dwight reifsnyder - rmaug• ip configuration includes theip configuration includes the 192 168 1 1...

Dwight Reifsnyder

1009 IP Numbers and VLANs –Everything You Always Wanted To Know

Ad i i t i iAdministrivia

• Please remember to turn cell phones toPlease remember to turn cell phones to vibrate or off

• Please remember to complete the session pevaluation at the end of this session

• The session number is: 1009

Boulder Valley School District

• 50 Schools• 50 Schools• 28,000 Kids

• New Fiber Infrastructure• Extreme Networks• Avaya Phones

Boulder Valley School District

Early VoIPy

M d th fi t A• Managed the first AvayaVoIP implementation in Colorado

• Network Assessments didn’texist! We ‘learned by doing’

• As my spell checker• As my spell checker says, it was VoID!

VoIP Bedrock

• IP Numbers are one of the most basic building blocks of current networks

• Without really understanding IP numbers, Telecom Administrators can’t d l V IPdeploy VoIP

• If the Telecom Administrator cannot deploy VoIP, it will be turned over to the IT department

Avaya Certificationy

C i ti N t ki t tCommunications Networking test:

Given the IP number 207.174.21.156, with aGiven the IP number 207.174.21.156, with a subnet mask of 255.255.255.192, find:

) Th b f h t i th b ta) The number of hosts in the subnetb) The network addressc) The broadcast addressc) The broadcast address

What is an IP Number?

• An IP Number identifies a host ( t h ) b t j t(computer or phone) on a subnet, just like an extension identifies a phone on a cabinet

• IP configuration has 3 parts:IP Number – 192.168.1.1IP Number 192.168.1.1Subnet Mask – 255.255.255.0Gateway – 192.168.1.254

• What? Why 3 parts?

Phone Talk

• Telephones talk to each other on dedicated wires

• Ports are connected dedicated physical portsports

• How do computers find each other to talk?

Computer Talkp• Computers talk to other

computers in two ways.p y

Broadcast (L2)

Routing (L3)Routing (L3)

Inside Subnet - Broadcast

• Recipient is d t i d t bdetermined to be inside

M i t• Message is sent to all computers

Th i t d d• The intended recipient listens

Oth t• Other computers ignore the message

Outside Subnet - Routed

• Recipient determined• Recipient determined to be outside

• Message broadcast• Message broadcast to local Gateway (router)

• Gateway forwards message to destination subnetdestination subnet

• Message is broadcast to final destinationto final destination

IP Configuration – 3 Partsg

• IP Configuration includes the 192 168 1 1IP Configuration includes the host identifier (computer, phone, router, etc)

192.168.1.1

• IP Configuration includes a ‘subnet mask’ to show which destinations are inside and

255.255.255.0which are outside their subnet (broadcast vs routing)

• IP Configuration includes a gateway to reach all destinations outside the

b t

192.168.1.254

subnet

Dwight’s College DiplomaDwight s College Diploma

The blank space above is an accurate depiction of what was inside Dwight’s diploma case at graduation time.

Bits and Bytesy

Computers store things in binary• Computers store things in binary, either a zero or a one.

• A single zero or one is a bit. 8 zeros or ones are a byte.

IP Numbers

• An IP number is made up of 32 bits, p ,divided into four groups of 8 (four bytes).

11000000 10101000 00000001 00000001

IP Numbers for Humans• Since humans don’t usually speak binary,

we use the decimal systemy• Each byte (or octect) is written as a

decimal number ranging from 0 to 255• The decimal numbers are separated by

periods, or dots

192 168 1 1

11000000101010000000000100000001

192. 168. 1. 1

Binary Math – Really EasyBinary Math Really Easy

• Binary math is based on powers of 2, as y p ,opposed to powers of 10 for decimal math.

• Decimal math has a 1s place, 10s place, 100sDecimal math has a 1s place, 10s place, 100s place, etc…

• Binary math has a 1s place, 2s place, 4s place, 8s place, etc…place, 8s place, etc…

128 64 32 16 8 4 2 1bit 1 bit 2 bit 3 bit 4 bit 5 bit 6 bit 7 bit 8bit 1 bit 2 bit 3 bit 4 bit 5 bit 6 bit 7 bit 8

Most significant bit Least significant bit

Binary Math to DecimalBinary Math to Decimal

• When a bit is 0 its value is zeroWhen a bit is 0 its value is zero• When a bit is 1, its value is its place value • The total is the decimal value (the one we use)

• 11000000 = 128 + 64 = 192• 10101000 = 128 + 32 + 8 = 168• 11111111 = 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255

