22 Feb 2014
Binary reference charts
Introduction
If you need to calculate an ACL wildcard mask at the subnet level, it's pretty easy. All you have to do is subtract the regular subnet mask from 255 . 255 . 255 . 255 and you have the wildcard mask.
But, what if you have something more complex? Given the ACL command:
access-list 1 permit [address_to_check] [wildcard_used_to_check]
We need to find the "address-to-check" and the "wildcard-used-to-check".
Example Problem
For instance, calculate the most specific wildcard mask for the following four networks.
1.2.3.4
5.6.7.8
9.10.11.12
13.14.15.16
The Procedure
- First convert the addresses to binary.
- Now we find the address-to-check by performing a binary AND operation on the addresses. A binary AND means the output is high only when all the inputs are high. In this case, the result is:
- Convert that to decimal and we have:
- This is our address-to-check. Now we find the wildcard-used-to-check by performing a binary XOR. XOR means the output is high if any input is high but not all 1's. In this case, the result is:
- Convert that to decimal and we get:
- This is our wildcard-used-to-check. Plugging the two results into our ACL gives us the most specific wildcard mask possible and the address which represents the original addresses.
1.2.3.4 00000001 00000010 00000011 00000100 5.6.7.8 00000101 00000110 00000111 00001000 9.10.11.12 00001001 00001010 00001011 00001100 13.14.15.16 00001101 00001110 00001111 00010000
00000001 00000010 00000011 00000000
1.2.3.0
00001100 00001100 00001100 00011100
12.12.12.28
access-list 1 permit 1.2.3.0 12.12.12.28
Now, that wasn't too hard, was it?