Subnetting Shortcuts: Expert Reference Series of White Papers
Subnetting Shortcuts: Expert Reference Series of White Papers
Subnetting Shortcuts: Expert Reference Series of White Papers
Subnetting Shortcuts
1-800-COURSES www.globalknowledge.com
Subnetting Shortcuts
Al Friebe, CCSI, CCDA, CCDP, CCNA, CCNP, A+
Introduction
One of the most challenging topics for many CCNA candidates is subnet masking. This white paper will de-mys-
tify the math behind subnetting, and provide examples of shortcuts that bypass the need for binary when doing
calculations involving subnet masks.
Putting together the A, B and C ranges with the rules for subnet masks:
• C
lass A: The default subnet mask is 255.0.0.0 (all 1s in the first octet, 0s thereafter). Since there are
eight 1s in the subnet mask, this mask can also be represented as /8.
Finally, recall that subnet masks allow hosts and routers to calculate the subnets on which particular addresses
reside. For example, if a host has an address of 192.168.1.99 and a mask of 255.255.255.0, the host knows that
its own subnet is 192.168.1.0/24. How does it know? It does a bitwise-AND calculation, using the address and
mask (multiply the bits in each column):
Likewise, if a router’s FastEthernet 0/0 interface has an address of 172.16.100.200 with a mask of /24, the router
places a connected (C) route for 172.16.100.0/24 into its routing table, associated with that interface.
Now that we have reviewed the classful addressing scheme, and the purpose of a subnet mask, let’s look at an
example.
Let’s say that you’ve been given an address space of 192.168.1.0/24, and you’re asked to subnet the network
such that you can have four subnets, each supporting at least 50 hosts. In the IP world, anything that requires
an IP address is commonly referred to as a host, since it can host (provide the hardware on which to execute)
computer programs. We’ll assume that each host requires one IP address, which is by far the most common case.
We want to know if it is possible to solve the problem, and if so
• What subnet mask is required?
• What subnets result from using the required mask?
• What are the ranges of legal host addresses on the subnets?
The first thing I do in a problem like this is a “sanity” check. Multiply the number of hosts per subnet (50) by the
number of subnets (4) to obtain the total number of host addresses required (200), then verify that the available
address space will support at least that many addresses.
If the total number of host addresses required exceeds the available address space, the problem cannot be
solved using standard subnet masking. Since 200 is less than 254 (the number of host addresses available on a
class C network), we can proceed to attempt to solve the problem.
n = 8 7 6 5 4 3 2 1
2n = 256 128 64 32 16 8 4 2
Per the chart, 2 to the third power (that is, 2 x 2 x 2, or 23) is 8. In other words, with 3 bits available, there are 8
possible combinations of 0s and 1s (000, 001, 010, 010, 011, 100, 101, 110, and 111). Likewise, 25 is 32 (00000,
00001 … 11111). As you can see from the chart, each additional bit doubles the number of possible combina-
tions.
Next, determine the number of subnet bits required. In the example above, since there are 4 subnets,
the number of subnet bits is two. Note that in the case of subnets, you do not have to subtract two from the
total (unlike with addresses, no subnets are reserved).
Since in our example we need 2 subnet bits and 6 host bits in the last octet (with a class C network, you only
have the fourth octet to work with), the subnet mask in that octet is 1100000, which in decimal is 192. There-
fore, the mask is 255.255.255.192, or /26 (since there are twenty-six 1s in the mask). If we set the host bits to 0
and cycle through the 4 possible patterns of subnet bits, we obtain the four subnets:
• 00 000000 = 0 (192.168.1.0/26)
• 01 000000 = 64 (192.168.1.64/26)
• 10 000000 = 128 (192.168.1.128/26)
• 11 000000 = 192 (192.168.1.192/26)
Remember that all 1s in the host portion are reserved for the directed broadcast address for a subnet. Cy-
cling through the possibilities with the host bits set to all 1s gives:
• 00 111111 = 63 (192.168.1.63, directed broadcast for 192.168.1.0/26)
• 01 111111 = 127 (192.168.1.127, directed broadcast for 192.168.1.64/26)
• 10 111111 = 191 (192.168.1.191, directed broadcast for 192.168.1.128/26)
• 11 111111 = 255 (192.168.1.255, directed broadcast for 192.168.1.192/26)
Finally, the range of legal host addresses is all values in between the subnet and directed broadcast ad-
dresses:
Note that each of the 4 subnets allows 62 legal host addresses, which is exactly what we would expect when
using 6 host bits. Why? Because 26 is 64, and 2 addresses per subnet (those with all 0s and all 1s in the host
portion) are reserved. That leaves 62 legal host addresses per subnet.