128 64 32 16 8 4 2 1128 64 32 16 8 4 2 1bit 1 bit 2 bit 3 bit 4 bit 5 bit 6 bit 7 bit 8


Binary-Decimal Translationy

11000000101010000000000100000001

192. 168. 1. 1

11000000101010000000000100000001

11000000 = 128 + 64 = 19210101000 = 128 + 32 + 8 = 16800000001 = 100000001 = 1

128 64 32 16 8 4 2 1bit 1 bit 2 bit 3 bit 4 bit 5 bit 6 bit 7 bit 8


Birthday Bytesy y

Dwight is 00101100 years old

Broadcast vs Routingg

• All computers reside in a subnet – ie, a portion of the larger network

• Computers choose broadcast or routing by deciding whether their destination is inside their subnet or outside of their subnet

• The subnet mask defines which is which, but how?

What does ‘Mask’ Mean?

mask [mæsk], Nounmask [mæsk], Noun

- a covering to disguise g gor conceal the face

- cover with a sauce; "mask the rottingmask the rotting meat with catsup“

- Block out, divide ,into parts

Subnet Masks Divide

• An IP Address is divided into two components• An IP Address is divided into two components

• The Network bits, or ‘outside part’• The Host bits, or ‘inside part’

This is kind of like area codes / DID blocks• This is kind of like area codes / DID blocks32-bit IP Address

Host BitsNetwork bits

Subnet Mask Secrets

• The subnet mask overlays the IP number

• Ones are network bits, zeros are host bits

11000000 10101000 00000001 0000000111000000 10101000 00000001 00000001IP Number

11111111 11111111 11111111 0000000011111111 11111111 11111111 00000000Subnet Mask

The Decimal Numbers


• Ones are network bits, zeros are host bits (this is a 24 bit subnet)

11000000 10101000 00000001 0000000111000000 10101000 00000001 00000001IP Number192 . 168 . 1 . 1192 . 168 . 1 . 1

11111111 11111111 11111111 0000000011111111 11111111 11111111 00000000Subnet Mask255 . 255 . 255 . 0

Bigger Subnetsgg


• Ones are network bits, zeros are host bits (this is a 16 bit subnet)

11000000 10101000 00000001 0000000111000000 10101000 00000001 00000001IP Number192 . 168 . 1 . 1192 . 168 . 1 . 1

11111111 11111111 00000000 0000000011111111 11111111 00000000 00000000Subnet Mask255 . 255 . 0 . 0

Who is In My Subnet?y

• The network bits of an IP number are the• The network bits of an IP number are the same for all hosts within a subnet.

• The host bits change for each host

Sesame Street for NetworksSesame Street for Networks

If the network bits are the same, the hosts are in the same subnet

If the network bits are different, the hosts are in the different subnets

Hosts in a 24 bit Subnet

• The network bits stay the same

• The host bits change for each host

Fi t H t IP192 . 168 . 1 . 0

11000000 10101000 00000001 00000000First Host IP

11000000 10101000 00000001 11111111Last Host IP192 . 168 . 1 . 255

11111111 11111111 11111111 00000000Subnet Mask255 . 255 . 255 . 0

11000000 10101000 00000001 11111111Last Host IP

11111111 11111111 11111111 00000000Subnet Mask

Questions

• Note to self – stop here to see if you have totally confused people, because the really hard part is coming next

Subnet Size

• Subnet masks that match to octets are easy to work witheasy to o t

• 255.255.255.0 Class C• 255 255 0 0 Class B• 255.255.0.0 Class B• 255.0.0.0 Class A

• Subnet masks that match to octets are not very efficient (256 hosts jumps to 65534!)

Variable Length Subnet MasksVariable Length Subnet Masks

• What about making things more efficient byWhat about making things more efficient by allowing subnets to be defined at any point in the 32 bit IP number?

• Aka ClasslessInter DomainInter DomainRouting or C I D R!

Valid Subnet Masks• Subnet masks use zeros and ones to

divide the IP number into network bits and host bits.

11111111 11111111 11111111 00000000 OK!

11111111 11111111 00000000 00000000 OK!

11111111 11111111 11110001 00011000 NO!

Dividing at Octects is Easyg y


• Each decimal number is either part of the network or part of the hostthe network, or part of the host

11000000 10101000 00000001 1100000111000000 10101000 00000001 11000001IP Number192 . 168 . 1 . 193192 . 168 . 1 . 193

11111111 11111111 11111111 0000000011111111 11111111 11111111 00000000Subnet Mask255 . 255 . 255 . 0

VLSM can divide Anywhere!


