What is Subnetting?

Hello Giovanni

When planning IPv4 or IPv6 addressing schemes, almost everything you need to know is found within the subnetting course on the site:

Some fundamental principles to keep in mind:

1. Separate your network into subnets based on department or usage, or some other characteristic of grouping your hosts together. For example: Sales, Marketing, Management, Servers, Wi-Fi users, voice etc…
2. Estimate a growth rate for each subnet so that you have enough addresses within that subnet for the number of hosts and the expected number of hosts over the coming years. This is especially important for IPv4 implementations as subnets generally have limited number of addresses.
3. Remember that IP address schemes are also important for security, since placing different entities within different subnets will separate them logically, and security parameters (ACLs for example) can be placed at the locations of routing between those subnets.

Going through the lessons in this course will give you a very good idea of strategies for IP addressing. If you have any other specific questions after that, feel free to ask!

I hope this has been helpful!

Laz

Thanks for your reply.

Are there any best practise to choose the actual ip addresses to use ? and about the number of the vlans?

Thanks

Hello Giovanni

The approaches for IPv4 and IPv6 differ due to the different structure of the addressing as well as the different limitations in the number of addressing and subnetting.

For IPv4 the choice of actual addressing space doesn’t make much difference. If you are given a set of public addresses and are expected to use those in your network, then you really have no choice. However, if you use private addresses, then you can use any of those in the private address ranges equally well. Just make sure that you make the subnets large enough

For IPv6 it matters even less what addresses you choose, as long as they are within the range provided for you by the ISP (if they are public) or they are within the range of the Unique Local Addresses (ULA), which can be considered the IPv6 counterpart to IPv4 private addresses.

In both cases, you should separate your network into VLANs in order to provide security, for ease of administration, network efficiency, and limited broadcast domains. VLANs should be separated based on the following:

• use - voice VLAN, server VLAN, management VLAN, datacenter VLAN etc
• VLANs should be separated based also on departments
• they should also be created such that each one has a limited number of hosts

Remember that communication between VLANs requires routing, which means that you can apply security mechanisms (ACLs for example) between these VLANs thus giving you more flexibility in segregating your network.

I hope this has been helpful!

Laz

Hey,

I’m very new to networking, and I have been given an assignment I need to complete. Essentially it’s to create a small network from scratch.
I’ve been given my first task which I have suddenly hit a brick wall with.
So I’ve been given an IP range of 172.16.0.0/24 and need to create 64 further subnets. I’m stuck at this point, but also what has stumped me is that it asks that VLAN 10 is on Subnet 0 and VLAN 20 in on Subnet 1. To be honest, I have no idea where to start with this. I’ve been looking through VLSM router-on-a-stick, VLAN configs, everything that might have the slightest mention of what I need. But when I think I’m getting somewhere I suddenly hit another wall!
I hope someone can help me get over this wall!

After some digging I may have it. Hopefully someone can confirm this for me.

So splitting 172.16.0.0/24 into 64 subnets, this would be 172.16.0.0/22. But if I need to split this over 2 VLANs would this then be 172.16.0.0/21 for one VLAN and 172.16.1.0/21 for the other VLAN?

Thanks in advance!
Simon.

Hello Simon

Subnetting can become confusing simply because we’re trying to view IP addresses in decimal, when routers themselves see them only as binary entities. I hope some of the following will clear up your confusion.

When you are given an initial IP range and asked to subnet it into smaller subnets, the resulting prefix must get larger. For example, if 172.16.0.0/24 is your initial range, smaller subnets will have larger prefixes, so the /24 should be a bigger number. This is because the number of bits representing the network should be more, and the number of bits representing the host should be fewer.

The /24 prefix corresponds with a subnet mask of 255.255.255.0, which corresponds with 256 host addresses, including the network and broadcast addresses. Similarly, take a look at what other prefixes correspond to:

• /25 = 255.255.255.128 = 128 addresses including nw and bc
• /26 = 255.255.255.192 = 64 addresses including nw and bc
• /27 = 255.255.255.224 = 32 addresses including nw and bc
• /28 = 255.255.255.240 = 16 addresses including nw and bc
• /29 = 255.255.255.248 = 8 addresses including nw and bc
• /30 = 255.255.255.252 = 4 addresses including nw and bc

So if you start off with a /24 address range, you have 256 addresses. If you want to split this up into 64 smaller subnets, what size subnet would you have? To find out, do the following:

size of original subnet / number of subnets you want: 256/64 = 4

So you need to find the prefix, or subnet mask, that will give you subnets of size 4. Which is that? It’s /30 or 255.255.255.252.

