Subnetting Scenarios Demystified: Real-World IP Addressing for CompTIA Network+ (N10-008)

Welcome, network pros and aspiring subnetting champions! So whether you’re cramming for the CompTIA Network+ (N10-008) or just itching to finally make sense of IP addressing out in the wild, I promise—you’ve landed in the perfect spot. After nearly two decades wrangling networks—building, fixing, and keeping them humming—I can tell you firsthand: subnetting isn’t some box to tick for a certification. Nope, it’s the bedrock of tidy networks, real security, and troubleshooting that doesn’t make you want to pull your hair out. Ever found yourself squinting at a subnetting chart, feeling your brain go fuzzy from all those numbers and weird terminology? Oh, believe me, I’ve absolutely been there myself. This guide is my way of helping you bust out of that subnetting hamster wheel, once and for all. I’m going to walk you through real-life examples, my favorite shortcuts, true stories from the trenches, and the practical know-how that’ll set you up for both the Network+ and whatever the real world lobs your way. Seriously—grab yourself a coffee, tea, or whatever keeps you sharp, because we’re about to flip subnetting from that thing you dread into the ace up your sleeve.

IP Addressing Fundamentals: The Essentials Every Network Pro Must Know

Let’s start with the foundation: understanding IP addressing, both IPv4 and IPv6, before we even think about carving up networks.

IPv4 Structure: The 32-bit Classic

IPv4 addresses are 32 bits, divided into four octets, and written in dotted decimal: 192.168.10.25. Each of those octets? Every one of those numbers—those octets—is basically its own little container, and you can toss any value in there from 0 all the way to 255. Now, if you’re up for a little extra-geeky fun (and I absolutely encourage it!), we can break that same address down to its raw zeros and ones — it’s really 11000000.10101000.00001010.00011001 in binary. You’ve got to be able to flip between decimal and binary without breaking a sweat. I promise, it’s not just an exam thing—this skill seriously pays off anytime you’re troubleshooting.

  • Decimal: 192.168.10.25
  • Binary: 11000000.10101000.00001010.00011001

Pop quiz—what’s 192 look like in binary? (Answer: 11000000)

IPv6 Structure: 128 Bits for the Modern Era

IPv6 uses 128 bits, written as eight groups of four hexadecimal digits: 2001:0db8:85a3:0000:0000:8a2e:0370:7334. Leading zeros are optional and consecutive zeros can be compressed to ::.

  • Full: 2001:0db8:0000:0042:0000:8a2e:0370:7334
  • Compressed: 2001:db8:0:42::8a2e:370:7334

Just a heads up—whether you’re facing down that Network+ or chatting with another IT pro, you’ll really want to get comfortable flipping between the expanded and compressed forms of IPv6 addresses. Trust me, it’s one of those skills that comes up all the time! It’s the kind of party trick that actually wows the right crowd and will save you time on tests and in real configs. Example: 2001:db8::1 expands to 2001:0db8:0000:0000:0000:0000:0000:0001.

The whole ‘classful versus classless’ addressing thing—let’s talk about where networks started versus where they are now.

Back when networking was just getting started, addresses were jammed into these super-strict categories called classes—Class A, B, and C. Honestly? It was clunky, way too rigid, and made things harder than they needed to be. Not exactly the 'good old days,' if you ask me. Now, we use CIDR (Classless Inter-Domain Routing) for flexibility and efficiency.

  • Class A: 1.0.0.0/8 – 126.0.0.0/8
  • Class B: 128.0.0.0/16 – 191.255.0.0/16
  • Class C: 192.0.0.0/24 – 223.255.255.0/24
  • CIDR Notation: Slash indicates prefix length (e.g., 10.1.2.0/23)

Honestly, you’ll be bouncing between writing out the old 255.255.255.0 style and just slapping a /24 at the end—sometimes you’ll even do both in the same five-minute chat with another tech. That’s just par for the course in networking! So don’t let it mess with your head—just roll with both and get comfortable! You really need to be fluent in both ways of thinking. Seriously, practice this stuff until it’s second nature—you’ll thank yourself later. Know both cold!

