Home > Articles > Cisco > CCNA Routing and Switching

This chapter is from the book

Subnetting

Subnetting is not as difficult as it initially seems. Because we are dealing with arithmetic, there is definitely more than one way to do this, but the method shown here has worked well. The following sections work through the process of subnetting. Then, we work on some shortcuts to show how you can subnet quickly because CCNA exam candidates often find that they are pressed for time on the exam.

Address Class and Default Mask

Subnetting happens when we extend the subnet mask past the default boundary for the address we are working with. So it’s obvious that we first need to be sure of what the default mask is supposed to be for any given address. Previously, we looked at the RFC791 designations for IP address classes and the number ranges in the first octet that identify those classes. If you didn’t pick up on this before, you should memorize those immediately.

When faced with a subnetting question, the first thing to do is decide what class the address belongs to. Here are some examples:

192.168.1.66

The first octet is between 192 and 223: Class C

Default mask for Class C: 255.255.255.0

188.21.21.3

The first octet is between 128 and 191: Class B

Default mask for Class B: 255.255.0.0

24.64.208.5

The first octet is between 1 and 126: Class A

Default mask for Class A: 255.0.0.0

It’s important to grasp that if an address uses the correct default mask for its class, it is not subnetted. This means that regardless of how many hosts the 0s at the end of the mask create, all those hosts are on the same network, all in the same broadcast domain. This has some implications for classful networks (ones that use the default mask for the address). Take a Class A for example: A Class A network can have 16,777,214 hosts on it. Almost 17 million PCs on one network would never work—there would be so much traffic from broadcasts alone, never mind regular data traffic, that nothing could get through and the network would collapse under its own size. Even a Class B network has 65,534 possible host IPs. This is still too many. So, either we waste a lot of addresses by not using the whole classful A or B network, or we subnet to make the networks smaller.

This is actually one of the most common reasons we subnet: The default or classful networks are too big, causing issues such as excessive broadcast traffic and wasted IP address space. Subnetting creates multiple smaller subnetworks out of one larger classful network, which allows us to make IP networks the “right” size—big or small—for any given situation.

The Increment

By definition, the process of subnetting creates several smaller classless subnets out of one larger classful one. The size of these subnets, or how many IP addresses they contain, is called the increment. Because we are working with binary numbers, a pattern emerges in which the increment is always one of those powers of 2 again—another good reason to memorize those numbers.

The increment is really easy to figure out. It is simply the value of the last 1 in the subnet mask. Let’s look at some examples. Figure 3.3 shows an IP address and subnet mask in binary.

FIGURE 3.3

FIGURE 3.3 IP address and mask in binary.

Note that this is a Class C address, and it uses the correct default mask—so it is not subnetted. This means that there is only one network, so there isn’t really an increment to worry about here. It’s sufficient at this point to recognize that an address that uses its default mask creates one network (no subnets), so there is no subnetted increment to consider.

Let’s take the same address and subnet it by extending the mask past the default boundary, as shown in Figure 3.4.

FIGURE 3.4

FIGURE 3.4 IP address and subnetted mask.

The very last 1 in the subnet mask in the figure is in the bit position worth 64—so the increment in this case is 64, which means that the subnets we made are evenly spaced at 64 IP addresses apart.

Think about this for a second. We are doing the subnetting in the fourth octet—that is where the mask changes from 1s to 0s. (The octet where this happens is sometimes referred to as the interesting octet.) The lowest possible value in that fourth octet is 0. If the subnets are 64 IP addresses apart, this means that the first subnet starts at 0, the next one starts at 64, the third at 128, and the fourth at 192—all multiples of the increment. Note that if we add another 64 to that last 192, we get 256—and that is larger than 255, the largest value that is possible in one octet. So this means we only have room for four subnets. Figure 3.5 illustrates this pattern more clearly.

FIGURE 3.5

FIGURE 3.5 Subnets created with increment of 64.

The multiples of the increment—0, 64, 128, and 192—are the starting addresses of the subnets we created. The subnets are all 64 addresses long, so we have room to make four subnets before we run out of addresses in the fourth octet.

