1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Reverse Masks

Discussion in 'General Cisco Certifications' started by NetEyeBall, Feb 5, 2007.

  1. NetEyeBall

    NetEyeBall Kilobyte Poster

    279
    10
    45
    I was poking around in some reading and found a short cut on calculating a reverse mask.

    Normally I would take the subnet mask usually in / notation and then convert it to decimal. Then count the bits.

    For example:

    /25 = 255.255.255.128

    Counting the number of host bits I find that I have 7 host bits that add up to 127.

    128| 64 32 16 8 4 2 1

    64 + 32 + 16 + 8 + 4 + 2 + 1 = 127

    so the reverse mask should be

    0.0.0.127

    However the short cut is even easier. Just take 255 - the mask and then put it in a reverse mask.

    255 - 128 = 127

    which is 0.0.0.127

    Pretty nifty little trick.
     
    Certifications: CCNA, A+, N+, MCSE 4.0, CCA
    WIP: CCDA, CCNP, Cisco Firewall
  2. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    Nice ...

    Never ceases to amaze me though how some people can calculate all of this stuff in their head. Imagine asking somebody
    what the wildcard mask in the last octet of a 28 bit mask is and he answers 15. Just like that. Without pausing even to think about it.

    Practice makes perfect I guess.
     
    Certifications: CCNA
    WIP: CCNP
  3. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    Whilst on the subject:

    I was having a go at single-area OSPF this afternoon and the thing I noticed is that the kind of feedback you get on your show commands depends on what wildcard masks you configure to go with your IP addresses.

    For example, I derived the wildcard masks for the following IP addresses by inversing their subnet masks the usual way.

    conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    R1(config)#router ospf 1
    R1(config-router)#network 172.16.0.0 0.0.0.127 area 0
    R1(config-router)#network 201.21.21.0 0.0.0.63 area 0
    R1(config-router)#exit
    R1(config)#exit


    The output from the show commands was somewhat disappointing.

    R1#sh ip route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
    i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
    * - candidate default, U - per-user static route, o - ODR
    P - periodic downloaded static route

    Gateway of last resort is not set

    1.0.0.0/24 is subnetted, 1 subnets
    C 1.1.1.0 is directly connected, Loopback1
    201.21.21.0/26 is subnetted, 1 subnets
    C 201.21.21.0 is directly connected, Serial0/1
    C 172.17.0.0/16 is directly connected, FastEthernet1/0
    172.16.0.0/25 is subnetted, 1 subnets
    C 172.16.1.0 is directly connected, Serial0/0

    R1#sh ip proto
    Routing Protocol is "ospf 1"
    Sending updates every 0 seconds
    Invalid after 0 seconds, hold down 0, flushed after 0
    Outgoing update filter list for all interfaces is
    Incoming update filter list for all interfaces is
    Redistributing: ospf 1
    Routing for Networks:
    172.16.0.0/25
    201.21.21.0/26
    Routing Information Sources:
    Gateway Distance Last Update
    Distance: (default is 110)

    R1#sh ip ospf interface
    Serial0/1 is up, line protocol is up
    Internet Address 201.21.21.1/26, Area 0
    Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 1562
    Transmit Delay is 1 sec, State POINT_TO_POINT,
    Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:07
    Index 1/1, flood queue length 0
    Next 0x0(0)/0x0(0)
    Last flood scan length is 1, maximum is 1
    Last flood scan time is 0 msec, maximum is 0 msec
    Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.4
    Suppress hello for 0 neighbor(s)

    R1# sh ip ospf neighbor

    Neighbor ID Pri State Dead Time Address Interface
    1.1.1.4 1 FULL/ - 00:00:30 201.21.21.2 Serial0/1



    So I decided to change things around a bit and use the ip addresses of the routers' interfaces instead. I used a blanket wildcard mask of all zeroes.

    conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    R1(config)#router ospf 1
    R1(config-router)#network 172.16.1.1 0.0.0.0 area 0
    R1(config-router)#network 201.21.21.1 0.0.0.0 area 0
    R1(config-router)#^Z


    When I did the show commands this time, I noticed that there was a lot more output than before.


