What is Wildcards?
And quite simply, Wilcards means wherever there’s a 1 in a normal netmask, you’ll use a 0 in a wildcard mask.
Subnet Mask for IP address 192.168.1.0 with a 255.255.255.0 mask will be 192.168.1.0 0.0.0.255. This is sometimes called an inverse mask or a wildcard mask. When the value of the mask is written out into binary (0s and 1s), the results determine which address bits are to be considered in processing the traffic.
The values for subnet mask can be 128,192,224,240,248,252,254 and 255
Take network address 192.168.20.0 / 24 (class C)
Network Address (binary) 11000000.10101000.0001100.00000000
Subnet mask 255.255.255.0 (decimal)
mask 11111111.11111111.11111111.00000000 (binary)
Subtract the normal mask from 255.255.255.255 in order to determine the ACL inverse mask or wilcard. In this example, the inverse mask is determined for network address 192.168.20.0 with a normal mask of 255.255.255.0.
= 0. 0. 0. 255 – this is the wild card or inverse mask
Subnet mask of 255.255.255.192
= 0. 0. 0. 63 (this is the wildcard)
Calculating wilcards is fun if you could understand that is just simple subtraction of the net mask of a given ip address from 255.255.255.255.
Wildcard for class B IP addresses
The following table should help in seeing a pattern between the number of bits used for the mask in a particular octet, the subnet mask in decimal and the equivalent wildcard mask:
The binary for the wildcard mask is the exact reverse, bit for bit, of the subnet mask. You then calculate the decimal from the reversed binary bits to obtain the dotted decimal wildcard mask.