cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3683
Views
0
Helpful
3
Replies
steeilers
Beginner

Targeting a Subnet Range with a Wildcard Mask

Thanks in advance,

So I understand wildcard masks for targeting a subnet or a host. What is confusing me is how to target a range of hosts in a subnet.

If someone could point me to a good online resource or just help me answer the following question, that would help me to clarify what I'm missing.

If I'm creating an ACL to block private addresses inbound: 172.16.0.0 - 172.31.255.255 /16 

Why is the mask 0.15.255.255?

My Brainstorming:

If I want to block 172.16.0.0 255.255.0.0 
I would make a deny 172.16.0.0 0.0.255.255 entry

If I flip 0.15.255.255 I get a subnet mask of 255.255.240.0
Why does 255.240.0.0 block the private b address space?

I'm confused, thanks,

3 REPLIES 3
Spooster IT Services
Rising star

Hi steeilers,

To block whole Class B Private subnet 172.16.0.0 - 172.31.255.255 yes the wildcard mask will be 0.15.255.255 because the Class B Private subnet is 172.16.0.0/12 or 172.16.0.0 255.240.0.0.

With the following entry you can deny the whole Class B private subnet ranging from 172.16.0.0 - 172.32.255.255.

deny 172.16.0.0 0.15.255.255

Sr Network Engineer
Freelancer
KJackson50
Beginner

From what I understand, you want to block everything from 127.16.0.0 - 172.31.255.255. When you're in that 2nd octet (where the 16 and 31 are) you're in class A territory. The mask and CIDR for the range that you are looking at is 255.240.0.0 and /12 respectively. 

This is how you would get the mask

255 255 255 255
- 255 240 0 0
= 0 15 255 255

The mask that you got after you flipped the 0.15.255.255 would actually be 255.240.0.0. 255.240.0.0 blocks everything in that remaining 15.255.255. Were you trying to block 172.16.0.0 - 172.16.31.0 /20? Hope that makes sense!

Reza Sharifi
Hall of Fame Expert

0.15.255.255 is the wild card. see link:

http://jodies.de/ipcalc?host=172.16.0.0&mask1=12&mask2=

Address:   172.16.0.0            10101100.0001 0000.00000000.00000000
Netmask: 255.240.0.0 = 12 11111111.1111 0000.00000000.00000000
Wildcard: 0.15.255.255 00000000.0000 1111.11111111.11111111
=> Network: 172.16.0.0/12 10101100.0001 0000.00000000.00000000 (Class B)
Broadcast: 172.31.255.255 10101100.0001 1111.11111111.11111111
HostMin: 172.16.0.1 10101100.0001 0000.00000000.00000001
HostMax: 172.31.255.254 10101100.0001 1111.11111111.11111110
Hosts/Net: 1048574 (Private Internet)