I am aware that I can do ' - 255' in order to find out a certain inverse subnet mask. However I am getting confused on how you could solve the exercise below. Answer b) below is the right one, but can you please tell me the rationale used to find out how you can allow 192.168.195.0 and block the range specified below. Thanks for your help!
" You need to deny access to all hosts that lie within the range 192.168.160.0-192.168.191.0
Hosts in the 192.168.195.0 network should be granted full access.
Which of the following choices fullfills this:
a) access-list 2 deny 192.168.163.0 0.0.0.255
b) access-list 1 deny 192.168.160.0 0.0.31.255
As you are probably aware, the 1's in the wildcard mask means do NOT care about these bits and 0's indicate it needs to match. Your concern seems to be about the 3rd octet so let's focus on that octet.
Deny 192.168.160.0 - 192.168.191.255
-Write down in binary values 160 & 191.
-then identify the common values in both addresses and these values need to match. In this scenario, the matching values stop at the 3rd bit and you don't care about the last 5 bits as they don't match.
160 - 1010 0000
191 - 1011 1111
xxx - 0001 1111 = 31
If you add up the last 5 bits you derive 31. Therefore, the wildcard mask you would need is 0.0.31.255.