Wildcard masks in EIGRP (networking question)

I’m currently doing a Cisco course. I’m looking at EIGRP at the moment, having already learned the fundamentals of RIP configuration.

I don’t quite follow the wildcard-mask stuff. It’s described as the inverse of a subnet mask. Right, I know what to do with a subnet mask, but what do you do with it’s inverse? So you have a network address with wildcard mask

What exactly do you do with that? What is the logical operation performed between those two numbers, and what does the result signify?

In essence, the wildcard mask is the binary NOT operator applied to the subnet mask. Let’s take your example of an IP address of, with wildcard mask, which in binary is 00000000.00000000.00000000.00000011.

What you can do with this is to calculate the subnet mask - 11111111.11111111.11111111.11111100 in binary or, equivalent to /30. This allows you to calculate the first and last address in the subnet - and, respectively. You can then do all other subnetting tricks like finding the number of subnets, which Cisco seem to be fond of asking people to find.

The quick way to find the subnet mask from the wildcard mask (or vice versa) is to subtract the number of each dotted decimal component from 255. So becomes

Wildcard masks are used in Cisco routers to create access control lists, but I’m afraid I’m not quite sure of the details of how that works; it’s been a while since I worked with routers. They’re not specifically to do with EIGRP, but are used anywhere subnetting and supernetting are needed.

Must also provide obligatory link to bash, which made me laugh till my stomach hurt. :wink:

I don’t follow that. Do you mean that you invert the wildcard mask to get the subnet mask, and then apply the subnet mask?

Why not give the subnet mask to begin with? What’s the advantage of the wildcard?

Or maybe you’re saying something else, and I misunderstood.

In practice, it’s just another way of expressing the same thing - 99.9% of the times you’re configuring EIGRP, you’re just inverting the subnet mask(s) to a wildcard bit pattern. It does make sense in that while it looks like a subnet mask, it really is a filtering funktion - you’re limiting the EIGRP process when you apply the wildcard bit pattern. And seeing as Cisco uses wildcard bits extensively in their main filtering functionality - access lists - as well, it does make sense. Being well-versed in both (and how to jump from one to the other) is a necessity when working with Cisco.

One major difference between subnet masks and wildcard bit patterns: Wildcard bits can be non-contiguous.

This can be (ab)used in a number of ways - you can setup an access-list (or EIGRP process) to filter for “networks with even numbers in the third octet” by matching the last bit in the 3rd octet to 0, if you want to. (Anyone doing so in a production network should have a V.35 MT cable inserted somewhere really uncomfortable, but it’s doable).