Public, Private, and Special-Use IP Addresses

Remember, not every IP out there is meant to be seen by the whole world. Some are just for your own backyard—your internal network. Internal networks use reserved private address ranges per RFC1918 for IPv4 and RFC4193 for IPv6:

  • IPv4 Private:
  • 10.0.0.0 So that whole 10.0.0.0 to 10.255.255.255 range? That’s our big, friendly 10-dot private playground.
  • 172.16.0.0 And don’t overlook this: anything from 172.16.0.0 all the way up to 172.31.255.255 is also set aside for private networks. Super useful when you need a chunk that’s bigger than your typical home range. Just make sure you stay within those lines when you’re picking addresses for your network, because stepping outside that range can land you in a world of network headaches!
  • 192.168.0.0 And honestly, who doesn’t know the 192.168.0.0 to 192.168.255.255 range? It’s the gold standard for home and small business networks. If you’ve ever poked around your Wi-Fi router settings at home, I bet you’ve spotted those numbers—they’re basically everywhere. An absolute staple! If you’ve ever set up your own Wi-Fi, I guarantee you’ve seen those numbers pop up.
  • IPv6 Unique Local (ULA): fc00::/7 is reserved, but only fd00::/8 is defined and used for locally-assigned unique local addresses (per RFC4193). fc00::/8 is reserved for future use.
  • IPv6 Link-local: fe80::/10 is used for local-link communication and neighbor discovery—required for all IPv6 nodes.

Let me tell you, putting public IPs on your internal network? That’s a recipe for disaster—suddenly you’re chasing ghost IP conflicts, puzzling over broken connections, and opening the door to all kinds of security weirdness. Take it from me—always eyeball your planned address ranges multiple times before you actually put anything in production. It’s worth those extra few minutes, believe me.

Progress Check

Let me throw a quick question your way: 172.31.22.5—is that public, or is it supposed to stay private? If you said ‘private,’ give yourself a gold star—it sits comfortably inside that special 172.16.0.0 to 172.31.255.255 private range. Make it a game—see how fast you can spot which addresses are private without having to look them up.

Let’s chat about something called Subnet Zero and the All-Ones Subnet for a sec.

Back in the early days, folks used to avoid using subnet zero (where all the subnet bits are 0) and the all-ones subnet (where all those bits flip to 1), but honestly, nobody really cares anymore—modern gear handles them just fine. Modern routers (per RFC 1878) permit their use—so all subnets are now available. Some legacy devices may still warn, but this is rarely an issue today.

So, let’s dig into why we even bother subnetting, and how this whole thing actually works.

Imagine for a second if every device in your company was dumped onto one giant flat network—talk about a recipe for disaster. You’d have broadcast storms, sluggish performance, and security holes big enough to drive a truck through. The magic of subnetting is that it chops up your big network into smaller, safer, more manageable little pieces—everyone’s happier, and honestly, your whole network just feels faster and more sane.

So what’s the real deal with subnetting, and why should you even care?

  1. Reduces broadcast traffic—limits broadcasts to smaller groups.
  2. Improves security and isolation—departments or roles can be segmented.
  3. Efficient address usage—prevents waste, fits your topology.

But whoa, before we go any further, let’s make sure you’re rock solid on the basics—things like what a subnet mask actually does, how CIDR prefixes work, and all that foundational stuff you’ll keep bumping into day after day.

  • Subnet Mask: Defines the network/host boundary (e.g., 255.255.255.0 or /24).
  • Network Address: First address in a subnet—identifies the network itself.
  • Broadcast Address: Last address—used for broadcast traffic.
  • Host Addresses: Assignable addresses between network and broadcast.

Analogy: Subnetting is like dividing a building into secure office suites—the mask is the floorplan boundary.

VLSM vs. FLSM

  • FLSM (Fixed Length Subnet Mask): All subnets are the same size—simple, but wasteful.
  • VLSM (Variable Length Subnet Mask): Subnets tailored to actual needs—a must for efficient design.

Subnetting Formulas

  • Number of Subnets: 2n (where n = subnet bits borrowed)
  • Number of Hosts per Subnet: 2h - 2 (where h = host bits)
  • Block Size: 256 - subnet mask value in the octet you’re subnetting

Let’s roll up our sleeves and walk through subnetting hands-on—both with IPv4 and IPv6.

