You want to convert between the three different formats that Cisco routers use to present mask information: standard netmask, ACL wildcards, and CIDR bit numbers.
The following Perl script converts from any of these formats to any other. The usage syntax is “mask-cvt {n|w|b} {n|w|b {nnn.nnn.nnn.nnn|/bits}”, where the first argument specifies what the input format is and the second argument specifies the output format. In both cases n is for netmask format, w is for wildcard format, and b is for CIDR bit format (with or without the leading slash, as in /24).
For example:
$ mask-cvt.pl n w 255.255.248.0
0.0.7.255
$ mask-cvt.pl n b 255.255.248.0
/21
$ mask-cvt.pl w n 0.3.255.255
255.252.0.0
$ mask-cvt.pl w b 0.3.255.255
/14
$ mask-cvt.pl b n /21
255.255.248.0
$ mask-cvt.pl b w /21
0.0.7.255This script performs several different functions. It converts from netmask format to either wildcard or bit count format, from wildcard to either netmask or bit count format, and from bit count to either netmask or wildcard format. Many experienced network engineers pride themselves on doing these conversions in their heads. But it is still relatively common to find router configurations in which the conversion has been done incorrectly.
The difference between netmask and wildcard formats is that netmask format uses ones in the bit pattern to represent bits that do not change, while wildcard format uses zeros to represent these bits. So, for example, if you are constructing an access list that looks at all of the devices in the subnet 192.168.1.0/24, the netmask would be 255.255.255.0, and the wildcard in the access list would be 0.0.0.255.
The reason for the difference is that you will sometimes want to construct an access list that doesn’t care which subnet a device is on, but can be used to select a particular set of devices on that subnet. Access lists don’t look at subnets; they do pattern matching on addresses.
To convert from wildcard format to netmask format or vice versa, the program simply subtracts each byte in the mask from the number 255, which is 8 bits of all ones. It should be relatively easy to see that this converts all of the ones in a binary pattern to zeros, and all of the zeros to ones.
The conversion to or from CIDR bit count format is slightly more complicated in the program, but easier in concept. If the input is a netmask, the CIDR bit count is simply the number of ones in the bit pattern, counting from the left. Similarly, if the source is a wildcard, the bit count can be found by counting zeros. The program actually has only one subroutine for counting bits. If it needs to convert a wildcard pattern to a bit count, it converts it to netmask format first.
It is important to note that the CIDR bit count format makes sense only if all of the ones in a netmask are on the left, and all of the zeros are on the right. Then the bit count number simply represents the location of the transition from ones to zeros, which in turn represents the division point between the network and host portions of the address. The program includes a check to ensure that the netmask pattern is valid, with no zeros to the left of any ones in the pattern.
