just to add to Rene’s comments above, the other reason to choose wild card mask over subnet mask is that subnet masks have contiguous number of bits for the network portion and host portions. for example as subnet mask of 255.255.255.0 is 11111111.11111111.11111111.00000000. You can never have a subnet mask of 11110111.00111111.11110111.00000000, however this is not the case with wild card masks. With wild card mask we can turn bits on and off where we want to and therefore having a great deal of flexibility over what we want to match. you can get really creative with wildcard mask, for example you can, if you want to, permit only even or odd number hosts from a given network. so if you have a statement like access-list 101 permit ip 192.168.1.0 0.0.0.254 any , this will only allow hosts with even number IP addresses.
1 Like