Wildcard Mask Calculator

How to use the wildcard mask calculator

Enter a subnet mask in either dotted-decimal or CIDR form.
Get the matching wildcard (inverse) mask used by Cisco ACLs and OSPF area declarations.
Copy the result straight into an access-list or network statement.

Frequently asked questions

How is a wildcard mask different from a subnet mask?

A wildcard mask flips the logic of a subnet mask. While a subnet mask marks network bits with 1s, a wildcard uses 0s to flag the bits that have to match exactly.

Why does Cisco use wildcard masks in ACLs?

Wildcard masks let an ACL match non-contiguous bit patterns—the kind of irregular shapes subnet masks just can't handle. In practice, though, most ACLs stick to contiguous wildcards that map directly to CIDR prefixes.

Can wildcard masks be non-contiguous?

Yes. A wildcard like 0.0.255.255 matches any second-half octet, but 0.0.0.85 matches only odd third-octet values — useful for advanced filtering tricks.

What wildcard mask matches a single host?

0.0.0.0 — every bit must match exactly. Cisco IOS also accepts the keyword host as a shorthand.

Wildcard Mask Calculator

Subnet Mask

Wildcard Mask

CIDR Prefix Length

How to use the wildcard mask calculator

Frequently asked questions

Wildcard Mask Calculator

Subnet Mask

Wildcard Mask

CIDR Prefix Length

How to use the wildcard mask calculator

Frequently asked questions

Related tools