• A decimal number can be a combinationof network and host bits!of network and host bits!

0 + 1

11000000 10101000 00000001 0000000111000000 10101000 00000001 00000001IP Number192 . 168 . 1 . 1192 . 168 . 1 . 1192 . 168 . 1 . 1

11111111 11111111 11111111 1000000011111111 11111111 11111111 10000000Subnet Mask255 . 255 . 255 . 128

VLSM can divide Anywhere!


• A decimal number can be a combinationof network and host bits!of network and host bits!

128 + (64 +1)

11000000 10101000 00000001 1100000111000000 10101000 00000001 11000001IP Number192 . 168 . 1 . 193192 . 168 . 1 . 193192 . 168 . 1 . 193

11111111 11111111 11111111 1000000011111111 11111111 11111111 10000000Subnet Mask255 . 255 . 255 . 128

VLSM Subnets

• The network bits remain the same for all hosts in the subnet

• Subnets are not required to start at the decimal number zero

• A single decimal range (0-255) can be split into multiple subnets

VLSM – 25 bit Subnet

• The last decimal number is split into two subnetssubnets

• This is because the 25th bit can be a zero or a one

11000000 10101000 00000001 0 -------Subnet A192 . 168 . 1 . 0-127

11000000 10101000 00000001 0 Subnet A

11000000 10101000 00000001 1 -------Subnet B192 . 168 . 1 . 128-255

11111111 11111111 11111111 1 0000000Subnet Mask255 . 255 . 255 . 128

11000000 10101000 00000001 1

VLSM – 26 bit Subnet• The last decimal number is split into

four subnets

• This is because the 25th and 26th bit can form four combinations of zeros and onesones

11000000 10101000 00000001 00 ------Subnet A192 . 168 . 1 . 0-63

192 168 1 64 12711000000 10101000 00000001 01 ------Subnet B

192 . 168 . 1 . 64-127

11000000 10101000 00000001 10 ------Subnet C192 . 168 . 1 . 128-191

11000000 10101000 00000001 10 ------Subnet C

11000000 10101000 00000001 11 ------Subnet D192 . 168 . 1 . 192-255

11111111 11111111 11111111 11 000000Subnet Mask255 . 255 . 255 . 192

Subnet - Reserved Hosts

• The lowest number in a subnet (host bits• The lowest number in a subnet (host bits all zeros) is called the network address

• The highest number in a subnet (host bits all ones) is called the broadcast address)

• The available host addresses are all theThe available host addresses are all the remaining combinations of the host bits.

The Subnet Spreadsheetp• If you have an IP number and Subnet Mask,

the Subnet Spreadsheet shows you how big p y gthe subnet is, and what the first and last hosts in the subnet are.

192.168.1.189255 255 255 248255.255.255.248

VLSM / CIDR Notation

• Network administrators sometimes save• Network administrators sometimes save time by including the subnet mask as a slash (/) and then the number of network bits

192.168.1.1 / 26

Questions

• Note to self, stop here to let the smoke fromto let the smoke from the blown up brains disperse a little.

• Go back and review

• Collect the Test

Why Does this Matter?Why Does this Matter?

Li it d b f IP Add• Limited number of IP Addresses

• Splitting of Traffic

• Segregating Departments

• Troubleshooting of IP PhonesTroubleshooting of IP Phones

Binary Math JokeBinary Math Joke

There are only 10 kinds of people in this world – those who understand binary mathworld those who understand binary math and those who don’t

B k R Whil Y C !Break – Run While You Can!

• VLANs to follow after a short break to stretchVLANs to follow after a short break to stretch our legs

What’s the Point? Why Bother?

“IEEE 802 1Q tagging (VLAN) is a useful“IEEE 802.1Q tagging (VLAN) is a useful method of managing VoIP traffic in your LAN.

Avaya recommends that you establish a voice VLAN, set L2QVLAN to that VLAN and provide voice traffic with priority over other traffic.”

IP Phones LAN Admin Guide

VLANS S i O iVLANS – Session Overview

• Provide a basic understanding of VLANSg

• Discuss IP phone VLAN implementation

• We might accidentally learn some other useful information if we are not carefulinformation if we are not careful

49

Wh t i Vi t l LAN?What is a Virtual LAN?

• A virtual LAN, commonly known as a VLAN, is a , y ,method of creating independent logical networks within a physical network.

• Virtual LANs operate at Layer 2 (the data link layer) of the OSI model.of the OSI model.

