Subnetting Made Simple

Updated 2005-03-16

Many books on subnetting will bore the crap out of you with "The history of the Ethernet started in 1980 with the 802.1... zzzz..." and look, you've fallen asleep and gotten drool on your nice new $75 Cisco CCNA Manual. I plan on making this page simple and to the point. There are three things I want you to remember first:

  1. Those decimal numbers are MEANINGLESS. 192.168.foo.blahblah... they are confusing because the computer has helpfully turned binary into decimal numbers. Forget about them for now. Just think, "the computer doesn't know what 192 is... shouldn't I know how the computer thinks?" Yes. Yes you should. And it's not hard. Binary is easy; there's only 2 numbers to remember: 1 and 0, on and off. Like a light switch. In fact, that's how computers think: millions of on and off switches. Marvel in that thought. I'll wait.
  2. No octet (the decimal numbers between the dots, of which there are 4 sets) can be less than 0 and over 255. In fact, often an IP address will not end with either 0 or 255.
  3. I will swear in this document. Take THAT!

What's an IP address?

Three things to remember to set up an IP address:
  1. IP address is like the address on your house. It's how your computer is found on the network. There can only be one IP with that address on that network. Now, some IP addresses, especially private ones, are duplicated in separate networks. But if you set the IP to 10.20.4.12... there better be only one computer with that address on your network.
  2. The network mask is simply how the computer knows which part of the IP is the network bits versus the hosts bits. Like separating jellybeans with a friend: "Here, Mr. Network, these jellybeans on the left are for you, and I keep the ones on the right for me, Mr. Hosts."
  3. The broadcast address is reserved for multicasting, basically the last useable address in a block, which is used for broadcasts on the network that don't want to hear back from anyone, or maybe only a few hosts. Like shouting into a megaphone in a crowd, "Okay, who here has not gotten a raffle ticket? Last call..." You only want to hear from the people that don't have one, not "I have one" from everyone else.

What's a default gateway?

You don't really need one to get an IP, but I hear people ask this a lot. A default gateway is where the network sends packets that it doesn't know what to do with. This is your network saying, "This isn't mine, here, you take it." If the gateway doesn't know where it goes, it passes it to ITS default gateway, "this isn't mine, here, you take it," and so on up the chain until someone takes it, or it comes back, "Bzzzt... can't find address. Thank you for playing." A default gateway is only needed if you have to send traffic outside your network, for like, you know, Internet browsing and such. But if you have 10 computers in a LAN party, and don't want outside access, you don't really need one.

DHCP vs Static IP?

DHCP means a DHCP server on a machine gives you an address, netmask, broadcast, and default gateway. Your machine boots up, sends out a multicast "Hey! Yo! Over here! I need IP, dog!" and the DHCP goes, "I got your IP right here, G!" Then the machine sets itself. This IP is taken from a "pool" of free IP addresses, and each time the machine makes another request for an IP, it may end up with a different one. DHCP is best for laptops or workstations where the IP address doesn't really matter just as long as you have one. It also is great for managing networks. Static IP means the machine always has the same IP, which is most useful for servers. Usually, though, you have to set everything yourself.

1. Determine the class of your network.

This is taken from the first octet in the IP address.

Octet Range Class Default Subnet Mask Private Addressing Notes
1 - 126* Class A 255.0.0.0 10.x.x.x Used only by really high-level companies
*127.0.0.1 Loopback Used to test IP connectivity to self
128 - 191 Class B 255.255.0.0 172.16.x.x - 172.31.x.x Used by larger companies
192 - 223 Class C 255.255.255.0 192.168.x.x - 192.168.255.x Used by a majority of other companies
224 - 239 Class D
n/a
n/a
 Multiclass Broadcast only
240 - 255 Class E
n/a
n/a
 Experimental: Reserved for future use

2. Determine how many bits you must borrow from the hosts portion.

Use the following equation:

2n - 2 >= Number of subnets required

So if you need 25 subnets:

  1. 2n - 2 >= 25
  2. 2n - 2 >= 25
  3. 25 - 2>= 25
  4. 32 - 2 >= 25

If n = 4 then it would have been 16, less than 25.