Figure 3.6 shows our IP and subnet mask—note that the value of the last “1” in the mask is 16—and the subnets created with that increment of 16.

FIGURE 3.6

FIGURE 3.6 IP address and subnet mask with increment of 16.

First of all, you should notice that we are subnetting again—the mask extends past the default boundary. The last 1 in the mask is in the bit position worth 16, so our increment is 16. The multiples of 16 are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. Again, we can’t make another subnet because 240 + 16 = 256. Be careful not to start doubling as we did with the binary values; here we are just adding the increment value each time. It’s easy to get confused!

The increment is really the key to subnetting; if you can determine the increment, you can see how big your subnets are and how many you have created. Remember, the easy way to find the increment is to just determine the bit value of the last 1 in the mask.

Number of Hosts

The number of 0s at the end of the mask always defines the number of hosts on any network or subnet. There is a simple mathematical formula that defines how many IP addresses are available to be assigned to hosts.

Now, no one expects you to be a big fan of algebra, but you need to see and understand the formula.

The number of binary bits you have to use determines the maximum number of different values you can express using those bits. If you have 3 bits, you can make eight different values—0 through 7, or 000 through 111 in binary; 3 bits, and 23 = 8—this is not a coincidence. The binary values you learned earlier—1, 2, 4, 8, 16, 32, 64, and 128—are all powers of 2 and define the maximum number of different values you can create if the mask ends in that bit position. So it should come as no surprise that the formula for the number of hosts on any network or subnet is 2H – 2, where H is the number of 0s at the end of the mask.

But why do we subtract 2 in the formula? It’s pretty straightforward: Every network or subnet has two reserved addresses that cannot be assigned to a host. The rule is that no host can have the IP address in which all the host bits are set to 0, and no host can have the IP address in which all the host bits are set to 1. These addresses are called the network ID and the broadcast ID, respectively. They are the first and last IP addresses in any network or subnet. We lose those two IP addresses from the group of values that could be assigned to hosts.

Think of a network or subnet as a street with houses on it. Each house has a unique address, and the street has a name. The network ID is like the street name, and all the houses are hosts on a subnet that is known by its network ID street name. If two hosts have identical network and subnet fields in their addresses, they are on the same network, and can ping each other and exchange data and all that good stuff. If the network and subnet fields are different, even by 1 bit, they are on different networks and can’t communicate until we put a router between them. The routers act like street intersections; you must get to the right intersection (router) before you can get on to the street you want (but we’ll save that for later).

In a network where there are no routers, devices running TCP/IP make a decision about whether a particular IP address is on the network by performing a logical AND operation. The AND is a Boolean function that works like this:

1 AND 1 = 1

0 AND 1 = 0

1 AND 0 = 0

0 AND 0 = 0

This operation applies to IP networking like this: A host does a logical AND between its own IP and its mask. This determines its network ID. The host can then do an AND between another IP address and its own mask to determine if that second address is on the same network or some other one.

Let’s take the IP address and mask of an imaginary host and display them in binary, as shown in Figure 3.7. The AND operation takes each bit in the address and ANDs it with the corresponding bit in the mask below it; the result is the network ID of the host.

FIGURE 3.7

FIGURE 3.7 The AND operation determines the network ID.

Now the host knows its own network ID and can compare any other host’s address to that to see if the other host has the same network ID. If the two network IDs are different, traffic has to be sent through a router to get to the other network—and if there is no router, the two hosts can’t communicate.

The Broadcast ID

The broadcast ID is the address that represents every host on that network or subnet. Sometimes called a directed broadcast, it is the common address of all hosts on that network ID. This should not be confused with a full IP broadcast to the address of 255.255.255.255, which hits every IP host that can hear it; the broadcast ID hits only hosts on a common subnet.

Let’s take the previous example of an increment of 64 and expand on the detail, as shown in Figure 3.8.

FIGURE 3.8

FIGURE 3.8 Subnets from increment of 64 with network ID and broadcast ID shown.

Note that all the multiples of the increment—the numbers that mark the start of each subnet—have been identified by an N for network ID, and the last IP in every subnet is marked with a B for broadcast ID. This leaves us with 62 IPs left over in each subnet, and any of these (but only these) can be assigned to a host.