Wikipedia

50

Background – The 7 layer burrito

OSI Model

Squishy, not specific

VLANs are in Layer 2

What Lives at Layer 2?

• Software –Software Ethernet Protocol

• End Points• Ethernet Hubs• Ethernet Switches• Ethernet Switches

L2 Hardware – Endpoints

• Phones and PCs are multi layer devices

• We will talk about them at layer 2 today

L2 Hardware – Network Hub

• Network Hubs –

• broadcast traffic• not very efficient

L2 Hardware – Network Switch

• Network Switches –Network Switches

• Starts like a hubG d ll di t• Gradually directs traffic to specific ports instead of broadcast

• How do they do that?• How do they do that?

Detour - L2 MAC Addresses

• Like a VIN Number on a car• Unique to each and every network device

00-07-E9-55-64-4D

• MAC addresses are used to identify the sender and recipient of an ethernet packet

Network Switch

• Stores MAC addresses and associated portassociated port numbers in a table

• Makes network more efficient!

Evolution - Managed Switches

Have a user console that can show -• If a port is connected or not• Port speed (10MB, 100MB, 1000MB)

MAC dd t bl• MAC address table• Calls out with alarms

• Best solution for Administrators• Cost more $$$$$!

Segregation – Good for Networks!

• Sometimes we need to have departments separated –• HR, confidentiality• Marketing, high bandwidth usage

O ti• Operations

• Each department needs its own LANEach department needs its own LAN

Segregation – The Old Way

• Multiple Managed Network Switches

• Costly • ComplexComplex

Segregation – The New Idea

• Multiple MAC Address Tables

• One switch• One switch, divided into 'Virtual LANs‘

• Great idea, how would it work?

Detour - RFCs (secret recipes)

• Request for Comments

• Internet Engineering Task Force (IETF)Force (IETF)

• Institute of Electrical and Electronics Engineers (IEEE)

Some Common RFCs

802 1a b g etc Wireless Ethernet (WiFi)802.1a,b,g,etc Wireless Ethernet (WiFi)

854 Telnet

802 1x Network Access Control802.1x Network Access Control

1719 Private Class IP numbers

821 SMTP (Simple Mail Transport Protocol)821 SMTP (Simple Mail Transport Protocol)

1939 POP3 (Post Office Protocol 3)

802.3AF Power Over Ethernet

2131 DHCP (Dynamic Host Configuration)

RFC 802.1q - VLANs

• Defines how to segregate a single L2 network g g gswitch into multiple “virtual' LANs or networks with multiple MAC tables

• One managed network $witch can now serve multiple departments without losing securitymultiple departments without losing security or performance

Layer 2 Switch with VLANs

• Logical evolution from switching table

• Port based VLAN• Port based VLAN identification – every port belongs to a VLANVLAN

• Separate broadcast

VLAN 1 – OperationsVLAN 2 – Human ResourcesVLAN 3 – Marketing

pdomains

VLANs Across Switches

VLAN Tags – Don't Lose my Bag

• DEN• CHICHI• NYC• ELMELM• SAT

VLAN Tags – Ethernet Packets

• Ethernet packet fields• Header• Payload• Payload • End

• VLAN tagging information is added to the header, making it slightly longerit slightly longer

VLAN Trunking Across Switches

The ports which join the switches are defined as belonging to native VLAN and a secondary VLAN. The secondary

VLAN sends ‘tagged’ packets so they can be segregated

Read you loud and clear…

• VLAN compliant devices can accept tagged or gguntagged packets

P k t ith t t t i th ti VLAN• Packets without tags stay in the native VLAN (port based VLAN)

• Packets with tags go into the VLAN defined by the tag (if that VLAN is allowed on that port)

Eh? What was that?

• Non VLAN compliantNon VLAN compliant devices discard tagged packets –

they have an invalid header length!g

What Devices Read Tags?

• VLAN compliant switches

• VLAN compliant IP phones

• Microsoft Windows ? XX

Review - Who Sends Tags?

Devices are all in Port Based VLANs – no tagsTrunk between switches must send and receive tagsg g

802.1q VLAN Port Parameters

• Native VLAN (port based VLAN)

• Secondary VLANs

T i• Tagging

IP Phone Deployment

• Avaya suggests that phones should always be in• Avaya suggests that phones should always be in their own VLAN

• Increases security • Cuts down on broadcast traffic• Increases voice quality• Increases voice quality• Makes troubleshooting easier

VLAN Deployment Options

2 VLANs, 2 Ports

2 VLANs, 1 Port!

IP Phones have a Network Switch!

