Will Robinson

Will Robinson

Will is a senior sales engineer & DevOps specialist who loves talking about cloud, automation and cybersecurity

Note: For the first post in this series, please see the Subnetting Made Easy, Part 1 post.

Recently I received an e-mail from a reader who was having trouble with one of their labs. The lab required them to write an ACL which matches only part of a subnet, as opposed to the whole subnet which is what is commonly seen in lab environments. The details are as follows:

  • Network Address: 192.168.0.192 /27
  • Usable Addresses: 192.168.0.193 - 192.168.0.222
  • Subnet Mask: 255.255.255.224
  • Wildcard Mask: 0.0.0.31

The range of addresses inside the subnet which need to be matched are:

Match Addresses: 192.168.0.193 - 192.168.0.206

In order to create the ACL, the author needs to find out which wildcard mask matches only the above mentioned addresses.

The Solution

The solution I use to answer this question is the same one I use when I’m summarising routes. I convert the necessary octet to binary and then find the least significant bit that matches both the lowest IP address and highest IP address in the range. In this case the details are as follows:

  • Octet: 4th (given that the network address is a /27)
  • Lowest IP: 192.168.0.193
  • Highest IP: 192.168.0.206
/25 /26 /27 /28 /29 /30 /31 /32
128 64 32 16 8 4 2 1
Network: 1 1 0 0 0 0 0 0 = 192
Lowest IP: 1 1 0 0 0 0 0 1 = 193
Highest IP: 1 1 0 0 1 1 1 0 = 206

As highlighted above, first, second third and fourth most significant bits match. The fifth bit however, does not. This therefore means the fourth bit is the one we’re looking for. From this we can deduce the following:

  • Network Address: 192.168.0.192 (the 192 is because of the 128 + 64 as shown above)
  • Subnet Mask: 255.255.255.240 (/28) - (This is because the four most significant bits match)
  • Wildcard Mask: 0.0.0.15 - (Inverse of the Subnet Mask - 255 - 240 = 15)

See the Subnetting Made Easy - Index post for links to all of the posts in this series.

As always, if you have any questions or have a topic that you would like me to discuss, please feel free to post a comment at the bottom of this blog entry, e-mail at will@oznetnerd.com, or drop me a message on Reddit (OzNetNerd).

Note: The opinions expressed in this blog are my own and not those of my employer.

Leave a comment

You may also enjoy

Lambda packaging the right way

November 11, 2020

Simplicity One of the beautiful things about Lambda is its simplicity. You write code, test it and then you deploy it. If it works on your machine, you can ...

Architecting on AWS: ALB

October 26, 2020

This post is a part of the “Architecting on AWS” series Picking up from where we left off, we need eliminate the single point(s) of failure in our architect...

Architecting on AWS: EC2

October 21, 2020

This post is a part of the “Architecting on AWS” series Picking up from where we left off, the the devs’ requirements were as follows: They need a web s...