MicroNugget: What are IPv4 Wildcard Masks?
ฝัง
- เผยแพร่เมื่อ 5 มิ.ย. 2012
- Start learning cybersecurity with CBT Nuggets. courses.cbt.gg/security
In this video, Keith Barker covers Wildcard Masks: what they do, how they do it, and in what situations you should employ this tool. This allows you to tell an access list entry that you’re concerned about identifying a single subnet on a remote network.
Computing is all about specificity, but sometimes you don’t need to outline every single aspect of a particular feature. A Wildcard Mask’s responsibility is to identify some components of an IP address that you don’t care about and then apply policies to them based on values you didn’t explicitly specify. For example, let’s say you’re going to deny any traffic sourced from the 172.16.56.0 network. You’ll need to create an access control list, but if you’re dealing with a 24-bit network, you’re looking at 254 distinct possibilities. You want to write the policy so that you discriminate against IP addresses based on the first three values, but don’t care about the last one. That’s where a Wildcard Mask comes into play.
🌐 Download the Free Ultimate Networking Cert Guide: blog.cbt.gg/5krf
⬇️ 13-Week Study Plan: CCNA (200-301): blog.cbt.gg/5c3d
Start learning with CBT Nuggets:
• Intro to Networking | courses.cbt.gg/tuv
• Cisco CCDA Design (200-310 DESGN) | courses.cbt.gg/0tv
• Cisco CCNA Service Provider (640-875 SPNGN1 & 640-878 SPNGN2) | courses.cbt.gg/589
• Cisco CCNA Wireless (200-355 WIFUND) | courses.cbt.gg/w49
Yes, that is a correct way of looking at it. Good work.
Keith
My guy, this is the best explanation ever
Whenever I watch a Keith Barker video, I press like first then watch the video.
Thanks Keith.
Awesome Stuff.
thanks Keith
A aula mais clara que eu já vi desse assunto na minha vida, muito obrigado, um dia meu CCNA sai
Thanks Keith for the good explanation
Thanks Keith!
Keith is the best ## Better than my university teacher
Great explanation! Thank you!
very well explained. thanks.
thanks..well explained
thank you!!!
The question is why is it different than a regular subnet mask? The bit meanings are flipped. What was the decision behind this?
But why is it a 10, do you have more axamples?
Am I correct that with a SNM bit that are on mean LOOK. But with a Wildcard Mask bit in the on position mean DONT look, AKA Variable?
Keith can u explain how this wild card works 0.128.0.16
I am still onfused how to work with those 0 Sir?
It would be a great video Keith, except I DONT CARE!! ; )
Thanks for the detailed description. And god damn can you code! I guess that kinda comes with being CCIE...
Rock on.
lol Keith I don't get it anyway)))
why are used wildcard mask in ACL and why not used usual subnet mask in ACL ???
Great question. On the Cisco ASA firewall they DO use the usual mask instead of the wildcard mask, but on Cisco routers ACLs and Network Statements they chose to use the wildcard. Perhaps the wildcard option didn't require contiguous bits, while the normal mask does. If that is the case the wildcard mask would provide more flexibility/options. (That logic of why is just a guess).
Hope that helps,
Keith
there may be situations where you want to allow SOME hosts from a subnet, but not all. In this case, you don't want the wildcard mask to be a mirror of the subnet mask.
this guy doesn't like air fresheners!