Cisco IOS uses inverse mask in access control list and router network command, only Cisco uses inverse mask instead of actual netmask.

Suppose if the mask is 255.255.255.240, then the inverse mask is 0.0.0.15, another example is 255.255.240.0 then the inverse mask is 0.0.15.255, if you are handling cisco acl with python then there will be a chance inverse mask is used.

Here’s the code to do it.

Split the netmask by dot.

Subtract each octet by 255.

Join the elements in the list by dot in order to get inverse mask

netmask = "255.255.255.240"
conversion = [str(255 - int(octet)) for octet in netmask.split(".")]
print(".".join(conversion))