2 VLANs, 1 Port!

The phone contains aVLAN compliantVLAN compliant

3 port network switch!!

Detour – Phones & DHCP & VLANs

DHCP i h b d d b• DHCP is an ethernet broadcast request used by devices to get an IP number

• Broadcast packets do not cross VLANs

• Each VLAN needs its own DHCP Server

Detour – Phones & DHCP & VLANs #1

O b h h d DHCP i h• On bootup, the phone sends a DHCP request in the native VLAN (port VLAN)

The phone is notified if there is a specific voice VLAN• The phone is notified if there is a specific voice VLAN

• The phone sends a new DHCP request with the correct VLAN tagcorrect VLAN tag

Detour – Phones & DHCP & VLANs #2

O b h h d k i h h• On bootup, the phone and network switch exchange information via LLDP (Link Layer Discovery Protocol)

The phone is notified if there is a specific voice VLAN• The phone is notified if there is a specific voice VLAN

• The phone sends a new DHCP request with the correct VLAN tagcorrect VLAN tag

Review – Who Sends Tags?

The green VLAN is the native VLAN for both network switch ports

The blue VLAN is a secondary VLAN for both network switch ports network switch portsnetwork switch ports

Do You Understand VLANs?

You don't really• You don't really understand something unlesssomething unless you can explain it to your grandmother...

Albert Einstein

82

See you next year i L V M 22 26 fin Las Vegas May 22-26 for

the 2011 International Conference

0123456789

101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899

100101102103104105106107108109110111112113114115116117118119120121122123124125126127

128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255

Netmask .252Network x.x.x.0/30Broadcst. x.x.x.3






























































































































Subnetting Table 1.2 The most recent version can be fetched from:http://www.entropy.ch/software/

If you use this table please send me some emailtelling me where you are and how you found it©1996-2006 Marc Liyanage

11000011 100000000100000001110000

1100001111000011110000111100001111000011110000111100001111000011

1000000010000001100000101000001110000100100001011000011010000111

0100000001000000010000000100000001000000010000000100000001000000

0111000001110000011100000111000001110000011100000111000001110000

19532 bits in an IPv4 addressNetwork Address

Network Range / Block

Subnet Mask

112 64 128

11111111 111110001111111111111111255 255 255 248

128129130131132133134135



Netmask .248Network x.x.x.128 / 29Broadcst. x.x.x.135

29 1 bits in subnet mask = prefix length

3 host address bits = 8 addresses:all zeros = network address 195.112.64.128195.112.64.129 (router address)195.112.64.130195.112.64.131195.112.64.132195.112.64.133195.112.64.134all ones = broadcast address 195.112.64.135

11111111 111110001111111111111111

195 112 64 128 - 135

3 bits left for host address

Simple Tricks To Acethe Subnetting Portion

of Any CertificationExam

1-800-COURSES www.globalknowledge.com

Expert Reference Series of White Papers

IntroductionSubnetting seems to be a battle of fighting bits, decimal numbers, and countless methods and processes toconvert from one to the other. While the methods may be confusing, the mathematics behind them is the samefor all. In this paper, you will learn some of the simpler ways to figure out many of the subnetting questionsthat you will find on the industry certification tests.

Unlike some of the more complex methods, these methods use subtraction, addition, multiplication, and divi-sion—no converting from binary or decimal. As a matter of fact, if you can do the four basic math functions,you can learn these failure-free methods quickly and easily.

Warning: The basic assumption is that you are already familiar with subnetting and have actually learnedsubnetting concepts elsewhere. This white paper does not teach subnetting, it teaches useful methods forpassing certification test questions.

Overview of SubnettingThe reason we subnet is to break larger IP networks into smaller ones. Often we have networks that are thesame size. These use a fixed length subnet mask for all networks. Other network designs employ different sub-net masks, depending on the number of addresses required for each subnet. This is called variable length sub-net masking or VLSM.

As I learned subnetting, I began to realize that subnetting is much like my grandmothers kitchen. When mygrandmother made pies, she cut the pies in various configurations depending on the needs of the pie eaters.Often, the pie was cut with all pieces the same size. Other times she cut the slices in various sizes, dependingon who was eating. My grandfather always got the biggest piece . . . go figure.

In the end analysis, subnetting is taking a pie, your assigned address space, and cutting the address space intovariously sized pieces depending on need. My grandmother cut her pies with a knife. We cut our address spaceby using subnet masks. By visually inspecting the pie my grandmother cut, you could determine how big eachpiece was. By looking at the address and subnet mask, you can see how many addresses are found in eachsubnet and what those addresses are.