Binary Subnetting: The “AND” Method

  1. Convert IP and mask to binary.
  2. Perform logical AND to find the network address.
  3. Here’s a little trick for you: if you want to figure out broadcast or wildcard bits, just flip every 1 to a 0 and each 0 to a 1 from your subnet mask. Just flip all the zeros to ones and ones to zeros—trust me, this little move makes a world of difference when you’re working things out. Personally, I imagine each bit as a tiny light switch—you’re just flipping them back and forth, zeros become ones, ones become zeros. It actually gives subnetting a little bit of a puzzle vibe, I think. When you finally get the hang of it, subnetting is pretty darn satisfying—almost makes you feel like a codebreaker!

Example: IP: 192.168.1.130, Mask: 255.255.255.192 (/26)

  • Start by translating that mask into binary. If you write out that mask in binary, you’ll notice the first three parts (octets) are all 1’s—like 11111111.11111111.11111111—and the last chunk, 11000000, gives us just two bits to play with for host addresses. And that’s exactly where your subnetting magic happens—you’ll use those host bits to carve up your device ranges.
  • AND operation: 192.168.1.130 & 255.255.255.192 = 192.168.1.128 (network address)
  • And if you flip those host bits all to 1’s, you’ll land on 192.168.1.191—that’s your broadcast address for this subnet.
  • That leaves you a neat little block of addresses from 192.168.1.129 to 192.168.1.190 to actually hand out—plenty for a good-sized department or a printer farm.

Okay, sleeves up! I want to walk you through an honest-to-goodness subnetting example, step by step. Watching it play out really helps everything click.

Scenario: You have 192.168.1.0/24, need 4 subnets.

  1. 4 subnets = 2 bits borrowed (22=4)
  2. After that, you’re looking at a /26 subnet mask—or 255.255.255.192, if old-school notation is your thing.
  3. Each one of those subnets gives you a tidy block of 64 addresses. Quick trick—just take 256 minus 192 from the mask’s last octet, and you’ve got your block size.
  4. Subnets:
  • 192.168.1.0The first subnet? That one hands out usable IPs from 192.168.1.1 all the way up to .62, with .63 set aside as the broadcast address—super handy when you’re assigning out to users or endpoints.
  • 192.168.1.64Move to the next subnet, and now your usable range is 192.168.1.65 through .126—.127 is your broadcast for that chunk.
  • 192.168.1.128After that, you’ve got .129 up to .190, and .191 is your broadcast.
  • 192.168.1.192And finally, you get everything from .193 to .254, finishing up with .255 as your broadcast address.

VLSM Example

Given: 192.168.10.0/24, subnets for 100, 50, and two 25-host groups.

  1. Here’s how I like to handle this—start by making room for the largest group. Personally, I’d start by setting aside a big chunk—a /25, which gives you enough for the 100-user group (since that’s 128 addresses). Next, take a /26 (has 64 slots) for the folks who need 50, and then make two /27 subnets, which each cover 32 addresses—perfect for those smaller teams. Nice and snug. Easy!
  2. Assign:
  • 192.168.10.0In that first /25 block, you get all the addresses from 192.168.10.1 up to .126 for your devices. You’ll hold .127 as your broadcast—easy to remember, and super practical.
  • 192.168.10.128Your /26 stretches from .129 to .190, leaving .191 as your broadcast address.
  • 192.168.10.192For the first /27, that’s .193 up to .222, .223 as broadcast.
  • 192.168.10.224And the second /27? .225 through .254, and .255 brings up the broadcast slot.

Let’s talk about a few quick hacks and tricks to make subnetting less painful.

  • Block size = 256 – mask value
  • Usable hosts = block size – 2
  • A few fast ones to memorize: /30 gives you 4 IPs and 2 usable hosts, /29 gets you 8 IPs (6 hosts), /28 is 16 IPs (14 hosts). Super handy when you’re pressed for time.

Now switching gears to IPv6—this is where things get way more scalable (and honestly, easier to plan once you get the hang of it).

Most ISPs assign a /48 or /56. You’ll usually allocate /64 subnets for each LAN or VLAN—/64 is required for SLAAC and recommended for all end-user subnets.