Note: At this point, you should account for expandability, if you are going to need more than 30 (25-2 )sub-networks in the future, you should go one greater, like 62 (26-2). Remember, the more networks you have, the less collision domains you have. But you will need routers to get them to speak to each other.

3. Make your custom subnet mask.

First, you need to determine your default mask above. To illustrate this better, let's toss our ten-digit fingers out the window, and think of them as nothing more than nonsense labels for the moment. Computers don't have fingers or toes, only switches.

Suppose you had this address: 192.168.35.x In binary, it looks like this: 11000000.10101000.00100011.x
Looking at the default subnet mask: 255.255.255.0 Which the computer sees as: 11111111.11111111.11111111.00000000
Now since n = 5 in the example above, we know we must steal five bits, which is done from left to right 255.255.255.248 This is easier to see in binary: 11111111.11111111.11111111.11111000

As you can see, this makes less sense in our decimal world. "Huh? 248? WTF?!" Easy, tiger. This is simpler than it looks. See, each "bit" from left to right represents a factor of 2some power. Here's how we break down an octet:

Power of: 27 26 25 24 23 22 21 20
Decimal Number 128 64 32 16 8 4 2 1
Binary Number 1 1 1 1 1 0 0 0

So 5 bits stolen is really 128 + 64 + 32 + 16 + 8 = 248 (in decimal). If you think this is fun, wait until I write about Binary to Hexadecimal! But now we are getting off topic.

4. Find out your hosts per network.

Okay, you have the new subnet mask, now what? "What the heck are my goddamn IP address ranges???" Whoa, too much caffeine, there, dude. But rest assured, even with too much Mountain Dew sloshing in your belly, you can do this. First, we have to determine the number of hosts per subnet. This is also better understood in binary:

Now, remember your default mask? Unless you have ADHD, you know it as: 255.255.255.248 But again, it's easier to see in binary 11111111.11111111.11111111.11111000
Since the 11111111.11111111.11111111.11111xxx is the network portion, then the remaining bits (which are zeros) are the hosts portion! Forget decimal for now Hosts (oooh): 11111111.11111111.11111111.11111000

Now, I may not be a bright man, but even I can tell there are only 3 bits left. So we use a familiar looking equation again to determine how many hosts (anything that needs an IP address to function) we have for each network.

2n - 2 >= Number of hosts per subnet

So in this case, 23 - 2 = 8 - 2 = 6 hosts per subnet. Wow, that's not a whole lot. But you do have a Class C address, and you were the bozo that wanted 25 networks.

5. Now we determine the subnet ranges!

Bet you thought we'd never get here. There is an incrementing interval we find find out first. That's EASY. It's:

256 - subnet mask = Interval

So, in our example, 256 - 248 = 8! Well, whattia know! This will also be the value of the lowest network, unless you are including zero networks, but for this case, we won't. So, now we start moving the tables around.

Subnet Subnet Address First useable IP Address Last useable IP address Broadcast Address
First 192.168.35.8 192.168.35.9 192.168.35.14 192.168.35.15
Second 192.168.35.16 192.168.35.17 192.168.35.22 192.168.35.23
Third 192.168.35.24 192.168.35.25 192.168.35.30 192.168.35.31
Fourth 192.168.35.32 192.168.35.33 192.168.35.38 192.168.35.39
... 30th 192.168.35.240 192.168.35.241 192.168.35.246 192.168.35.247

Note we didn't use the 192.168.35.0 or 192.168.35.248 networks. We usually discard the first and last (which is why there are only 30 instead of 32 available in the equation above). This makes sense because the first would have 192.168.35.0 as a subnet, when it's really considered the name of a whole network. And 192.168.35.248 would have 192.168.35.255 as a broadcast address for a subnet when it should be the default broadcast for the whole 192.168.35.0 network. This will confuse people later on. But I'd be a liar in a Viking hat if I said that it hasn't been done before. It's just not a good IDEA. Many subnet calculators out there also include these networks, usually called zero networks.

More Examples

We're going to go through more examples now, so you can understand more.

Example 1

Problem: Given IP range of 10.x.x.x, and you have to create 10 subnets.

