Subnet Affectation Versus Changed Affectation Overview
The IP abode has two basal components: the arrangement abode and the host address. A affectation is acclimated to
partition the arrangement abode from the host abode aural the IP address. The afterward area describes two
types of masks—the subnet affectation and the changed mask.
Subnet Mask
As mentioned earlier, an IP abode consists of two parts: a arrangement abode and a host address. The subnet
mask is acclimated to authorize area the arrangement cardinal in an IP abode ends and the host cardinal begins. It is a
method acclimated for agreeable IP networks into a alternation of subgroups or subnets as accurate in RFC 950. The
mask is a 32-bit bifold arrangement that is akin up with the IP abode to about-face allotment of the host ID abode field
into a acreage for subnets. (Table 2-4 shows an example.)
Table 2-4. Affectation Example
Network abode (traffic that is to be
processed)
10.1.1.0
Network abode (binary) 00001010.00000001.00000001.00000000
Subnet affectation (decimal) 255.0.0.0
Subnet affectation (binary) 11111111.00000000.00000000.00000000
Wildcard/inverse affectation (decimal) 0.0.0.255
Wildcard/inverse affectation (binary) 00000000.00000000.00000000.11111111
Inverse Mask
Masks for IOS IP ACLs are the about-face (for example, affectation 0.0.0.255) and are referred to as the changed mask,
also frequently accepted as a wildcard mask. (The agreement wildcard and changed are acclimated interchangeably.) When
the amount of the affectation is burst bottomward into bifold numbers (0s and 1s), the after-effects actuate which abode bits
are to be advised in processing the traffic. A 0 indicates that the abode $.25 charge be advised (exact
match); a 1 in the affectation is a "don't care." Table 2-4 explains the abstraction further.
Based on the changed affectation apparent in binary, the aboriginal three sets (octets) charge bout the accustomed bifold network
address absolutely (00001010.00000001.00000001). The aftermost set of numbers represents "don't care" (.11111111).
Therefore, all cartage that begins with 10.1.1. matches because the aftermost octet is not considered. With this mask,
network addresses 10.1.1.1 through 10.1.1.255 (10.1.1.x) are processed.
The ACL changed affectation can additionally be bent by adding the accustomed affectation from 255.255.255.255. See
Example 2-1.
Example 2-1. ACL Changed Mask
Code View:
The changed affectation for arrangement abode 172.16.1.0 with a subnet affectation of 255.255.240.0
is;
255.255.255.255 - 255.255.240.0 (subnet mask) = 0.0.15.255 (inverse mask)
Note
When configuring an ACL, you can acting continued dotted numbers with appropriate keywords that represent
the aforementioned equivalents, as apparent in the afterward examples:
Source/source-wildcard of 0.0.0.0/255.255.255.255 can additionally be represented with the keyword
"any" aural the ACL.
Source/wildcard of 10.1.1.2/0.0.0.0 can additionally be represented as "host 10.1.1.2."