Jump to content

Ip subnetting question share your own experiece.


Recommended Posts

I have been all over google youtube and everywhere else. I am trying to recertify cisco ccna. How I think about it 2 raised to the borrowed bits gives me the number of subnets. 2 raised to the number of 0's or bits not turned on gives you the number of hosts -2 is num of hosts per subnet. When they ask which of these is valid host addresses it throws me off. What is the fifth host in a certain subnet. I managed to make an 88 on this chapter when I took it again. In 2002 I could do this with no problem. That was pre brain damage/surgery.

Maybe I should of asked how to understand the language these questions are in. Find valid host address means the ones that our not network or broadcast address. I want to get better at this.

Link to comment
Share on other sites

It took me many tries and lessons to understand how subnetting works. It wasn't easy, but my lecturer had a great deal of patience and understanding of it, which helped a lot.

But with repetitive practice, it becomes natural and everything falls in place.



And here's a link to a video, to help you out further

Edited by Infiltrator
Link to comment
Share on other sites

  • 2 weeks later...
And here's a link to a video, to help you out further

I suspect somebody made him a bet...

He managed to explain in very convoluted terms, what subnetting is and what subnet masks are, without ever using the word "binary".

*strokes beard*

The first half is pretty good, but the subnetting part isn't explained very well at all.

Edited by ApacheTech Consultancy
Link to comment
Share on other sites

I've found a much better video than the one above which explains subnetting in the most wonderfully simple way.

I don't think you can get a more definitive, concise guide than this:

Link to comment
Share on other sites

  • 1 month later...

Whatever rows your boat brother. Glad you found a better video, that's how the community grows, by helping each other out.

Link to comment
Share on other sites

Those guys probably explain sub-netting better then me but I'll go ahead and give you how I understand it.

Lets use the address

So what do we know about this address? Well it is a network address, and a class C address that means the default netmask is and we are sub-netting the last octet.

Now look at the citer mask, /26. This means that there are 26 bits turned on so in binary the netmask would look like this

128 64 32 16 8 4 2 1 . 128 64 32 16 8 4 2 1 . 128 64 32 16 8 4 2 1 . 128 64 32 16 8 4 2 1

1 1 1 1 1 1 1 1 . 1 1 1 1 1 1 1 1 . 1 1 1 1 1 1 1 1 . 1 1 0 0 0 0 0 0

And if we add all of this together we find the netmask to be:

Now we find the number of subnets we have according to the number of extra bits turned on after the default address, in this case we have 2. So we take the number of bits and put that as an exponent to 2 (2 ** x; (x = network bits on after default mask)).

So in this case 2**2 = 4.

We have 4 subnets.

The hosts is very similar but instead of looking at the bits turned on we look at the bits turned off, in this case we have 6. Our equation for this is 2**x - 2 (one for the network address and one for the broadcast)

2 ** 6 - 2 = 62

We have 62 host addresses on each subnet.

Network 1 contains the following address: <-- network address
... <-- broadcast address

and the next network starts at and ends at and so on.

I hope I didn't repeat to much of what you already know and that I helped clear it up for you!

PS: A little trick that helps me is that the broadcast address is always an odd number, never even.

Edited by newbi3
Link to comment
Share on other sites

Subnetting is worth learning. If you plan on working in networking, or doing anything Cisco related, then yes, you will need to understand it for routing, switching, etc. However, and I hate to go the easy route, but if you're in a pinch at work and need to setup a setup of subnets and need to know the masks and cidr notation and don't have the chops to do the math manually(which you really should learn, its valuable knowledge) you can always use http://www.subnet-calculator.com/

For me when I took my cisco class, I did the assignments manually, and then double checked them against http://www.subnet-calculator.com/ to make sure I was correct. Bottom line, learn it, and understand it, as well as supernetting** (yes, you can not only subnet, but also take it the other way). This will come in handy for vlans and voip when setting up different corporate network departments so servers can't be seen from one department to the next without the proper subnet configuration. Just be sure to put in ACL rules, to enforce no one tries supernetting onto a segment of a subnet they weren't supposed to be able to reach.

Link to comment
Share on other sites

Here's a question. When working with subnets, is it best to back up the subnetting with VLANs, or will pure software subnetting suffice for all purposes?

At what stage of a network's evolution (developing and expanding over time), should VLANs be put in place and should these VLANs be used alongside or instead of software subnetting?