First, let’s summarize our findings from before. To subnet the 192.168.1.0/24 network into 4 subnets, each al-
lowing at least 50 hosts, we determined that we need a mask of /26, or 255.255.255.192. From this, we ob-
tained the following subnets, ranges and broadcast addresses (these are the values in the last octet):
• Subnet: 0, Range: 1 – 62, Broadcast: 63
• Subnet: 64, Range: 65 – 126, Broadcast: 127
• Subnet: 128, Range: 129 – 190, Broadcast: 191
• Subnet: 192, Range: 193 – 254, Broadcast: 255
The first thing to notice is the correlation between the subnet mask and the increment. In this example, the
octet of interest is the fourth, and the value of the mask in that octet is 192. If you take the value of the mask
(192) and subtract it from 256 (a magic number!), you get 64, the amount by which the subnets increment (0,
64, 128, 192).
The 1s in a subnet mask indicate network-type info, and the 0s indicate host info. Thus, with a subnet mask of
192 (in the fourth octet), which is 1100000 in binary, there are 2 subnet bits, and 6 host bits. Referring to the
Powers of Two chart, we see that the value of the least-significant subnet bit is 64 (26 = 64), so the subnets
increment by 64. Also, since the mask is a /26, there are 6 host bits, and, as we know, 26 = 64. The bottom line is
that whether you look at the mask in decimal, binary or “slash” (bit-count or CIDR) notation, the subnets incre-
ment by 64.
Broadcast Addresses
Next, let’s examine the broadcast addresses (in a “real-world” design problem, the broadcast addresses are
generally not required, but CCNA exams may inquire about them). Note that in each case, the subnet’s broad-
cast address is equal to the value of the next subnet minus one. For example, on the 192.168.1.0 subnet, the
broadcast address is 192.168.1.63, which is one less than the value of the next subnet (192.168.1.64). The
exception is the last subnet, for which the broadcast address is always 255 (which is 256 minus 1). Thus, subnets
and their broadcast addresses are:
• 192.168.1.0, Broadcast 192.168.1.63 (one less than next subnet)
• 192.168.1.64, Broadcast 192.168.1.127 (one less than next subnet)
• 192.168.1.128, Broadcast 192.168.1.191 (one less than next subnet)
• 192.168.1.192, Broadcast 192.168.1.255 (the last one is always 255)
Ranges
Finally, let’s look at the ranges of legal host addresses. In each case, the range begins with one more than that
of the subnet itself, and ends with two less than the next subnet (which is one less than the subnet’s broadcast
address). The exception is the last subnet, for which the last address is always 254 (256 minus 2). Therefore, the
subnets and their ranges are:
• 192.168.1.0, Range 1 – 62 (one more to two less)
• 192.168.1.64, Range 65 – 126 (one more to two less)
• 192.168.1.128, Range 129 – 190 (one more to two less)
• 192.168.1.192, Range 193 – 254 (last subnet, one more to 254)
iven an address space of 172.16.1.0/24, divide the network into 5 subnets, each
G
supporting at least 20 hosts.
Here are the steps we’ll use: (Refer to the Powers of Two chart if necessary.)
