ACL issue

in CCNA & CCENT
So, I'm trying to stop traffic between certain VLANs and I'm hitting some confusion. Using the scheme of 10.20.0.0 /16, I don't want any VLANs within 10.20.0.0-128.255 communicating with my 10.20.147.0 /24 VLAN.
I assumed that "deny ip 10.20.0.0 0.0.128.255 10.20.147.0 0.0.0.255" would work but traffic still goes through. My PC is 10.20.11.148, so I put in "deny ip 10.20.11.0 0.0.0.255 10.20.147.0 0.0.0.255" that stops traffic, so why won't the other wild card do it?
I assumed that "deny ip 10.20.0.0 0.0.128.255 10.20.147.0 0.0.0.255" would work but traffic still goes through. My PC is 10.20.11.148, so I put in "deny ip 10.20.11.0 0.0.0.255 10.20.147.0 0.0.0.255" that stops traffic, so why won't the other wild card do it?
Techexams.net - Job security for one more day.
Comments
This will only deny the subnet of 10.20.128.0 because thats the only bit that "cares"
You would have to do deny ip 10.20.0.0 0.0.127.255 .. this "matches" subnets 10.20.0.0 - 10.20.127.0 .. then you could have one more to include 128.
to get 128.. you need 1 bit.. to get 127 .. you have ALL the bits before 128.. so 0111 1111 = 127 .. thus this encompasses the ranges.