EDIT: To back up this question with an example, here is a hypothetical scenario:


This depicts two buildings housing different areas of one company. There are on average 30 devices within each office connected to a switch, which is in turn connected to the router for each building. The buildings are connected via PPP E3 to form a single MAN.

For this set up, or one similar, would VLANs be recommended to control subnetting, or would pure software subnetting suffice? If not, How much more complex would the topology have to be to warrant using VLANs?

Edited by ApacheTech Consultancy
Link to comment
Share on other sites

Vlans can share the same subnet mask while having the switch and router handle the Vlan ID's and trunking if setup properly, and the vlans will never see each other(they just can't share the same IP's, so in a way you are still pooling addresses together for different vlans but don't necessarily have to do it with subnetting, its just safer to subnet as well since one subnet can't speak to another unless they have a common route or routing table/gateway between them). Just know that Vlan1 is like 99% of the time seen by all other vlans which is to say, carefully plan your topology and routing table per routers interfaces/id's and your routers and disable vlan1 when setting up vlans since its like a broadcast to everyone.

Aside from securing different segments of the lan in general, subnetting allows you to slice up the network and reserve pools of addresses so they aren't wasted in case you need them later on for other network segments. Like on the internet, if one company needs a few static addresses, they can do so strictly by subnetting it to the company in chunks instead of owning a whole /24 network for a class C address, they can allowcate say, 6 IP's to them alone in one segment of IP space, which is how the internet is divided up for IPv4 now and why we ended up having to move to IPv6 since there are only so many address spaces available in IPv4.

With IPv6, this isn't really an issue any longer on the WWW due the enormous amount of address space available and the number of bits involved its pretty much going to last us damn near forever, but for Intranets, its important in how you use it and segment it, since most of it is still IPv4 on the intranet side with a mix of IPv6 built into Win7 and later, having IPv6 side by side going in and out of the lan from one workstation who is routable from the WWW can and will in most cases, bypass all firewall rules normally set for IPv4. Its a safety threat since your ID is basically static due to it being somewhat hardware based like a MAC address, other than link local addresses and what you purchase from IPv6 registrars or DNS, you are kind of stuck with your IPv6 address of your machine at its core since its designated by the hardware itself like a MAC address. Think of it like Layer 2 with no need for NAT and IP classes, you can route directly to the device.

I don't even want to learn IPv6 and securing it at this point just because of the dangers and easy fat finger firewall rules that will all be bypassed if you let one IPv6 address out on the web side from the intranet side. Makes for an easy target into a network if people don't have it setup properly and its not like IPv4, where you're going to be changing DNS and IP addresses to fix loose ends. IPv6 addresses can still be found if they are routable from the WWW. If one box is continually exposed with the same IPv6 address and routable from the WWW to the intranet workstation with that address, most likely it will still be reachable unless the IPv6 side is disabled or firewalled off from the web, leaving an entry way into a company network, which you can then pivot off of to the rest of the network, since that machine will most likely have both an IPv6 and 4 addres but the 4 address will be a LAN side address that lets you see the inner network. I have it disabled on all my devices and my router, but thats just me...paranoid admin of my home network.

Mubix did a neat segment on Toredo and how it can be used to find the same windows box, even when its IPv4 address changes, if they use 6to4 with the Toredo service and register with a company, like Microsoft to route Ipv6 for them. Makes persistence an easy way to relocate bind shells on machines listening for commands. Not sure how today's IPv6 works with the final standard since I don't use it at all, but like I said, its disabled on all of my network since there are too many factors to worry about, including an IPv6 router advertisement that can freeze many systems if they aren't soliciting the request but get one sent to them, you end up having to reboot the box to get it back up with no way to block it unless IPv6 is disabled. Not sure if msft even addressed or patched that at all, and they aren't the only OS to fall prey to this from what I understand since its based somewhat on the Ipv6 RFC, but don't quote me on that..

Link to comment
Share on other sites

Thanks for that, it's really informative. I had no idea IPv6 opened so many security holes. I don't want to break off onto too much of a tangent in here; it might be better in a new thread, but for the purposes of IPv6, how much inherent protection does the mandatory IPSec introduce? Luckily I'm not dealing with IPv6 in any managed networks yet, but I will be swatting up on it in the next couple of years. It's something I've found that even top SysAdmins and Network Technicians want to stay away from for as long as possible. There will come a time though when we're all gonna have to know it as well as we know IPv4.