So subnet 0 would be 172.16.0.0/30 which gives you a range of addresses from 172.16.0.0 to 172.16.0.3

Similarly:

• subnet 1 is 172.16.0.4/30 with a range of 172.16.0.4 to 172.16.0.7
• subnet 2 is 172.16.0.8/30 with a range of 172.16.0.8 to 172.16.0.11
• subnet 3 is 172.16.0.12/30 with a range of 172.16.0.12 to 172.16.0.15
• subnet 4 is 172.16.0.16/30 with a range of 172.16.0.16 to 172.16.0.19
• …
• subnet 1 is 172.16.0.248/30 with a range of 172.16.0.248 to 172.16.0.251
• subnet 1 is 172.16.0.252/30 with a range of 172.16.0.4 to 172.16.0.255

Now VLANs and their IDs have nothing to do with the actual IP addresses used for each subnet. You can choose to configure the hosts on a particular VLAN with whatever IP subnet you like. In your post, you mention that subnet 0 should be put on VLAN 10 and subnet 1 on VLAN 20. That’s achievable, just configure the hosts on those VLANs within the right subnets. If you are asked to configure the VLAN itself with an IP address (that is, on the switched virtual interface or SVI, then you can do so).

In order to further understand these concepts, I suggest you go through these lessons.

I hope this has been helpful!

Laz

Hi Laz,

Thank you so much for this reply. It has made things so much clearer! They make these things so confusing in the Cisco CCNA materials.

Regards,
Simon.

Hi,

I am new to the forum. Just need a clarification on basic subnetting.
For an IP address 11.25.0.0/24, I need to split it into two /30 (ptp) and the remaining IP’s to the third portion.
Also for an IPv6 address 2650:11:25::/64. I need to split it into two /127 (ptp) and the remaining IP’s to the third portion.

Kindly explain how to do that please

Thanks

Hello Ankush

Welcome and great to have you with us!

For your first question, we have 11.25.0.0/24 and you need to deliver two /30 subnets and place the remaining addresses in a third subnet. Well, to create two subnets of /30 you begin with your network address of 11.25.0.0 and a subnet mask of 255.255.255.252. Let’s put the last octet in binary and compare these two:

    11.25.0.00000000
255.255.255.11111100

Since the subnet mask has two zeros at the end, that means that we can only change the last two binary digits of the address for this subnet. So we have:

• network address: 11.25.0.00000000
• first host address: 11.25.0.00000001
• last host address: 11.25.0.00000010
• broadcast address: 11.25.0.00000011

In decimal:

• network address: 11.25.0.0
• first host address: 11.25.0.1
• last host address: 11.25.0.2
• broadcast address: 11.25.0.3

The network address of the next subnet will be the broadcast address of the previous subnet + 1 which is 11.25.0.4. Now using the same process:

    11.25.0.00000100
255.255.255.11111100

Again, since the subnet mask has two zeros at the end, that means that we can only change the last two binary digits of the address for this subnet. So we have:

• network address: 11.25.0.00000100
• first host address: 11.25.0.00000101
• last host address: 11.25.0.00000110
• broadcast address: 11.25.0.00000111

In decimal:

• network address: 11.25.0.4
• first host address: 11.25.0.5
• last host address: 11.25.0.6
• broadcast address: 11.25.0.7

Now, for the rest of the subnet, it is not possible to place all of the rest of the IP addresses into a single subnet. This is because the whole of the original /24 subnet given to you can have up to 256 addresses, but it can only be split into specific sizes. A subnet can have a size of 256, or 128, or 64, or 32, or 16, or 8, or 4. Currently, you’ve used addresses ranging from 11.25.0.0 to 11.25.0.7. There are 248 addresses left, but you can’t have a subnet of that size.