Let’s review some of the more important concepts related to subnetting.

Ted Rohling, Global Knowledge Instructor, CISSP

Simple Tricks To Ace the SubnettingPortion of Any Certification Exam

Copyright ©2006 Global Knowledge Training LLC. All rights reserved. Page 2

Address Class IdentificationYou will often need to identify the class of an IP address in order to complete test questions successfully.Below is an address class table to assist you.

Address Class Table

The Octet and the Binary ProgressionAn octet is an eight bit data element. When IP was being developed, the term byte had two possible mean-ings, a seven bit byte or an eight bit byte. The IP developers started using the term “octet” to reflect the eightbit byte format. An eight bit data element has the ability to store the binary equivalent of decimal numbersfrom 0 to 255.

Binary Table

The subnet mask and IP addressing revolve around the table shown above. This is the binary to decimal equiv-alent table. One of the first things you might consider doing in a certification test environment is to copy thistable from memory on to your scratch paper or erasable worksheet provided at the testing center.

Another table to record is below:

Mask Table


Address Class First Octet Value Range First Octet Binary Value

A 0-127 0nnnnnnnB 128-191 10nnnnnn

C 192-223 110nnnnnn

D 224-239 1111nnnn

27 26 25 24 23 22 21 20

128 64 32 16 8 4 2 1

Binary Mask Addresses00000000 0 25610000000 128 12811000000 192 6411100000 224 3211110000 240 1611111000 248 811111100 252 411111110 254 211111111 255 1

This table contains the eight possible octet values for any mask along with the decimal equivalent. It will beused to determine the mask when the number of subnets required is given.

Mask-to-Prefix or Prefix-to-Mask Conversion255.255.255.0 is equivalent to a prefix of /24.

If you see masks or prefixes on your exam, don’t panic. The prefix is simply another way to state the mask. Theprefix contains a count of the total number of 1 bits in the subnet mask. The conversion is quite simple. Youcan use the mask table above to help determine the number of bits in each octet of the mask.

To convert from mask to prefix: simply add together the number of bits found in the mask. For example,the mask 255.255.248.0 is equivalent to a /21 bit prefix. Here’s how the conversion is done.

255 = 8 bits255 = 8 bits248 = 5 bits

0 = 0 bits

The sum of 8 + 8 + 5 + 0 is 21.

Here’s another example:

What is the prefix when the mask is 255.255.255.192?

255 = 8 bits255 = 8 bits255 = 8 bits192 = 2 bits

The sum of 8 + 8 + 8 + 2 is 26. The correct answer would be /26.

To convert from prefix to mask: rather than add, you will subtract.

In this example, you are asked to convert the mask prefix /23 to a mask. Here’s how it is done.

Begin by subtracting 8 from the prefix number. 23 – 8 = 15 255.Then subtract another 8 from the remainder 15 – 8 = 7 255.255.Find the seven bit entry in the mask table and add it to the mask 255.255.254.Since there are no bits left, add 0 to the mask 255.255.254.0

The answer is 255.255.254.0

Another way to arrive at the same solution is to take the prefix and divide it by 8.

23 / 8 = 2 with a remainder of 7.


There are two 255s in the front of the mask with seven additional bits in the third octet and no bits in thefourth. 255.255.254.0

I prefer the remainder method. Here’s another example.

Convert /29 to a subnet mask.

29 / 8 = 3 with a remainder of 5

There are three 255s in the mask with a five bit fourth octet. 255.255.255.248

What Mask To Use, Part 1One of the problem classes used in certification tests is the “what mask” class. You are given a description ofa networking situation and are asked to select the correct mask to use in subnetting the network.

Here is a typical question:

XYZ Corporation is using the 192.168.100.0 private address to implement a workgroups in their network. Eachworkgroup will consist of 17 devices requiring IP addresses. One additional address is required for the routerinterface in each subnet. What subnet mask should XYZ use?

First, determine the number of addresses in each subnet; in this case, 18. Next, round up to the next power of2. The next larger power of 2 beyond 18 is 32. Subtract 32 from 256. The result is 224. This is the fourth octetof the mask to complete this subnetting problem: 255.255.255.224

This method works with Class C addresses where the number of required addresses is known. It can also beextended to any addressing situation where the number of addresses in each subnet is known.

Another example:

XYZ Corporation is using 172.16.0.0 for their networking needs. Each subnet requires 280 IP addresses includ-ing the router interface. What subnet mask should be used?