Link to comment
Share on other sites

you all rock. My way of doing it might be a bit wrong borrow one bit get 2 subnets you lose hosts for net and broadcast in the process. two bits four subnets and so on. What I learned is find what works for you. Again you guys rock. The other thing that helps is setting up a network in a lab and testing different addresses.

Link to comment
Share on other sites

The borrowing of bits is a given, the biggest thing is how you logically get to that stage. If it's anyone's first time working with subnets, the biggest tip I could ever give is forget about decimal numbers. Decimals make it clumsy and inelegant to work with. Convert everything to binary and start from there. That's where the theory is best explained. As soon as becomes 11111111.11111111.11111111.11000000 you can instantly understand why we use 192 and not any other number. You instantly see why it's called /26 and you can instantly see where your network and hosts are.

Link to comment
Share on other sites

I used to have a subnet cheat sheet I used to use in Cisco class. Teacher liked it so much, he stole it and made copies for everyone. If I can find it, will post links. By the way, I didn't come up with the concept(this formula and way of subnetting is how it was explained in class and in our book), I just put it into a spreadsheet for my own use so it was easier for me to remember and understand it.


Sheets to use for reference. Can be confusing for those not familiar with subnet 0 and binary math but remembering that sequence and their masks helps:

128 - 064 - 032 - 016 - 008 - 004 - 002 - 001/000

128 - 192 - 224 - 240 - 248 - 252 - 254 - 255 > Subnet Mask 256bits (Counting from 0) and you are out of bits, which is why we now have IPv6.



Edited by digip
Link to comment
Share on other sites

The method we were taught in uni, I find a bit convoluted, but it is good as a way to get your head around why stuff happens whilst still working in decimal.

So follows...

IP Network Subnetting Exercises

You are often faced with having to work out the distribution and setting of IP addresses in a LAN when the allocated network address and subnetting mask number are already known. Typical questions that need to be answered are:

  • How many subnets does the given mask provide ?
  • How many valid hosts per subnet are available?
  • What are the valid subnet addresses?
  • What is the broadcast address for each subnet?
  • What is the range of valid hosts IP addresses in each subnet?

Lets consider how to work these out in turn.

There are different methods to find these but probably the simplest is to use the decimal notation.

Identify the subnet mask number in the relevant part of the IP address.

This depends on the Class of the network you are dealing with.

  • For a Class C network this will be the last decimal number in the mask
  • For a Class B network it would be the 3rd decimal number in the mask.

Whatever this number is subtract this from 256 and you will be left with another number; call this X, then:

  • Number of subnets is 256 / X
  • Number of valid hosts per subnet depends on the Class (C = X-2, B = 256X – 2)
  • Subnet address numbers start at .0 and increase by a factor X until .255 is reached.
  • The broadcast address is the last IP number before the next subnet starts.
  • Valid host IP numbers run consecutively between the subnet and broadcast addresses.
Edited by ApacheTech Consultancy
Link to comment
Share on other sites

Yeah, you always have to subtract 2, one for network ID, and one for Broadcast address. For example, leaving you with a subnbet of say 8 addresses, but only 6 assignable address since your first is the Network ID and the last is the broadcast unless your hardware does subnet 0 and isn't Microsoft based since they want classfull addressing prior to Vista I beleive or 7, so you had to use whole or even subnets, and wast massive amounts of assignable addresses as where with the cisco equipment itself, you could add the other bits. It became confusing for me, because my route was Network + > Cicsco CCNA > Then Microsoft MCSE which totall fucked me over in subnetting and wrapping my head around how they did subnetting using the "older" standard which most home devices still use anyway.

For example, in windows XP, you couldn't reach a website if its ending octet was 255, because it would automatically consider it a broadcast address. This actually happened to me at Dreamhost, where I could visit my own site in windows 7, but my mother who ran XP, could not get to the site at all. Took me about a month to figure out why, and had to have Dreamhost change the DNS address on site, and once they did that, my mother could then reach my site because it no longer ended in x.x.x.255 as its IP address. The older subnetting standard including XP and Server 2003's TCP/IP stack were written for a different RFC that made you throw away not just the first and last address but I believe 4 addresses which when it came to subnetting, meant reducing even further the number of assignable addresses you could use with older equipment and operating systems .




Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...