  • Example: Company gets 2001:db8:abcd::/48
  • Usually you’ll kick things off by carving out the first subnet as 2001:db8:abcd:0000::/64. That’s your launchpad—all your future subnets start from there!
  • Ready for the next one? Just crank up that fourth block by one—suddenly you’ve got 2001:db8:abcd:0001::/64. Super straightforward! Seriously, it pays to keep your subnets tidy and in order. Just makes life smoother during troubleshooting and future expansion. Just increment that chunk.
  • 100Want to skip ahead and figure out what the hundredth /64 subnet looks like? In that case, you’d land on 2001:db8:abcd:0063::/64 for subnet number one hundred. Why 63? Oh, and quick nerd alert: if you’re counting to make, say, the 100th subnet, you’re actually looking for hexadecimal 0x63—which is 99 in decimal—because, y’know, we started counting from zero. Classic computer science quirk.

Let’s say your provider hands you a /56 chunk. If you want the next subnet, just bump up that fourth block by one—so you’ll get 2001:db8:abcd:1::/64, 2001:db8:abcd:2::/64, and rinse and repeat. Couldn’t be simpler! Really, once you see it, it’s a breeze! Just keep marching up as you carve out each subnet.

Note: For small businesses, ISPs may assign a /56 or /60. Always check your allocation before planning.

IPv6 address assignment: Devices can auto-configure via SLAAC (Stateless Address Autoconfiguration), get addresses from DHCPv6, or use manual static assignment.

And hey, IPv6 isn’t just about your standard, one-per-device unicast address. There’s actually a whole cast of address types in the IPv6 world you’ll want to recognize.

  • Global Unicast: Routable public addresses (e.g., 2000::/3)
  • Unique Local (ULA): fd00::/8—private, non-routable
  • Link-Local: fe80::/10—required on every interface for local communication
  • Multicast: ff00::/8—group communication
  • Anycast: Assigned to multiple interfaces, routed to nearest

Practice Problem: Binary Drill

Let’s say you find yourself looking at the IP 10.10.5.129, and you’re told the mask is 255.255.255.128—if you’re into CIDR, that’s a /25. Let’s piece it all together: what’s the network address, what’s your broadcast, and which IPs can you actually hand out to your devices in this subnet?

  • When you use a /25, it basically chops your bigger network right in half. You’ll see that this divides your network into two equal-sized chunks of 128 addresses each.
  • So, one chunk goes from 10.10.5.0 to 10.10.5.127, and the next picks up at 10.10.5.128 and carries through to 10.10.5.255. That neat division really helps keep things organized.
  • 10.10.5.129 Wherever your device’s IP falls, just look up which block it belongs to and you’ll instantly know which subnet you’re dealing with. For instance, if you see an address like 10.10.5.129, you know immediately it sits in the second subnet—the 10.10.5.128/25 range.128/25 subnet.
  • So, if your device is on 10.10.5.129, you’re clearly hanging out in the 10.10.5.128 subnet, and your broadcast address for that chunk will be 10.10.5.255.10.5.255.
  • And the IPs you’ll actually assign to devices in that subnet will be 10.10.5.129 up to 10.10.5.254—those are your usable addresses.

Subnetting in Practice: Design, Security, and Performance

Planning IP Address Schemes

  • How many hosts per subnet? Allow for growth!
  • Device types? Think about all your devices—desktops, printers, VoIP phones, Wi-Fi cameras, heck, even those fancy smart thermostats count.
  • Segmentation needs? (Departments, roles, compliance zones)
  • Special considerations? (Things like VoIP with QoS needs, guest Wi-Fi segments, server farms...)

Hierarchical addressing is best for large networks—e.g., first octet for site, second for building, third for VLAN, fourth for host.

Sample: 10.20.30.101 = Site 20, VLAN 30, host 101.

Let’s pause for a second—when should you actually go manual and set static IPs, and when is it smarter to let DHCP just handle things on its own?

  • Static (manual or reserved via DHCP): Servers, infrastructure, printers
  • Dynamic (DHCP): Workstations, guests, IoT

Document reservations—never assume a “spare” IP is truly spare!