For IP addressing requirement where the number of addresses is greater than 256, divide the number ofaddresses by 256. 280 divided by 256 is 1 with a remainder of 26. If there is a remainder, add 1 to the quo-tient. Our operational number is now 2. As we did before, subtract 2 from 256. The result is 254 which is thethird octet of the subnet mask for this problem; 255.255.254.0.

What Mask To Use, Part 2In the two previous examples, we were given the number of addresses required in each subnet. What if thequestion provides the number of subnets required? Here’s a method to solve those problems.

XYZ Corporation is using the 192.168.100.0 private address to implement a workgroups in their network.There will be 5 subnets implemented. What subnet mask should XYZ use?


The 192.168.100.0 network is a Class C network. The default mask is 255.255.255.0. We will need to deter-mine the value of the mask in the fourth octet only.

The process in this example requires that we determine the number of bits in the mask required to hold thefive subnet numbers. Using the binary table above, find the next decimal number greater than five. The numberis 8. Now, look above the 8 to find the exponent of 2 that is equivalent to 8. That exponent is 3, 23 = 8. Locatethe mask in the Mask Table with three binary ones. You have found the last octet of the mask;255.255.255.224. This solution is fairly simple.

Here is an example for a Class A network with a large number of subnets.

XYZ Corporation will be subnetting the 10.0.0.0 network into 18,000 subnets. Each subnet will contain thesame number of addresses. What subnet mask should they use?

We know that with a Class A address, our default mask will be 255.0.0.0. Next we need to determine what theremainder of the mask will be.

The simple math example is to determine the number of bits required to hold the number 18,000. With a cal-culator, that would be simple. Without, we need to practice a bit of twos multiplication. Start with the number1, multiply by 2 and then continue as illustrated below:

1,2,4,8,16,32,64,128,256,512,1024,2048,4096,8192,16384 . . . stop right there.

What we have done is prepare a simple, power of two table by multiplying our preceding values by two eachtime. Now, count the number of numbers you have recorded. There are 15 numbers in the list indicating that15 bits are required to hold the number 18,000. Why did we stop at 16348 and not continue? If we add all ofthe numbers together, we would have 32,767. This is greater than the 18,000 we needed. That would haveallocated too many bits.

Now, what is the mask? We need 15 subnetting bits plus the 8 bits for the Class A mask. That’s a prefix of 23bits; or a /23. Converting /23 to a mask results in 255.255.254.0.

The Subnet Range of Addresses ProblemOne of the more popular questions found on certification tests is the “range of addresses” problem. In thistype of problem you are given an IP address and a subnet mask and are asked to identify addresses that are inthe same subnet as the given address. For example:

You are trying to determine why a user cannot connect to a server from their workstation. The workstation IPaddress and subnet mask are given below.

IP address = 193.168.22.104Subnet Mask = 255.255.255.224

Select the addresses that are in the same subnet as the IP address given.

a. 193.168.22.114 c. 193.168.22.127b. 193.168.22.69 d. 193.168.22.85


Depending on how you learned subnetting, you might try to approach this using a technique using binarynumbers. There is a much easier way.

For a situation such as this, a class C address, the first step is to subtract the last octet of the subnet maskfrom 256. That will give you the number of addresses in each subnet.

256 – 224 = 32

Now, divide the last octet of the address by 32, the number of addresses in each subnet.

104 / 32 = 3 (Forget about the fraction or remainder part - you don’t need it.)

Next, multiply the number of addresses in each subnet by the result of division above.

32 * 3 = 96

The beginning address of the subnet is 193.168.22.96! Since there are 32 addresses in the subnet, the endingaddress is 193.168.22.127. 193.168.22.96 through 193.168.22.127 there are 32 addresses when countinginclusively.

The correct answer to the question above is a and c.

This method does not require any sophisticated mathematics, just simple subtraction, division and multiplica-tion.

Here’s another problem.

Class B – Same Thing, Only DifferentThis time a class B address is used.

172.90.12.22255.255.248.0

Now we have a slightly different issue, but you arrive at the solution the very same way. This time we couldnot care less about the fourth octet of the address or mask. The fourth octet of the mask is all zeros and doesnot indicate any subnetting structure. The fourth octet is part of the host field of the address. The subnettingstructure is found in the third octet of the mask, the 248. Let’s see how this works out.

As we did before, subtract the third octet of the subnet mask from 256.

256 – 248 = 8

In this case, the number 8 tells us how many groups of 256 addresses will be in each subnet. Now, divide thethird octet of the address by 8, the number of groups in each subnet.