However, you can separate the rest of the addresses into several subnets that in their entirety equal a size of 248. For example, if you create a subnet of size 128, and another of 64, another of 32 another of 16, and another of 8, you will have a total of 248 addresses.

You can find out more about this in the following lesson:

For the IPv6 address, you typically wouldn’t create point-to-point addresses of the /127 type. However, if you chose to do so, you would have the same problem as in IPv4, where the rest of the addresses within the /64 prefix would have to be created out of multiple subnets that total the remaining address space. This quickly becomes more complex in IPv6 and this is one reason why this is typically not done.

I hope this has been helpful!

Laz

i am able to assign this ip in PC
192.168.1.1
255.0.0.0
i cant assign this below given IP.
10.1.1.1
128.0.0.0

why ??

Hello Narad

To be honest, this is the first time I’ve come across this, but it is a very interesting scenario!! So why can’t you assign such an IP address and subnet mask combination? Because this will result in a network address of 0.0.0.0, something that is not allowed. Let’s take a look at it in binary:

• 10.1.1.1 = 00001010.00000001.00000001.00000001
• 128.0.0.0 = 10000000.00000000.00000000.00000000

To get the network address, you AND them:

00001010.00000001.00000001.00000001
10000000.00000000.00000000.00000000

---

00000000.00000000.00000000.00000000

The result is 0.0.0.0, which is not an acceptable network address.

You get a clue from the message that a Windows PC will give you if you attempt such an IP address/subnet mask combination:

In order for the 128.0.0.0 subnet to be valid, it can only be used with an IP address that has a leading “1” in the binary form of the address. Otherwise, you end up with 0.0.0.0, an invalid network address.

I hope this has been helpful!

Laz

Thank you for this lesson. I was able to configure this on Cisco Packet Tracer for the single subnet size. I am so happy it works; it took me three days to get all the configurations right. The next step is to configure multiple subnet size as well.

Hello Yannick

Great job! Yes, I see that all of your subnets are /24. I wish you success in your attempts at providing variable length subnet masks, and if you need any help, let us know!

I hope this has been helpful!

Laz

Done with the implementation of variable-length subnet masks. Very helpful, thank you!!

Hello Yannick

Good job, way to go! Thanks for sharing your success with us!

Laz

Hi , i want know if exist subnet calculator tool who export all calculated Subnet in Excel Format

Thanks

Hello Ugo

Doing a quick search on the Internet, I found several Excel spreadsheets you can download and use to make your subnetting calculations. There are some ingenious ones that essentially allow you to put in your parameters, and it will output the calculated subnets and subnet masks you require.

I hope this has been helpful!

Laz

A couple questions:
Why do router pairs need a subnet between them?

Why are subnets associated with switches, not with routers?

Hello Ben

When you connect two routers to each other, they require a subnet to be assigned to their connection so that they can communicate. Remember, the interfaces on a router are considered Layer 3 interfaces. That means that they must be assigned an IP address. Take a look at this diagram:

Each of those links is considered a single broadcast domain, indicated by the red ovals. A broadcast domain is always bordered by a router. A broadcast domain must by definition contain a single subnet, and is considered a single network segment. These are all related terms that describe the same thing but from a different point of view. So because the link between two routers has interfaces that have IP addresses, and because each of those links represents a single broadcast domain/network segment/subnet, you must define a single IP subnet for that link when you configure your IP addressing scheme. It is essentially a network segment that contains only two devices (or hosts), which are the two interfaces of the connected routers.

Well, subnets are not necessarily associated with only switches. As you can see from my explanation above, subnets are associated with broadcast domains/network segments. These entities are bordered by routers. However, switches have the capability of logically subdividing their ports into multiple network segments/broadcast domains. And these are called VLANs. So in this sense, switches can subdivide their ports into separate VLANs, each of which gets its own subnet. Switches allow many devices (hosts) to be configured on the same subnet (unlike a point-to-point connection between routers), creating broadcast domains with dozens or even hundreds of hosts in each.

So broadcast domains, network segments, and VLANs are all related, and each of those gets a single subnet when we are addressing them using IP addresses. Does that make sense?

I hope this has been helpful!

Laz