Some ‘must-dos’ for staying secure and meeting compliance:

  • No question about it—you’ve got to carve up your network using subnets or VLANs. It’s especially crucial if you have visitors connecting, need to tick those PCI compliance boxes, or you’ve got any sensitive info that has no business mingling with everyday office traffic.
  • Enforce isolation with ACLs or firewall rules between VLANs/subnets
  • Avoid flat networks; segmentation limits lateral movement and “blast radius”
  • If you’re in a regulated industry, keep rock-solid documentation on your addressing and how things are segmented—auditors love that stuff.

access-list 100 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 // Block VLAN 20 from talking to VLAN 10 access-list 100 permit ip any any // Let everything else through interface vlan 20 ip access-group 100 in

And what about performance? Let’s optimize that, too:

  • When you make your subnets big, you’re basically letting in a flood of broadcast traffic and losing some isolation.
  • On the flip side, if you go for smaller subnets, you’ll get great broadcast containment but now your routing setup gets a little more complicated.
  • There’s a sweet spot—big enough that you’re not wasting addresses, but not so big that your PCs get bogged down by broadcasts.
  • Collapse those routing entries where you can—supernetting helps keep your routing tables lean and mean.

Supernetting, or route aggregation with CIDR, is a handy trick that every big network eventually needs.

The idea is to scoop up a bunch of neighboring subnets and call them one big 'supernet.' Like instead of advertising 10.1.0.0/24 and 10.1.1.0/24, you just use 10.1.0.0/23 and get both with one line. You’ll see this everywhere in big league routing—OSPF, BGP, anywhere you want to keep your network scalable.

Watch out for these vendor curveballs—they’ll sneak up on you if you’re not careful:

  • Cisco: Secondary addresses; “ip subnet-zero” enables full subnet use
  • Windows: APIPA (Automatic Private IP Addressing) uses 169.254.0.0/16 if DHCP fails—watch for this in troubleshooting
  • Linux: ifconfig is deprecated; use ip addr

Alright, time to roll up our sleeves and actually see how these settings look in real-life configs.

Here’s a quick example of what an everyday IPv4 DHCP setup looks like:

Network: 192.168.10.0 / Mask: 255.255.255.0 DHCP starts giving out addresses at: 192.168.10.10 The last IP it’ll hand out is 192.168.10.200 Say you’re reserving 192.168.10.2 for your router, then .3 and .4 for your printers—so they always get the same address. Make sure you exclude 192.168.10.1 to .9 and anything after 200 up to .254—that way DHCP doesn’t accidentally hand those out.

Sample DHCPv6 Configuration

subnet6 2001:db8:100:10::/64 { rFor IPv6 DHCP, you might have a pool that hands out 2001:db8:100:10::100 through 2001:db8:100:10::1ff. And you can set your IPv6 DNS server with option dhcp6.name-servers 2001:db8:100:10::1; }

Devices can also use SLAAC—no DHCP server required, but less control.

Let’s talk VLANs and how you actually connect them together (Inter-VLAN Routing):

For example, if you want to set up a subinterface for VLAN 10: interface GigabitEthernet0/1.10 encapsulation dot1Q 10 Then assign its IP like this: ip address 10.1.0.1 255.255.254.0 ! Do the same for VLAN 20: interface GigabitEthernet0/1.20 encapsulation dot1Q 20 Set its address as: ip address 10.1.2.1 255.255.254.0

Firewall/ACL for Isolation

If you want to block 192.168.20.0/24 from reaching another subnet, you’d use something like: iptables -A FORWARD -s 192.168.20.0/24 -d ... 192.168.10.0/24 -j DROP

Address Plan Documentation Example

VLAN/SubnetPurposeRangeDefault Gateway
10Corporate LAN192.168.10.0/24192.168.10.1
20Guest Wi-Fi192.168.20.0/24192.168.20.1
30VoIP Phones192.168.30.0/25192.168.30.1

Tip: Use spreadsheets or IPAM tools for larger deployments. These tools offer features such as automated IP tracking, subnet visualization, and conflict detection.

Cloud and Hybrid Integration

Connecting on-prem networks to cloud (AWS/Azure) requires careful address planning:

  • Avoid overlapping private ranges between sites and VPCs
  • Map internal subnets to cloud subnets (e.g., 10.0.0.0/16 on-prem, 10.10.0.0/16 in AWS)
  • Use route tables and VPNs to connect, applying NAT as needed for overlapping spaces

Before mergers or cloud migrations, audit all address plans for overlaps!

