Free Wildcard Mask Calculator | Online Calculator

Wildcard Mask Calculator

Subnet mask

Wildcard mask

0.0.0.255

🔒 Privacy Protected

Your data is processed locally and never sent to any server.

FAQ

Keywords

wildcard mask calculatordevlocal processingprivacyfree online tool

How it works

Wildcard masks are the inverse of subnet masks, used in Cisco IOS access control lists (ACLs) and OSPF network statements to specify which bits of an IP address must match and which are "don't care." A 0 bit means "must match exactly"; a 1 bit means "any value is acceptable."

**Relationship to subnet masks** Wildcard mask = 255.255.255.255 − subnet mask. For /24 (255.255.255.0): wildcard = 0.0.0.255 — meaning the first three octets must match, last octet is free. For /20 (255.255.240.0): wildcard = 0.0.15.255. For /32 (255.255.255.255): wildcard = 0.0.0.0 — exact host match.

**ACL usage examples** Permit all hosts in 10.1.0.0/16: permit ip 10.1.0.0 0.0.255.255 any. Match only even-numbered hosts in a /24: 0.0.0.254 would mask bit 0 of the last octet — not a standard CIDR range. Wildcard masks can express non-contiguous patterns impossible with CIDR notation, though these are rarely used in practice.

**OSPF network statements** In OSPF configuration, network [ip-address] [wildcard-mask] area [area-id] specifies which interfaces participate in OSPF. network 10.0.0.0 0.255.255.255 area 0 includes all 10.x.x.x interfaces. network 192.168.1.1 0.0.0.0 area 1 includes only the interface with exactly that IP.

Frequently Asked Questions

How do I write an ACL to permit a /24 subnet using a wildcard mask?

For 192.168.1.0/24: wildcard = 255.255.255.255 − 255.255.255.0 = 0.0.0.255. Cisco IOS ACL: permit ip 192.168.1.0 0.0.0.255 any. This permits any source address where the first three octets match 192.168.1 — the 0.0.0.255 wildcard means 'don't care about the last octet.' The source address 192.168.1.x (any x) is permitted.

Can wildcard masks be non-contiguous?

Yes — unlike subnet masks (which must be contiguous 1s followed by 0s), wildcard masks can have 0s and 1s in any position. A wildcard of 0.255.0.255 would match the 1st and 3rd octet exactly while allowing any value in the 2nd and 4th. This is rarely used in practice but allows matching non-CIDR address patterns in Cisco ACLs. Subnet masks must be contiguous; wildcard masks have no such restriction.

What is the wildcard mask for matching only even-numbered hosts?

To match only hosts with even last-octet values (0, 2, 4...254) in 192.168.1.0/24: use wildcard 0.0.0.254. This sets bit 0 of the last octet as 'must match' (0 = must be 0 = even), allowing any value in bits 1–7. So the pattern matches 192.168.1.0, 192.168.1.2, 192.168.1.4, etc. This kind of non-CIDR matching is only possible with wildcard masks, not CIDR notation.

How are wildcard masks used in OSPF configuration?

OSPF network statements use wildcard masks to specify which interfaces participate in OSPF routing: network [ip-address] [wildcard] area [area-id]. network 10.0.0.0 0.255.255.255 area 0 includes all interfaces with IPs in the 10.x.x.x range. network 192.168.1.1 0.0.0.0 area 1 includes only the interface with exactly that IP address (0.0.0.0 wildcard = exact match). The wildcard works the same way as in ACLs.