Free · No account · Works in your browser

Wildcard Mask Calculator

Convert subnet masks to wildcard masks for Cisco ACLs and OSPF network statements

Common masks:
Subnet mask255.255.255.0
Wildcard mask0.0.0.255
Memory trick: subtract each octet from 255.255 - 255 = 0 · 255 - 255 = 0 · 255 - 255 = 0 · 255 - 0 = 255

Cisco ACL & OSPF examples

Allow entire 192.168.1.0/24

access-list 1 permit 192.168.1.0 0.0.0.255

Allow entire 10.0.0.0/8

access-list 1 permit 10.0.0.0 0.255.255.255

Allow specific host 172.16.5.10

access-list 1 permit 172.16.5.10 0.0.0.0

Allow 192.168.0.0/16

access-list 1 permit 192.168.0.0 0.0.255.255

OSPF — advertise 10.1.0.0/24

network 10.1.0.0 0.0.0.255 area 0

What is a wildcard mask?

A wildcard mask is the bitwise inverse of a subnet mask — subtract each octet from 255. Where a subnet mask uses 1s to mark network bits, a wildcard mask uses 0s to mark bits that must match exactly and 1s to mark bits that can be anything.

Cisco uses wildcard masks in access control lists (ACLs) to define which addresses a rule applies to, and in OSPF network statements to define which interfaces to include. A wildcard of 0.0.0.0 matches exactly one host. A wildcard of 255.255.255.255 matches any address.