    R1#sh ip route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
    i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
    * - candidate default, U - per-user static route, o - ODR
    P - periodic downloaded static route

    Gateway of last resort is not set

    1.0.0.0/24 is subnetted, 1 subnets
    C 1.1.1.0 is directly connected, Loopback1
    201.21.21.0/26 is subnetted, 1 subnets
    C 201.21.21.0 is directly connected, Serial0/1
    C 172.17.0.0/16 is directly connected, FastEthernet1/0
    172.16.0.0/25 is subnetted, 2 subnets
    C 172.16.1.0 is directly connected, Serial0/0
    O 172.16.2.0 [110/3124] via 172.16.1.2, 00:28:41, Serial0/0
    10.0.0.0/16 is subnetted, 1 subnets
    O 10.10.0.0 [110/3124] via 201.21.21.2, 00:28:41, Serial0/1

    R1#sh ip ospf neighbor

    Neighbor ID Pri State Dead Time Address Interface
    1.1.1.2 1 FULL/ - 00:00:33 172.16.1.2 Serial0/0
    1.1.1.4 1 FULL/ - 00:00:35 201.21.21.2 Serial0/1
    R1#

    R1#sh ip ospf interface
    Serial0/0 is up, line protocol is up
    Internet Address 172.16.1.1/25, Area 0
    Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 1562
    Transmit Delay is 1 sec, State POINT_TO_POINT,
    Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:05
    Index 1/1, flood queue length 0
    Next 0x0(0)/0x0(0)
    Last flood scan length is 1, maximum is 1
    Last flood scan time is 0 msec, maximum is 0 msec
    Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.2
    Suppress hello for 0 neighbor(s)
    Serial0/1 is up, line protocol is up
    Internet Address 201.21.21.1/26, Area 0
    Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 1562
    Transmit Delay is 1 sec, State POINT_TO_POINT,
    Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:05
    Index 2/2, flood queue length 0
    Next 0x0(0)/0x0(0)
    Last flood scan length is 1, maximum is 1
    Last flood scan time is 0 msec, maximum is 0 msec
    Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.4
    Suppress hello for 0 neighbor(s)



    The moral of the story ?

    Dunno. *shrug*

    Still trying to figure it out.
     
    Certifications: CCNA
    WIP: CCNP
  4. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    And here's the Lab (for what it's worth):



    [​IMG]
     
    Certifications: CCNA
    WIP: CCNP
  5. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    NetEyeBall,

    What is a "reverse mask?"

    Links:
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  6. NetEyeBall

    NetEyeBall Kilobyte Poster

    279
    10
    45
    Reverse mask is another name for Wild Cad Mask. I feel Reverse Mask actually is a better name for it then Wild Card Mask. Although I suppose Cisco never calls it a Reverse Mask. They call it a Wild Card Mask.
     
    Certifications: CCNA, A+, N+, MCSE 4.0, CCA
    WIP: CCDA, CCNP, Cisco Firewall
  7. NetEyeBall

    NetEyeBall Kilobyte Poster

    279
    10
    45
    Going to look at this config this morning. Gotta hook everything up.
     
    Certifications: CCNA, A+, N+, MCSE 4.0, CCA
    WIP: CCDA, CCNP, Cisco Firewall
  8. NetEyeBall

    NetEyeBall Kilobyte Poster

    279
    10
    45
    Not sure what you did, but I just set this up with OSPF Area 0.

    Everything looks good and can communicate just fine. Happy little routers.