This leaves us with a range of IP addresses within every network or subnet that can be assigned to hosts. There is an unofficial convention that the gateway or router for a subnet is assigned the first or the last IP address available, but that is entirely arbitrary.

The first valid IP address is defined as

Network ID + 1

In Figure 3.8, the first valid host IPs in each subnet are .1, .65, .129, and .193.

The last valid host is defined as

Broadcast ID – 1

In Figure 3.8, the last valid host IPs in each subnet are .62, .126, .190, and .254.

See how the subnetted mask in the previous example has shortened the number of 0s at the end of the mask as compared to the default of 8? We now have only six 0s in the host part, so our formula would be

26 – 2 = 62

Here’s something interesting: It doesn’t matter what IP address you use with this mask; that mask will always give you 62 hosts on each subnet. You can pick a Class A address, say 22.1.1.0, and that mask would still make 62 hosts per subnet. The number of 0s at the end of the mask always drives how many hosts are on each subnet, regardless of the address.

So, what happened to all the other host IPs we started with? Remember that subnetting takes a classful A, B, or C network and splits it into several equalsized pieces. It’s just like cutting a pie into pieces; the original amount of pie is still there, but each piece is now separate and smaller.

Remember that the number of 0s at the end at the mask always defines how many hosts are on each subnet, regardless of the address in use.

Number of Subnets

Following on with the pie analogy, we know that we slice a classful network into pieces—but how many pieces? There is a simple mathematical relationship to this as well, but it is slightly more complex because of an old rule that we sometimes have to deal with.

The basic formula for the number of subnets is similar to the hosts formula. It is simply 2S, where S is the number of bits in the subnet field—that means the number of 1s in the mask past the default boundary for that address. If you look at Figure 3.9, you can see how this works.

FIGURE 3.9

FIGURE 3.9 Subnetted Class C with increment of 64.

The default boundary for that Class C address should be at the 24th bit, where the third octet ends and the fourth begins. The subnetted mask extends that by 2 bits into the fourth octet. So, we have stolen 2 bits, and our formula would look like this:

# of subnets = 2S

S = 2

22 = 4

We made four subnets, as you saw earlier. To figure out how many bits we stole, we first must know where the default boundary is so that we know where to start counting. This is where knowing the address classes and the correct default masks is critical; if you can’t figure this out, you will not be able to answer most subnetting questions correctly, and that would be bad.

Now here’s where things get tricky. A rule that some older systems use says that the first and last subnets created are invalid and unusable. The rule is known as the Subnet Zero Rule, and obviously if it is in effect, we lose two subnets from the total we create. These two subnets will be referred to from now on as the zero subnets. Newer systems do not use the Zero Subnets Rule, including newer Cisco devices. This is confusing and makes things more difficult—but difficult is not something Cisco shies away from on its certification exams. So if you want your CCNA, pay attention to the question and don’t complain about how hard it is.

The Cisco IOS supports the use of the zero subnets. The command ip subnet zero turns on the ability to use them, so that might be how the question is telling you whether they are in effect. Once you pass your CCNA, you will not likely have to worry about the Zero Subnets Rule again, unless you lose your mind and decide to become a Cisco trainer.

Working with Subnetting Questions

Determining Host Requirements

There are only two scenarios when determining the host requirements: Either you are given a mask and asked how many hosts per subnet this creates or you are given a requirement for a certain number of hosts and asked to provide the appropriate mask. Either way, the number of 0s at the end of the mask drives how many hosts per subnet there will be; the address to which that mask is applied is irrelevant. Your task is to put the correct number of 0s at the end of the mask such that 2H – 2 is greater than or equal to the desired number of hosts, or to determine what the value of 2H– 2 actually is. From there, you must choose the correct expression of the mask, either in dotted-decimal or CIDR notation.

Determining Subnet Requirements

The scenarios for determining subnet requirements are quite similar to the host questions. Either you are told how many subnets you need and asked to provide the appropriate mask or you are given a mask and asked how many subnets it creates. Note that in both cases (unlike hosts questions), you must know the IP address or at least the class of address you are working with. Creating subnets happens by extending the default mask, so you must know where the mask should end by default—and for that you need to know the class of address. Once you know where to start, simply extend the mask by the correct number of subnet bits such that 2S – 2 (or possibly just 2S) gives you the correct number of subnets.

