I’ve been asked to help people understand subetting and CIDR a few times. In this post I give a short tutorial. Subnetting is explained in many places, with a large variety of methods. The key to working out valid subnets however is simply a matter of understanding the binary maths behind it.
This guide teaches you a simple method, suitable for the Cisco CCNA or ICND1 exam.
The method I use when subnetting starts with the table below. The first row shows the decreasing powers of 2, or to put it simpler – starting with 1 on the right, keep doubling the number 8 times, you should end up with 128. The row under it is easily calculated by adding up the numbers in the row above. For example, the 2nd cell from the left on the 2nd row (192), is calculated by adding 128 and 64 from the row above. The 3rd number (224) is 128+64+32, or to simplify, it’s the previously calculated 192, added to 32. This explanation might sound a little complicated, but that’s just because I wanted to be sure you understand the table below fully. The numbers in this table will become second nature to you after a little practice.
If you are using this method for a Cisco exam, I would suggest writing this table down as soon as you start the exam, as it will be a useful reference for any subnetting questions you get.
The usage of the above chart is best explained by example, so I will start by talking though the following:
What is the broadcast address of the network 172.21.150.0 255.255.254.0?
The number of interest here is the ‘254’ – which in the chart above is in the 7th column. Working out the CIDR notation for this is simple now; we know that the first 16 bits must be 1 (to give 255.255), and we simply add on the 7 found in our chart. This would give us a prefix of 16+7, which is 23.
In binary, this would mean that the subnet mask would look like:
The broadcast address in a subnet is the last address in the range, so to work though this question we need to figure out the valid subnets – this is where the chart comes in useful. The top number in the chart above ‘254’ is 2 – which is the increment to the network part of the address. This means the following are valid subnets:
172.21.0.0 / 23 172.21.2.0 / 23 172.21.4.0 / 23 172.21.6.0 / 23 ... keeps going up in 2s ... 172.21.150.0 / 23 172.21.152.0 / 23 ... continues going up in 2s ...
As we can see above, the next network on from 172.21.150.0 is 172.21.152.0, which means the broadcast address must be 172.21.151.255. Additionally, we can see that we clearly have 510 assignable IP addresses – which is obvious from the above table, but can be worked out by doing (32 – 23)^2 – 2. To explain this calculation, if we have 23 bits (out of 32 – which is the length of a IPv4 address) identifying the network, we only have 9 bits left to identify a host. 9 bits gives us 512 unique addresses (9^2), but as each subnet needs a network address, and a broadcast address, we lose 2 addresses – so we have 510 usable addresses.
What is the first valid host on the subnetwork that the node 192.168.23.121/29 belongs to?
As a subnet mask is a 32 bit binary mask, a subnet mask length of 29, means we have 29 1’s, followed by 3 0’s. So here it is in binary:
11111111 11111111 11111111 11111000
We can see that the first 3 octets are 255, and therefore it’s only the last octet we are interested in. To find the matching row on the table above, we divide 29 by 8, and work with the remainder – which is 5. Looking at the chart, the 5th number along on the 2nd row is 248, so the subnet mask expressed in dotted notation is:
Above the number ‘248’ on the chart is the number 8, which means the network addresses go up in increments of 8:
192.168.23.0 / 29 192.168.23.8 / 29 192.168.23.16 / 29 ... 192.168.23.120 / 29 192.168.23.128 / 29 ...
We can see that the address 192.168.23.121 must be part of the network 192.168.23.120/29, who’s first valid address would be 192.168.23.121
To quickly calculate valid subnets, you can again use the table above. In this example, we know the networks increment by 8 each time, but you might not know your 8 times table very well to quickly establish that 192.168.23.120 is valid. Look at the table below, which is a modified version of the one at the top of the page.
It might not be obvious on your screen that the number ‘4’ in the top row is striked out!
All of the numbers above in bold that are not striked out are multiples of 8. The logic behind this is that all the numbers in the top row to the left of the number 8 are doubles of the number on the right, therefore everything must be divisible by 8. The bottom row, having been calculated by summing up the numbers on the top row, are also all multiples of 8 up until the 6th column. In the above example we are looking to see what subnet 192.168.23.121 is part of, so we can quickly see from the modified table above that 128 is a multiple of 8 , and therefore a good starting point to figure out the subnet for 192.168.23.121, in this case we just need to minus 8 from 128, which gives us 120.
This might be a little confusing at first, but when understand it will help you solve some questions a lot quicker.
Minimal text is used to explain the method in this example, to show just how simple it is.
What valid host range is the IP address 172.18.36.81/22 a part of?
22 bits for for the subnet mask, 22/8 gives a remainder of 6. 6th column means subnet mask is 255.255.252.0. Network increment is 4, nearest multiple of 4 to 36 is 36, next is 40. Range is 172.18.36.0 – 172.18.39.255, first and last can’t be used, therefore valid host range is:
172.18.36.1 - 172.18.39.254
The method above might seem a little wordy and long winded, but that’s just because I’m trying to explain it as well as I can. However, mastering this method is simple. In order to help you practice, try this very useful site to generate questions.