Real-World Scenarios and Troubleshooting

Case Study: Overlapping Subnets

Symptoms: Users can’t reach remote resources after a VPN is established. Investigation reveals both sites use 192.168.1.0/24. ARP tables show duplicate MACs, and routing is inconsistent.

  1. Check routing tables on both ends—do both point to 192.168.1.0/24?
  2. Use arp -a or show arp to see conflicting entries.
  3. Resolve: Re-IP one site, update routes, and verify with ping and traceroute.
  4. Document changes and audit the plan.

Troubleshooting Workflow

  1. Verify physical connectivity (link lights, show interfaces)
  2. Check IP config (ipconfig /all, ip addr)
  3. Ensure mask and gateway match design
  4. Look for duplicate IPs (ARP conflicts, error logs)
  5. Test routing to adjacent subnets
  6. Check for misconfigured DHCP scopes or static assignments
  7. Review recent changes and documentation

Sample Troubleshooting Outputs

C:\> ipconfig IPv4 Address. . . . . . . . . . . : 192.168.10.54 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 $ ip addr 2: eth0:  mtu 1500 inet 192.168.10.54/24 brd 192.168.10.255 scope global eth0

If IP, mask, or gateway is wrong, correct it and retest connectivity.

Common Subnetting Errors and Pitfalls

  • Not subtracting 2 for network/broadcast in host calculations
  • Overlapping subnets (especially after mergers)
  • Wrong mask on devices causing routing failures
  • Allowing unfiltered traffic between sensitive subnets
  • Using too-small subnets (run out of addresses quickly)
  • Incorrect static/DHCP assignment overlap

Address Translation: NAT, PAT, and Their Security Role

Most networks use Network Address Translation (NAT) to conserve public IPs and hide internal structure:

  • Static NAT (one-to-one): Maps one internal to one external IP (rare except for servers)
  • Dynamic NAT: Maps internal addresses to a pool of public IPs
  • PAT (Port Address Translation): Many-to-one; multiple internal IPs share a single public IP, differentiated by port

Subnetting supports NAT by providing clear boundaries for translation. Security note: Subnetting alone doesn’t enforce isolation—use firewalls and ACLs for real security!

Subnetting for Performance and Compliance

Performance Principles

  • Bigger subnets = larger broadcast domains = more “noise” per device
  • Smaller subnets = more routing, but better isolation and manageability
  • Balance is key—plan for network growth and minimize broadcast storms

Compliance Considerations

  • PCI DSS: Cardholder data must be isolated from guests and general LANs
  • HIPAA: Protected Health Information (PHI) should traverse isolated subnets with logging and monitoring
  • Document all address assignments and changes for audit

Hands-On Lab: Designing and Implementing Subnets

Lab Setup

  • Use Packet Tracer, GNS3, or a cloud lab platform
  • Design: 3 VLANs (Corp, VoIP, Guest), each with its own subnet
  • Configure DHCP for each VLAN, static IP on router interfaces, and NAT for Internet access
  • Apply ACLs to prevent guest-to-corporate access
  • Verify with ping, traceroute, and show ip route

Sample Configuration Steps

interface vlan 10 ip address 192.168.10.1 255.255.255.0 no shutdown ! ip dhcp pool CORP network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 ! ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.10.0 0.0.0.255

Practice Problems and Solutions

Problem 1: How many usable hosts in a /27?

/27 mask = 255.255.255.224 → 32 addresses, 30 usable (32-2)

Problem 2: What’s the network and broadcast address for 10.2.3.77/29?

  • Block size: 8
  • Subnets: ...72, 80, etc. 77 is in 10.2.3.72/29
  • Network: 10.2.3.72, Broadcast: 10.2.3.79, Usable: 10.2.3.73–78

Problem 3: IPv6—What are the first three /64s in 2001:db8:abcd::/48?

  • 2001:db8:abcd:0::/64
  • 2001:db8:abcd:1::/64
  • 2001:db8:abcd:2::/64

Problem 4: You need at least 500 hosts per site. What’s the smallest mask you can use?

