Dopamine ,

just to add to what @Richard Burts and @Joseph W. Doherty have already explained.

 

wildcard masks are not constrained to a single transition '0' to '1' subnet masks they are.

I mean for use in IP ACLs and extended ACLs wildcard masks provide more flexibility.

a wild card mask like 0.7.0.255 can be used in an extendel ACL line  there is no single subnet mask equivalent,

 

For routing exchange prefix-lists have been introduced in IOS 12.0 but they do not process user traffic.

On the other hand, when configuring an ACL on an ASA we cannot use wild card masks but we can use objects and object groups !

 

Hope to help

Giuseppe

 

0 Helpful
Customers Also Viewed These Support Documents