Determining Increment-Based Requirements

Increment questions are the most challenging and complex subnetting questions, often requiring you to do a lot of legwork before you can get to the answer.

Increment questions often give you two or more IP addresses and masks, and ask you things such as, “Why can’t Host A ping Host B?” The answer could be that A and B are on different subnets. To determine this, you need to understand where those subnets begin and end, and that depends on the increment. Another popular question gives you several IP addresses and masks that are applied to PCs, servers, and routers. The system, as it is described, is not working, and you need to determine what device has been incorrectly configured—perhaps two IPs in different subnets, perhaps a host that is using a network ID or broadcast ID as its address.

The key is to first determine what the increment is or should be; then, carefully plot out the multiples of the increment—the network IDs of all the subnets. Then you can add the broadcast IDs, which are all one less than the next network ID. Now you have a framework into which you can literally draw the host IP ranges, without risk of “losing the picture” if you do this all in your head.

All of these skills take practice. Everyone goes through the same process in learning subnetting: For quite a while, you will have no idea what is going on—then suddenly, the light goes on and you “get it.” Rest assured that you will get it. It takes longer for some than others, and you do need practice or you will lose the skill.

The Subnetting Chart

You should now understand concepts and mechanics of subnetting. You can do it and get the right answer almost all of the time, but it takes you a while. This is good—congratulations! If you are not at that point yet, you should practice more before you look at this next section.

What follows is one of many variations of a subnetting chart. This is a good one because it is easy to use under pressure when your brain will behave unpredictably.

The chart represents the last two octets of a subnet mask, and what effect a 1 or a 0 in the different bit positions will have. It lists the increment, CIDR notation, the mask in decimal, the number of hosts created, and the number of subnets formed from a Class B and C address. Use an acronym to help get the rows correct: “Internet Class May Have Been Canceled.” (I = increment, C = CIDR, M = mask, H = host, B = B hosts, C = C hosts). Figure 3.10 shows a completed version.

FIGURE 3.10

FIGURE 3.10 The subnetting chart.

The following are steps to re-create the chart:

  1. The first row is simply the binary bit position values—the powers of 2. Start at the right with 1 and keep doubling the value as you go left: 1, 2, 4, 8, 16, 32, 64, 128. Repeat for the third octet.
  2. The second row is the CIDR notation—the number of 1s in a row in the mask. Our chart starts at the 17th bit, so number the second row starting at 17, through 32.
  3. The third row is the mask in binary. Add consecutive bit values together from left to right to get the valid mask values of 128, 192, 224, 240, 248, 252, 254, and 255. Or you can just memorize them.
  4. The fourth row is the number of hosts created. Starting at the right side of the fourth octet, subtract 2 from the increment line (the first line) and enter that value. Do this for the whole fourth octet. When you get to the third octet (the left half of the chart), you will have to change your approach: The value will keep increasing in the same pattern, but subtracting 2 from the top row won’t work anymore because the top row resets for the third octet. The simplest approach is to double the last value and add 2. For example, (126 × 2) + 2 = 254, (254 × 2)+2 = 510, and so on.
  5. The fifth row is the number of subnets created from a Class B address. Starting at the left side of the chart (the third octet), repeat the values from the first line, but in reverse order. Remember to start at 2!.

  6. The sixth row of the chart is the number of subnets created from a Class C address. Remember, with a Class C, we do not make any subnets (that is, we have only one network) in the third octet, so we have all 1s there. For the fourth octet, the numbers are the same as in row 5; just start them in the fourth octet instead. The same caution and tactic about the zero subnets applies.

Provided you have built it correctly, your chart is a huge help in answering subnetting questions quickly and accurately. All you need to do is determine what the question is asking for, and then look up that value on your chart. All of the answers you need will be in the same column. Practice building and using the chart until it becomes something you can do without thinking. You will need your brain for other more complicated problems.

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020