Wildcard Mask Calculator

Calculate wildcard masks for Cisco ACLs and OSPF configuration. Convert between subnet masks and wildcard masks with instant bi-directional conversion.

Subnet Mask to Wildcard
Wildcard Mask:
0.0.0.255
Wildcard to Subnet Mask
Subnet Mask:
255.255.255.0

Mask Details

CIDR Prefix: /24
Total Addresses: 256
Usable Hosts: 254
Binary Representation
Subnet Mask: 11111111.11111111.11111111.00000000
Wildcard Mask: 00000000.00000000.00000000.11111111
Cisco Command Examples
! ACL Example:
access-list 10 permit 192.168.1.0 0.0.0.255
! OSPF Example:
network 192.168.1.0 0.0.0.255 area 0
Common Wildcard Masks
CIDR Subnet Mask Wildcard Mask Hosts
/8255.0.0.00.255.255.25516,777,214
/16255.255.0.00.0.255.25565,534
/24255.255.255.00.0.0.255254
/25255.255.255.1280.0.0.127126
/26255.255.255.1920.0.0.6362
/27255.255.255.2240.0.0.3130
/28255.255.255.2400.0.0.1514
/29255.255.255.2480.0.0.76
/30255.255.255.2520.0.0.32
/32255.255.255.2550.0.0.01

What is a Wildcard Mask?

A wildcard mask is the bitwise inverse (complement) of a subnet mask. While subnet masks use 1s to indicate network bits and 0s for host bits, wildcard masks flip this: 0s indicate bits that must match exactly, and 1s indicate "don't care" bits that can be any value.

Wildcard masks are primarily used in Cisco IOS for Access Control Lists (ACLs) and OSPF network statements. Understanding how to convert between subnet and wildcard masks is essential for Cisco network configuration. For complete subnet information, use our subnet calculator.

Quick Conversion

To convert subnet mask to wildcard: subtract each octet from 255. For 255.255.255.0: 255-255=0, 255-255=0, 255-255=0, 255-0=255. Result: 0.0.0.255

Where Wildcard Masks Are Used

Access Control Lists (ACLs)

Cisco ACLs use wildcard masks to define which IP addresses a rule applies to. A wildcard of 0.0.0.255 with network 192.168.1.0 matches all IPs from 192.168.1.0 to 192.168.1.255. The 0s in the wildcard mean those octets must match exactly, while 255 means any value is accepted.

OSPF Network Statements

When configuring OSPF, you specify which interfaces participate using network statements with wildcard masks. This allows precise control over which interfaces advertise routes.

EIGRP Network Statements

Similar to OSPF, EIGRP uses wildcard masks to define participating networks in its configuration.

Wildcard Mask Logic

Wildcard Bit Meaning Example
0Must match exactlyIP bit must equal network bit
1Don't care (any value)IP bit can be 0 or 1

Special Wildcard Masks

0.0.0.0 - Match Single Host

All zeros means every bit must match exactly. Used to specify a single IP address in ACLs (equivalent to the "host" keyword).

access-list 10 permit 192.168.1.100 0.0.0.0
! Same as:
access-list 10 permit host 192.168.1.100

255.255.255.255 - Match Any Host

All ones means no bits need to match. Used to match any IP address (equivalent to the "any" keyword).

access-list 10 permit 0.0.0.0 255.255.255.255
! Same as:
access-list 10 permit any

For subnet mask information, see our subnet mask calculator. To convert between CIDR and subnet mask formats, use our netmask to CIDR converter.

Frequently Asked Questions

Wildcard masks offer more flexibility for matching non-contiguous address ranges. While subnet masks must have contiguous 1s, wildcard masks can have 1s anywhere, allowing patterns like "match all even addresses." However, for standard subnetting purposes, the inverse relationship between subnet and wildcard masks makes them effectively interchangeable.

No, wildcard masks are primarily a Cisco convention. Other vendors like Juniper use subnet masks in their ACL configurations. Some newer Cisco IOS versions also accept subnet mask format in certain contexts. Always check your specific platform's documentation.

Technically yes, wildcard masks support non-contiguous patterns (e.g., 0.0.0.254 to match only even addresses). However, this is rarely used and not recommended as it's confusing and harder to audit. Most ACLs use contiguous wildcards that correspond to standard subnet boundaries.

Related Network Tools

Looking to calculate subnets for your network? You can also explore subnet mask options. For detailed analysis, switch between mask formats easily. Network administrators often need to explore IP binary conversion. Additionally, identify broadcast addresses. Many users also find it helpful to validate and categorize IP addresses. For comprehensive planning, understand subnet divisions graphically.