1. Using the Powers of Two chart, determine the required subnet mask
2. Using the mask, determine the increment
3. Using the increment, determine the subnets
4. Using the subnets, determine the broadcast addresses (if needed)
5. Using the subnets, determine the ranges
Now we can calculate the subnet mask. We can either subtract the number of host bits (5) from 32 (the total
length of a subnet mask), or add the number of subnet bits (3) to that specified by the address space (24). Either
way, the mask is a /27.
Given an address space of 10.100.200.0/24, find the mask that will give 11 sub-
nets of 13 hosts each.
Based on these numbers (4 subnet and 4 host bits), the mask is /28. This can be found either from 24 plus the 4
subnet bits, or 32 minus the 4 host bits. Also, with 4 host bits, the subnets increment by 16 (24). Since the incre-
ment is 16, subnet mask is 255.255.255.240 (256 minus 16 is 240), the last subnet is 10.100.200.240, and the
subnets, their ranges and broadcast addresses are:
• 10.100.200.0/28, 10.100.200.1 – 14, 10.100.200.15
• 10.100.200.16/28, 10.100.200.17 – 30, 10.100.200.31
• 10.100.200.32/28, 10.100.200.33 – 46, 10.100.200.47
• (10 more subnets that increment by 16 go here)
• 10.100.200.208/28, 10.100.200.209 – 222, 10.100.200.223
• 10.100.200.224/28, 10.100.200.225 – 238, 10.100.200.239
• 10.100.200.240/28, 10.100.200.241 – 254, 10.100.200.255
Given the same address space of 10.100.200.0/24, find the mask that will give 20
subnets of 10 hosts each.
Since this is a total of 200 host addresses, we think that it should fit into the specified /24 address space. Refer-
ring to the Powers of Two chart, we see that for 10 hosts per subnet, we need 4 host bits (which actually allows
14 hosts per subnet), and that 20 subnets requires 5 subnet bits (which allows 32 subnets). Four bits plus 5 bits
is 9 bits, and that’s a problem, because the address space is specified as a /24, so we have only 8 bits to work
with (we can’t touch any of the first 24 bits). The only solution would be to obtain additional address space.
Given a host address of 192.168.1.100 and a subnet mask of /27, determine the
host’s subnet, the legal range of host addresses on that subnet, and the broad-
cast address for the subnet.
The first step is to determine the subnet increment. Since there are 5 host bits (32 total bits in the mask minus
27 network-type bits), the increment is 32 (from the chart, 25 is 32). Thus, the subnets (incrementing by 32 in
the last octet) are:
• 192.168.1.0/27
• 192.168.1.32/27
Since 100 lies between 96 and 128, the host is on the 192.168.1.96/27 subnet. Based on the shortcuts we de-
veloped before, we can determine that the range of hosts on that subnet is 192.168.1.97 – 126 (one more than
the current subnet to two less than the next subnet), and that the broadcast address is 192.168.1.127 (one less
than the next subnet).
Let’s do another.
Recall that when given a mask in dotted-decimal, the subnet increment can be determined three ways:
• Subtract the value in the octet of interest from 256
• Two to the number of host bits in the octet of interest.
• The value of the least significant subnet bit
In the case of a 255.255.255.192 mask, the first approach gives: 256 – 192 = 64. For the second approach, a
255.255.255.192 mask is a /26 (that is, 6 host bits), and 26 is 64. In the third approach, a decimal 192 is equiva-
lent to 11000000 in binary, and the least significant subnet bit (the rightmost one) is the 64 bit. No matter how
you do it, the increment is 64. Since the increment is 64 (in the last octet), the subnets are:
• 10.50.100.0/26
• 10.50.100.64/26
• 10.50.100.128/26
• 10.50.100.192/26
Since 200 is greater than 192 (the last subnet), the host is on the 10.50.100.192/26 subnet, the range of hosts
on that subnet is 10.50.100.193 – 254, the broadcast address is 10.50.100.255, and we’re done!
