ACL issue

in CCNA & CCENT
So, I'm trying to stop traffic between certain VLANs and I'm hitting some confusion. Using the scheme of 10.20.0.0 /16, I don't want any VLANs within 10.20.0.0-128.255 communicating with my 10.20.147.0 /24 VLAN.
I assumed that "deny ip 10.20.0.0 0.0.128.255 10.20.147.0 0.0.0.255" would work but traffic still goes through. My PC is 10.20.11.148, so I put in "deny ip 10.20.11.0 0.0.0.255 10.20.147.0 0.0.0.255" that stops traffic, so why won't the other wild card do it?
I assumed that "deny ip 10.20.0.0 0.0.128.255 10.20.147.0 0.0.0.255" would work but traffic still goes through. My PC is 10.20.11.148, so I put in "deny ip 10.20.11.0 0.0.0.255 10.20.147.0 0.0.0.255" that stops traffic, so why won't the other wild card do it?
Techexams.net - Job security for one more day.
0
Comments
This will only deny the subnet of 10.20.128.0 because thats the only bit that "cares"
You would have to do deny ip 10.20.0.0 0.0.127.255 .. this "matches" subnets 10.20.0.0 - 10.20.127.0 .. then you could have one more to include 128.
to get 128.. you need 1 bit.. to get 127 .. you have ALL the bits before 128.. so 0111 1111 = 127 .. thus this encompasses the ranges.