    This is from my Router5

    201.21.21.0/26 is subnetted, 1 subnets
    O 201.21.21.0 [110/846] via 10.10.1.2, 00:05:17, Serial1/0
    172.16.0.0/25 is subnetted, 2 subnets
    O 172.16.1.0 [110/1038] via 10.10.1.2, 00:05:17, Serial1/0
    C 172.16.2.0 is directly connected, Serial1/1
    110.0.0.0/30 is subnetted, 1 subnets
    O 110.5.6.0 [110/910] via 10.10.1.2, 00:05:17, Serial1/0
    10.0.0.0/30 is subnetted, 1 subnets
    C 10.10.1.0 is directly connected, Serial1/0
    150.140.0.0/30 is subnetted, 1 subnets
    O 150.140.130.0 [110/974] via 10.10.1.2, 00:05:18, Serial1/0

    I will take a photo of my network map and post it.

    Basically the config is:

    Router OSPF 1 !Note process ID doesn't matter and can be set to anything!

    Network (Interface Ip of interfaces on the router you are in) (Wildcard Mask) area 0

    !NOTE Area must all be the same if you want them to exchange routing updates!

    You can setup multiple area OSPF however. I will have to play with that some.
     
    Certifications: CCNA, A+, N+, MCSE 4.0, CCA
    WIP: CCDA, CCNP, Cisco Firewall
  9. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    Nice going NetEyeBall.

    I've been out and about today. Had a couple of errands to run, so I haven't been up to much.

    Judging from your readouts, your lab is a happy bunny. What wildcard masks did you use ?

    Yeah, I did use OSPF area 0 in my configs as well.

    I might try for a multiple area lab when I'm through and see how that goes. The lab design shouldn't be too hard. But I have a few more ideas to run past this lab before I'm done.

    For example, I'm thinking of taking out the loopback interfaces in my next configs and also experimenting a bit more with wildcard masks. I'm also going to try to establish the DR (designated router) and the DBR (designated backup router) this time around. I wasn't able to do it the last time and I need to figure out why.

    Anyways, catch you later.
     
    Certifications: CCNA
    WIP: CCNP
  10. NetEyeBall

    NetEyeBall Kilobyte Poster

    279
    10
    45
    I didn't set any loopbacks, but that shouldn't make any difference in the lab.

    Wildcard masks were just the standard.

    255.255.255.128 = 0.0.0.127
    255.255.255.252 = 0.0.0.3
    255.255.255.192 = 0.0.0.63

    The Pix doesn't use wild card masks for some reason so when I configured it for OSPF I used the regular mask. Strange and it took me a bit to figure that out.

    Currently I have everything routing good and plugged up a switch hang'en off Router 4 with a PC on it. I can browse the internet just fine.

    It is strange I can't plug up the Pix directly to the cable modem. I am going to take my cable and make it a cross-over and see what I get.

    [​IMG]
     
    Certifications: CCNA, A+, N+, MCSE 4.0, CCA
    WIP: CCDA, CCNP, Cisco Firewall
  11. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    Wow. That's a ....

    Big Lab !


    I reckon you've got enough routers there to set up a multiple area lab of at least two or three single areas. Infact, you can probably split it off right now if you wanted to and put routers 6 and 7 (plus the pix and modem) into a different area. I can't predict what that would do for your connectivity though, but it's worth a shot. Or maybe you're saving that up for a fresh lab ?

    Anyway, I don't know anything about PIX firewalls, but we do have a wireless router here, so I might borrow an idea or two from you and try for an internet connection.

    Keep up the good work pal and you'll be ready for your CCIE in no time !
     
    Certifications: CCNA
    WIP: CCNP
  12. NetEyeBall

    NetEyeBall Kilobyte Poster

    279
    10
    45
    Thanks! I will be happy just to get my CCNP and CCSP. CCIE is way down the road if I can get it.

    I can't figure out why I can't connect my pix straight to the cable modem. I should be able to do it, but it isn't grabbing a DHCP addy. I have two Pix's so I might compare the configs and see if something is missing out of the one I am using. I wish Pix were more like Cisco Routers. I know the newest version is more like a Router, but I don't have that version and can't upgrade mine I guess.
     
    Certifications: CCNA, A+, N+, MCSE 4.0, CCA
    WIP: CCDA, CCNP, Cisco Firewall

Share This Page

Loading...