Draw out the bit patterns in binary, put the original address first, then do the same for the target subnet below.
It might also help to draw the bit values above the original address.
In your example, the last octet of the mask is 192, which is the 128 bit and the 64 bit. I know you know this part already....
Also remember that 160.16.0.0 is a class B, the natural mask is 255.255.0.0
Since there are ten bits of the original host mask used for subnetting, there are 1024 possible additional subnets, each with 63 total host addresses, starting with 00, 01, 10, 11 in the fourth octet. If you are calling the "10" subnet the third subnet, then the mask pattern for the last octet is 10111111, which is 191 decimal, which would be your wildcard value (0.0.0.191). The router will know by the mask that there are only 63 possible host addresses (total) per subnet. The first four mask values for the subnets would be 63, 127, 191, 255. (00 111111, 01 111111, 10 111111, 11 111111)
The part that frequently confuses folks is that the subnet mask only designates which bits belong to the network portion of the address. When the original address and mask are presented, the "ones" in the network or subnetwork part of the mask only indicate which bit position belongs to the network address; that doesn't mean that the actual binary value of the address will have a one in that position...the "1" is just a marker that says "this bit position has been assigned as part of the network portion of the address." The actual value of that bit position could be a one or a zero...the mask just shows you which bit belongs to which side (host or network).
When you are talking about subnetting, you're talking about how many bits of the original address you're gonna "steal" to make additional subnets. Count the subnet bits, use it as a power of 2, and that's the total subnet count (in your example, there are ten additional subnet bits that would be 2^10, 1024 subnets total, some are thrown away by convention, but the total is 1024).
Once you know how many subnets you have, then write out the binary count for each one you're working with (00000000, 00000001, 00000010, 00000011, 00000100, etc ); every host address in that subnet will start with that binary value..so every host address in your example will start with 10 (then the other 6 bits of host address). When you hit 10111111 (191), that's the broadcast address for the "10" (128) subnet. Your mask value (for an access-list) is basically the broadcast address for the subnet you're trying to act on (permit or deny) because the broadcast address is "all hosts in this subnet."
The next address will be the "network number" for the next higher subnet (the 11 - 192 decimal), the next address after that is what's considered (by convention) to be the first host address of the 11 subnet (or the 192 subnet....192 is the "network number"), 193 would be the first host address ...until you get to 11111111 which would be the broadcast address of the 192 subnet.
(If this reads a little strange, it's because it mis-read the original address as a /24 starting point, moving to /26...by the time I caught my mistake, I was running out of time.....I'm fairly sure it's still pretty much accurate after I adjusted for starting with /26...)
I hope this helps. It's much easier done in person on the whiteboard.
Good Luck
Scott
BTW: You'd have probably gotten an answer quicker if this had been posted in the "Networking" forum. This is OT, people talk about cars, girlfriends, movies, pets, politics....not much networking going on up here.
Facebook
Twitter