In this example, the address is 10.1.2.153, and the mask is 255.255.255.252 (that is, /30). Based on the mask,
we can see that the subnets increment by four. Just take 256 and subtract 252, or use the fact that there are 2
host bits, or that the rightmost one in 11111100 (252 written in binary) is worth four. While it’s possible to count
by fours all the way to 153, that would be boring, so let’s just divide 153 by 4, giving 38 (if we round down).
Now multiply 38 times 4, which is 152. Thus, the subnet is 152 (10.1.2.152/30), the range is 10.1.2.153 – 154,
and the broadcast is 10.1.2.155 (the next subnet is 10.1.2.156).
Note that you can also use the increment to determine the subnet mask in dotted-decimal form. Simply subtract
the increment (2) from 256, and that’s the value in the octet of interest (the third). In other words, the mask is
255.255.254.0 (same as a /23).
First, the basic idea is the same as what we were doing before, we’re just operating in a different octet.
Second, when subnetting with a /23 mask, an address like 172.16.1.0 is a legal host address (with that mask,
it’s neither a subnet nor a broadcast address). It looks kind of weird, but it’s perfectly legit.
Third, since most workgroups (VLANs) have fewer than 254 hosts (employees, whatever), you don’t see subnet
masks of /23 used very often (nor anything in the range of /9 to /23, for that matter).
Given an address space of 10.0.0.0/8, subnet it such that there are 1000 subnets
supporting 1000 hosts each.
Since a million (1000 times 1000) is less than the approximately sixteen million host capacity of a /8 address
space (a Class A network), we’re ready to go.
As always, we use the number of hosts per subnet to determine the number of host bits required. A thousand
hosts per subnet is off the chart, but it’s easy to see that if 9 host bits allows 510 hosts, then 10 host bits allows
for 1022 hosts (210 is 1024, minus the 2 reserved addresses gives 1022). Likewise, 1000 subnets requires 10
subnet bits (which allows for 1024 subnets). That’s a total of 20 bits.
Since we only need 20 bits, but we have 24 bits to work with (32 minus the 8 specifying the address space), we
have 4 “extra” bits, so at this point we have a decision to make. Since there are 32 bits in a subnet mask, the
number of network bits plus subnet bits plus host bits must equal 32. We could make the extra bits subnet bits,
or host bits, or split them between the two.
To leave room for growth in both the number of subnets and the size of each subnet, let’s split the difference,
using 12 host bits and 12 subnet bits (allowing for up to 4096 subnets, each containing up to 4094 hosts), and
results in a /20 mask. This means that there are 4 host bits in the third octet, so the subnets increment by 16 (24)
in the third octet, and the dotted-decimal mask is 255.255.240.0 (256 minus 16 in the third octet).
Using the same logic, in case we’re interested the broadcast addresses are:
• 10.0.0.0/20, Broadcast: 10.0.15.255
• 10.0.16.0/20, Broadcast: 10.0.31.255
• 10.0.32.0/20, Broadcast: 10.0.47.255
• (12 more subnets that increment by sixteen go here)
• 10.0.240.0/20, Broadcast: 10.0.255.255
• 10.1.0.0/20, Broadcast: 10.1.15.255
• 10.1.16.0/20, Broadcast: 10.1.31.255
• 10.1.32.0/20, Broadcast: 10.1.47.255
• (4074 more subnets that increment by sixteen go here)
• 10.255.208.0/20, Broadcast: 10.255.223.255
• 10.255.224.0/20, Broadcast: 10.255.239.255
• 10.255.240.0/20, Broadcast: 10.255.255.255
Given an address space of 10.5.64.0/18, find the mask that gives 50 subnets, with
the maximum number of hosts per subnet.