12 / 8 = 1 (Forget about the fraction or remainder part . . . you don’t need it.)


Multiply the number of groups by the result of division above.

1 * 8 = 8

The beginning address of the subnet is 172.90.8.0! Since there are 8 groups of 256 addresses in the subnet,the ending address is 172.90.15.255. 172.90.8.0 through 172.90.15.255 are 8 groups of 256 addresses whencounting inclusively.

Other Problem TypesMost problems you will find on the certification exams can be solved using the procedures above. Some of thequestions will ask about the network address, first usable address, last usable address or the broadcastaddress for a network or subnet.

Remember, in this paper we are steering clear of binary so I won’t go into that part of the discussion.

A couple of gentle reminders. Network addresses are always even and broadcast addresses are always odd.First usable addresses are always odd, last usable addresses are always even. This should help in some of theprocess of elimination steps you might use in test-taking.

Finding the network address is simple, finding the others is just as easy.

The IP address of a device is 201.234.1.99 and the subnet mask is 255.255.255.224. What is the last usableaddress in this subnet?

Remember how we figured out the subnet address? Subtract 224 from 256 to determine the number ofaddresses in the subnet. That result is 32 addresses in each subnet. Now divide 99 by 32 and forget theremainder.

99 / 32 = 2 (subnets before this one)

Multiply 2 times 32 to get the subnet address.

Here’s a class B example:

The IP address is 165.33.9.211, and the subnet mask is 255.255.254.0

No subnet bits are found in the fourth octet so let’s move to the third octet.


Subnet Address First UsableAddress

Last UsableAddress

Broadcast Address

201.234.1.64 201.234.1.65 2001.234.1.126 201.234.1.127

One more than subnet address

One less than broadcast

(Subnet address) +(Addresses in subnet) - 1Add .255 in fourth octet

Subtract 254 from 256. There are two groups of 256 addresses in each subnet.

Divide 9 by 2 and discard the remainder.

9 / 2 = 4

Multiply 4 times 2 to determine subnet address. Place the calculated subnet address in the third octet of theaddress and zero in the fourth octet. The subnet address is 165.33.8.0. If we were to examine that address inbinary, we would note that the host address is all zeros, the identifier set aside for network and subnetaddresses.

Here’s a class A example:

The IP address is 10.55.229.44, and the subnet mask is 255.255.192.0

No subnet bits are found in the fourth octet so let’s move to the third octet.

Subtract 192 from 256. There are 64 groups of 256 addresses in each subnet.

Divide 229 by 64 and discard the remainder.

229 / 64 = 3

Multiply 64 times 3 to determine subnet address. Place the calculated subnet address in the third octet of theaddress and zero in the fourth octet. The subnet address is 10.55.192.0. If we were to examine that address inbinary, we would note that the host address is all zeros, the identifier set aside for network and subnet addresses.

SummarySubnetting continues to be key element in many certification examinations. Learning how to quickly and cor-rectly solve the subnetting questions will give you more time to spend on the other questions in your exam.The extra time can be the difference between failing and passing the test.

Learn MoreLearn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge.Check out the following Global Knowledge courses:Understanding Networking FundamentalsTCP/IP Networking


Subnet Address First Usable Address Last Usable Address Broadcast Address

10.55.192.0 10.55.192.1 10.55.255.254 10.55.255.255

One more than subnetaddress

One less than broadcast Subnet address + number ofgroups minus 1

Add .255 in fourth octet

For more information or to register, visit www.globalknowledge.com or call 1-800-COURSES to speak with asales representative.

Our courses and enhanced, hands-on labs offer practical skills and tips that you can immediately put to use.Our expert instructors draw upon their experiences to help you understand key concepts and how to applythem to your specific work situation. Choose from our more than 700 courses, delivered through Classrooms,e-Learning, and On-site sessions, to meet your IT and management training needs.

About the AuthorTed Rohling has been a contract instructor with Global Knowledge since 1995. With over 40 years of experi-ence in information technology, telecommunications and security, Ted teaches in the Networking and Securityproduct lines and focuses on TCP/IP, Networking Fundamentals, Network Management, Storage Networking,and CISSP Preparation. He currently holds the CISSP certification and has previously held various certificationsfrom Nortel, Cisco and Microsoft. His educational background includes a BBA in Management Science, and MAin Information and Computer Management, and an MS in Educational Human Resource Development.


dwight reifsnyder - rmaug• ip configuration includes theip configuration includes the 192 168 1 1...

Documents