Page 487

Filtering IP Traffic 463

Table 7-4

Example Access List Wildcard Masks

Access List
Mask

Source IP
Address
in Packet

Binary
Version of
Source IP
Addresses

IP Address
in access-
list
Command

Binary
Version of IP
Address in
access-list
Command

Explanation

0.0.0.0

1.55.88.111

0000 0001
0011 0111
0101 1000
0110 1111

1.55.88.4

0000 0001
0011 0111
0101 1000
0000 0100

All bits must
match, and they do
not.

0.0.0.255

1.55.88.111

0000 0001
0011 0111
0101 1000
0110 1111

1.55.88.0

0000 0001
0011 0111
0101 1000
0000 0000

The first 24 bits
must match, and
they do.

0.0.255.255

1.55.56.7

0000 0001
0011 0111
0011 1000
0000 0111

1.55.0.0

0000 0001
0011 0111
0000 0000
0000 0000

The first 16 bits
must match, and
they do.

255.255.255.255

5.88.22.5

0000 0101
0101 1000
0001 0110
0000 0101

0.0.0.0

0000 0000
0000 0000
0000 0000
0000 0000

All bits match,
regardless of the IP
address in the
packet.

32.48.0.255

33.1.1.1

0010 0001
0000 0001
0000 0001
0000 0001

1.1.1.0

0000 0001
0000 0001
0000 0001
0000 0000

All bits except the
3rd, 11th, 12th,
and last 8 must
match. The two
numbers match in
this case. (This is a
rather impractical
choice of wildcard
mask and is used
only to make the
point that it is
flexible!)

ch07.fm Page 463 Monday, March 20, 2000 5:14 PM