wildcard mask question

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hi all,

I noticed a question in a CCNA lab for ACL's, it is as follows...

'Create an access list that will prevent the even numbered hosts from
pinging but permit the odd numbered one.'

The answer is 'access-list 2 permit'

I understand wildcard masking but for the life of me i cant figure this
answer :(

I know this is not a ccna forum but its the only place where i could
think to get a decent answer.

Any help would be greatly appreciated.


Re: wildcard mask question

Quoted text here. Click to load it

Broken answer.
This access list permits any IP traffic from two addresses only - and
Assuming is not a legal host id, then the list permits all IP
traffic from .1 only.

The following list is closer to the solution .....

access-list 199 deny icmp any echo
access-list 199 permit any any

The above permits any traffic from any host with the exception of pings
originating from an even numbered host.
The source address,, could be any even numbered IP at all - the wild
card mask is just checking for the
least significant bit being set to a "zero" value, which makes the whole
address an 'even' number.

Re: wildcard mask question
max wrote:

Quoted text here. Click to load it

Rught. Remember addresses are just a binary stream. a 1 in the wild card is a
don't care.

What that pattern means is match on the first three octets, and the last bit.
Take the groupings of octets separately. The first thre zeros mean address
needs to be 192.168.14.n the last octet binary pattern is;

0000 0001 The wild card mask is
1111 1110

That means don't care for the first seven bits, last be we care, and the bit in
the pattern is set, to to match on the last octet the last bit must be set, ire
the address must be odd.

Paul Matthews                          

Re: wildcard mask question
Paul was right on explaining the wildcard bits. Since the last bit in
an octet, equates to 1, whenever this eight octet is set to 1, it makes
any combination of eight bits to be an odd number.  Always remember
that wildcards, AKA inverse mask, means 0 to match and 1 to ignore.

max wrote:
Quoted text here. Click to load it

Re: wildcard mask question

Quoted text here. Click to load it

Subnet masks : match all bits that are on (all 1s)  ignore all bits that are
off (all 0s)
Wild card: match all bits that are off (all 0s)  ignore all bits that are on
(all 1s)

To understand it better, the above wild card as a subnet would be:

I have read somewhere the advantages of using a wild card instead of subnet,
but i do not remember where.

Site Timeline