In this article we will discuss Introducing ACL Wildcard Masking, will make brief discussion on Introducing ACL Wildcard Masking, In last article we discuss about ACL Operation.
IPv4 ACEs include the use of wildcard masks. A wildcard mask is a string of 32 binary digits used by the router to determine which bits of the address to examine for a match.
As with subnet masks, the numbers 1 and 0 in the wildcard mask identify how to treat the corresponding IPv4 address bits. However, in a wildcard mask, these bits are used for different purposes and follow different rules.
Subnet masks use binary 1s and 0s to identify the network, subnet, and host portion of an IPv4 address. Wildcard masks use binary 1s and 0s to filter individual IPv4 addresses or groups of IPv4 addresses to permit or deny access to resources.
Wildcard masks and subnet masks differ in the way they match binary 1s and 0s. Wildcard masks use the following rules to match binary 1s and 0s:
Wildcard mask bit 0 – Match the corresponding bit value in the address.
Wildcard mask bit 1 – Ignore the corresponding bit value in the address.
Remember that binary 0 signifies a bit that must match, and binary 1 signifies a bit that can be ignored.
Wildcard masks are often referred to as an inverse mask. The reason is that, unlike a subnet mask in which binary 1 is equal to a match and binary 0 is not a match, in a wildcard mask the reverse is true.
Using a Wildcard Mask
The results of applying a 0.0.255.255 wildcard mask to a 32-bit IPv4 address. Remember that a binary 0 indicates a value that is matched.
Unlike IPv4 ACLs, IPv6 ACLs do not use wildcard masks. Instead, the prefix-length is used to indicate how much of an IPv6 source or destination address should be matched. IPv6 ACLs are beyond the scope of this course.