For 50 subnets, we need 6 subnet bits (allowing a maximum of 64 subnets). Since 6 (subnets bits) plus 18
(specified with the address space) is 24, we need a /24 mask (255.255.255.0), and the subnets increment by one
in the third octet. Also, because we’re left with 8 host bits (32 minus 24), we can have up to 254 hosts per sub-
net. In other words, it’s as if we have 64 Class C networks starting with 10.5.64.0 at our disposal. The subnets,
their ranges and broadcasts are:
• 10.5.64.0/24, range: 10.5.64.1 – 10.5.64.254, BC: 10.5.64.255
• 10.5.65.0/24, range: 10.5.65.1 – 10.5.65.254, BC: 10.5.65.255
• (60 more subnets that increment by one in the third octet go here)
• 10.5.126.0/24, range: 10.5.126.1 – 10.5.126.254, BC: 10.5.126.255
• 10.5.127.0/24, range: 10.5.127.1 – 10.5.127.254, BC: 10.5.127.255
Remember that we’re interested in the third octet. Since 30 lies between 16 and 32, the host is on the
10.20.16.0/20 subnet, the range is 10.20.16.1 – 10.20.31.254, and the broadcast address is 10.20.31.255 for
that subnet.
Let’s do another.
We can see from the mask that we’re interested in the third octet. Further, since 256 minus 224 is 32, the sub-
nets increment by 32 in that octet. Thus, the subnets are 172.16.0.0/19 (and counting by 32 in the third octet),
32, 64, 96, 128, etc. Since 100 lies between 96 and 128, the host is on the 172.16.96.0/19 subnet, the range is
172.16.96.1 – 172.16.127.254, and the broadcast address is 172.16.96.255 for that subnet.
Given the host address 10.20.30.40 and a subnet mask of 255.192.0.0, find the
usual items.
We can see from the mask (which could also be written as a “/10″) that we are interested in the second octet.
Furthermore, since 256 minus 192 is 64, the subnets increment by 64 in the second octet. Thus, the subnets are
10.0.0.0/10, 10.64.0.0/20, 10.128.0.0/10, and 10.192.0.0/10 (since there are only 2 subnet bits, there are only
4 subnets). It’s the second octet that we’re interested in, and since 20 lies between 0 and 64, the host is on the
10.0.0.0/10 subnet, the range is 10.0.0.1 – 10.63.255.254, and the broadcast is 10.63.255.255 for that subnet.
First, since 14 lies between 8 and 16, we’re interested in the second octet. Next, since we’re dealing with a Class
A (8 network bits), a /14 mask means that there are 6 subnet bits and 2 host bits in the second octet. Because
22 is 4, the subnets increment by four in the second octet, thus: 10.0.0.0/14, 10.4.0.0/14, 10.8.0.0/14, etc.
While we could count all the way to 200 in the second octet, we can just use some math to shortcut it. Since
200 is an even multiple of four (4 times 50 is 200), 200 is a subnet (and 204 is the next subnet). Thus, the host is
on the 10.200.0.0/14 subnet, the range of legal host addresses on that subnet is 10.200.0.1 – 10.203.255.254,
and the broadcast is 10.203.255.255 for that subnet.
Note that when using a /14 mask with a Class A network, there are 6 subnet bits, allowing for up to 64 subnets,
and 18 host bits, allowing for 262,142 hosts per subnet (218 minus 2). That’s way off the powers of two chart,
and not likely to be used in the real world as a subnet mask.
One last thing … since the default mask for a Class A is /8, you’ll never see a subnet mask of less than /8. Thus,
you don’t have to worry about doing calculations in the first octet (although it would work exactly the same,
with the subnet increment based on the number of host bits in that octet).
Learn More
Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge.
Check out the following Global Knowledge courses:
ICND1 – Interconnecting Cisco Network Devices 1
ICND2 – Interconnecting Cisco Network Devices 2
CCNA Boot Camp
For more information or to register, visit www.globalknowledge.com or call 1-800-COURSES to speak with a
sales representative.
Our courses and enhanced, hands-on labs offer practical skills and tips that you can immediately put to use. Our
expert instructors draw upon their experiences to help you understand key concepts and how to apply them to
your specific work situation. Choose from our more than 700 courses, delivered through Classrooms, e-Learning,
and On-site sessions, to meet your IT and management training needs.