🔄

CIDR to Wildcard Mask Converter

Convert between CIDR prefix notation and Cisco ACL wildcard masks, bidirectional. Auto-generates ready-to-paste Cisco IOS access-list and OSPF syntax.

CIDR to Wildcard Converter
IP Address
CIDR Prefix
Please enter a valid IPv4 address.
Conversion Result
CIDR Notation
Wildcard Mask
Subnet Mask
Network Address
Broadcast
Usable Hosts
IP Address
Network / CIDR
Subnet Mask
Wildcard Mask
Broadcast
First Usable Host
Last Usable Host
Usable Hosts
Binary Comparison, Subnet vs Wildcard
Subnet Mask (1 = network bits)
Wildcard Mask (1 = host bits)
Cisco ACL Syntax Generator
Common Wildcard Reference
WildcardCIDRSubnet MaskHostsCommon Use

Understanding CIDR and Wildcard Masks

CIDR (Classless Inter-Domain Routing) notation expresses a network address and its prefix length together, for example 192.168.1.0/24. The prefix length tells you how many bits are the network portion. A /24 means the first 24 bits are fixed, leaving 8 bits for host addresses. This gives you 256 total addresses (2 to the power of 8) with 254 usable hosts after reserving the network and broadcast addresses.

Cisco wildcard masks work as the bitwise inverse of a subnet mask. Where a subnet mask uses 1s to indicate network bits, a wildcard mask uses 1s to indicate the bits that are free to vary (host bits). A /24 subnet mask is 255.255.255.0 in dotted decimal, which makes the wildcard mask 0.0.0.255. In a Cisco access control list, a wildcard bit of 0 means "must match" and a bit of 1 means "ignore this bit".

This tool converts in both directions. Enter a CIDR prefix and get the wildcard, or enter a wildcard mask and find the CIDR prefix. It also generates ready-to-paste Cisco IOS syntax for standard ACLs, extended ACLs and OSPF network statements, which is particularly useful when configuring routers or switches under time pressure.

Worked Examples

Converting /24 to wildcard
Network: 192.168.1.0/24 Subnet mask: 255.255.255.0 Wildcard: 0.0.0.255 Cisco ACL: permit ip 192.168.1.0 0.0.0.255 any
Converting /30 to wildcard (WAN link)
Network: 10.0.0.0/30 Subnet mask: 255.255.255.252 Wildcard: 0.0.0.3 Usable hosts: 2 (point-to-point)
OSPF network statement
network 10.10.0.0 0.0.255.255 area 0 (matches all /16 addresses in 10.10.x.x)

Common Use Cases

  • 🔒
    Cisco ACL configuration. Standard and extended ACLs require wildcard masks, not subnet masks. Use this converter to get the correct wildcard for any prefix length without manual binary arithmetic.
  • 🌐
    OSPF and EIGRP network statements. The network command under a routing process uses wildcard mask syntax to specify which interfaces participate in the routing protocol.
  • 📋
    Security policy documentation. Convert between CIDR and wildcard when documenting firewall rules that mix both formats across different vendors.
  • 🎓
    CCNA and CCNP exam preparation. Wildcard mask conversion is a core subnetting skill tested in Cisco certification exams. Use this tool to verify your manual calculations.
How do I calculate a wildcard mask manually?
Subtract each octet of the subnet mask from 255. For a /24 (255.255.255.0): 255-255=0, 255-255=0, 255-255=0, 255-0=255. Result: 0.0.0.255. For a /27 (255.255.255.224): the last octet is 255-224=31, giving wildcard 0.0.0.31.
When would I use a non-contiguous wildcard mask?
Non-contiguous wildcard masks (where the 1 bits are not all at the right) can match specific patterns, for example matching only even or odd IP addresses. This tool covers standard contiguous masks that map directly to CIDR prefixes.