Just working on some coursework, proper confused atm, so im gunna take a break as ive been working all day, thought id see if anyone can give me any advice whilst im relaxing for a bit.

I need to make an access list, to permit users in the 10.1.1.81-10.1.1.93
address range access to the upper half of an ip address 209.0.0.0/24 (209.0.0.128-209.0.0.255). then the implicit deny will sort the rest out for me.

This is just a small part of a large access list, the rest was pretty easy but this bit is really bugging me. I guess I need a wildcard, but i cant remember much atm, like I say, been working all day, pretty tired.

Well you obviously understand how to put an ACL together with the deny all as the last command.

The wildcard mask, right, this is very similar to a subnet mask.  We use it to identify which hosts should be affected by the ACL filter. They are often refered to as reverse netmasks. Dont care bits are represented by binary 1s whilst the Do care bits are represented by binary 0s.

For example...

if a netmask normally is 255.255.255.0

11111111 11111111 11111111 00000000

Swapping the bits that yields:

00000000 00000000 00000000 1111111

Subnet mask octet / Wildcard mask octet
255   0
254   1
252   3
248   7
240   15
224   31
192   63
128   127
0   255

Hope that helps.