  1. You have a Class A address. Default mask is 255.0.0.0
  2. 24 - 2 = 14, which is > 10. So we need to steal 4 bits from the host portion.
  3. That means our subnet mask is 255.(128+64+32+16).0.0 = 255.240.0.0
  4. Our host bits left are 20, so 220 - 2 = 1,048,574 hosts per net (that ought to be enough)
  5. Our interval is 256 - 240 or 16. So we know the first network is 10.16.0.0!
    Subnet Subnet Address First useable IP Address Last useable IP address Broadcast Address
    First 10.16.0.0 10.16.0.1 10.31.255.254 10.31.255.255
    Second 10.32.0.0 10.32.0.1 10.47.255.254 10.47.255.255
    Third 10.48.0.0 10.48.0.1 10.63.255.254 10.63.255.255
    ...14th 10.224.0.0 10.224.0.1 10.239.255.254 10.239.255.255

Example 2

Problem: Given IP range of 129.50.x.x, and you have to create subnets for each state in the US.

  1. You have a Class B address. Default mask is 255.255.0.0
  2. 26 - 2 = 62, which is > 50. So we need to steal 6 bits from the host portion.
  3. That means our subnet mask is 255.255.(128+64+32+16+8+4).0 = 255.255.252.0
  4. Our host bits left are 10, so 210 - 2 = 1,024 hosts per net.
  5. Our interval is 256 - 252 or 4. So we know the first network is 129.50.4.0!
    Subnet Subnet Address First useable IP Address Last useable IP address Broadcast Address
    First 129.50.4.0 129.50.4.1 129.50.7.254 129.50.7.255
    Second 129.50.8.0 129.50.8.1 129.50.11.254 129.50.11.255
    Third 129.50.12.0 129.50.12.1 129.50.15.254 129.50.15.255
    ...50th 129.50.200.0 129.50.200.1 129.50.203.254 129.50.203.255
    ...62nd 129.50.248.0 129.50.248.1 129.50.251.254 129.50.251.255
    You have 12 subnets left over for expansions into Guam, Puerto Rico, and the US Virgin Islands.

Example 3

Problem: You are a poor contractor, signed up for a great contract with the British Government to set up 2 monitoring stations in each country in the whole world. You got the IP range of 222.100.42.x. Can you do it with separate networks for each country?

  1. You have a Class C address. Default mask is 255.255.255.0
  2. 28 - 2 = 254, which is > 192. So we need to steal 8 bits from the host portion.
  3. That means our subnet mask is 255.255.255.(128+64+32+16+8+4+2+1) = 255.255.255.255
  4. Our host bits left are 0, so no can do!

Problem: How about just the countries in Europe?

  1. You have a Class C address. Default mask is 255.255.255.0
  2. 26 - 2 = 62, which is > 44. So we need to steal 6 bits from the host portion.
  3. That means our subnet mask is 255.255.255.(128+64+32+16+8+4) = 255.255.255.252
  4. Our host bits left are 2, so 22 - 2 = 2 hosts per net... just enough!
  5. Our interval is 256 - 252 or 4. So we know the first network is 222.100.42.4!
    Subnet Subnet Address First useable IP Address Last useable IP address Broadcast Address
    Albania 222.100.42.4 222.100.42.5 222.100.42.6 222.100.42.7
    Andorra 222.100.42.8 222.100.42.9 222.100.42.10 222.100.42.11
    Austria 222.100.42.12 222.100.42.13 222.100.42.14 222.100.42.15
    ...Serbia/Montenegro 222.100.42.176 222.100.42.177 222.100.42.178 222.100.42.179
    ...62nd 222.100.42.248 222.100.42.249 222.100.42.250 222.100.42.251
    You have 12 subnets left over for expansions into some of the Middle Eastern regions.

See, it's not that hard, once you think in binary. Some classes you take might ask you to think in HEX, which is like having 10 fingers and using all the toes on one foot. They go 0,1,2,3...9 and then A,B,C,D,E, and F for 10-15. "Hexadecimal" means "six and ten" or 16, which is 0-15 (remember, computers always start with 0 when counting). In some of the old configs I have seen on Sun/Solaris boxes, I have seen the netmask as ff.ff.ff.C0. That's really 255.255.255.192, because ff = 16 x 16 numbers, or 256, which is 0-255 in range.

And you now know what that is in binary, right? ;-)

[ Home ] [ How-To ] [ What's New ] [ About Me ] [ My Writings ] [ Web Links ] [ Post Office ]