29 = 512 addresses, minus network/broadcast = 510 usable. Mask: /23 (255.255.254.0)

Problem 5: Given an IPv6 address fe80::1, what type is it?

Link-local; used for local segment communication only.

Subnetting Quick Reference Table

PrefixMaskBlock SizeUsable Hosts
/30255.255.255.25242
/29255.255.255.24886
/28255.255.255.2401614
/27255.255.255.2243230
/26255.255.255.1926462
/25255.255.255.128128126
/24255.255.255.0256254
/23255.255.254.0512510
/22255.255.252.010241022

Usable hosts = block size – 2 (network and broadcast reserved)

Subnetting Cheat Sheet and Memory Tricks

  • Block size = 256 – mask value (in octet of interest)
  • /30 = 4 IPs, /29 = 8, /28 = 16, /27 = 32, /26 = 64, /25 = 128, /24 = 256
  • Usable = total – 2
  • Private IPv4: 10.0.0.0/8, 172.16–31.0.0/16, 192.168.0.0/16
  • IPv6 ULA: fd00::/8; Link-local: fe80::/10

Exam Preparation and Certification Guidance

Subnetting on the Network+

  • Convert between CIDR and dotted-decimal quickly
  • Calculate subnets, hosts, and ranges
  • Identify address types (public, private, APIPA, loopback, multicast)
  • Interpret and troubleshoot subnetting scenarios

Subnetting Speed Drills

  • Given /27, how many hosts? 30.
  • What’s the broadcast address of 172.16.3.64/28? 172.16.3.79.
  • What mask for 500 hosts? /23.
  • Which range is private: 172.32.0.0/16 or 172.31.0.0/16? 172.31.0.0/16

Memory Aids

  • “256 minus mask = block size”
  • “All subnet bits 0” is subnet zero—now usable
  • “All subnet bits 1” is the last subnet—all-ones—also usable

Practice and Study Plan

  • Build a subnetting chart by hand
  • Do at least 20 practice problems (both binary and decimal)
  • Set up lab subnets and verify with ping and traceroute
  • Teach subnetting to a peer—it cements your understanding
  • Work through timed subnetting quizzes for speed

Sample Exam Questions

  1. Given 192.168.20.0/27, what is the broadcast address? (Answer: 192.168.20.31)
  2. How many /28 subnets fit into a /24? (Answer: 16)
  3. Which of the following is a valid IPv6 unique local address? (a) fc00::1 (b) fd12:3456:789a::1 (c) fe80::1 (Answer: b)
  4. What is the network address of 10.0.8.137/21? (Answer: 10.0.8.0)
  5. What type of address is 169.254.1.10? (Answer: APIPA/Link-local IPv4)

Glossary

  • Subnet: Logical division of a network
  • CIDR: Classless Inter-Domain Routing—flexible prefix lengths
  • VLSM: Variable Length Subnet Masking—custom subnet sizes
  • NAT: Network Address Translation—maps private to public IPs
  • PAT: Port Address Translation—many-to-one NAT using ports
  • Broadcast Domain: Area where broadcasts are received by all devices
  • SLAAC: Stateless Address Autoconfiguration—IPv6 auto-addressing
  • DHCPv6: Dynamic Host Configuration Protocol for IPv6
  • APIPA: Automatic Private IP Addressing (169.254.0.0/16)

Command Summary

  • Windows: ipconfig /all, arp -a, ping, tracert, netsh
  • Linux: ip addr, ip route, arp, ping, traceroute
  • Cisco IOS: show ip interface brief, show running-config, show arp, ping

Conclusion: Your Roadmap to Subnetting Mastery

Subnetting isn’t just an exam checkbox—it’s a powerful tool to design, secure, and troubleshoot modern networks. Practice building and verifying subnets, document your address plans, and enforce segmentation with proper security controls. Each challenge you solve—whether it’s a test question or a production fire—will deepen your expertise. For Network+, focus on CIDR conversions, address types, subnet calculations, and troubleshooting common issues. Carry these skills into CCNA, security, and cloud roles, and you’ll be ahead of the game.

Keep practicing, keep experimenting, and don’t hesitate to break things in the lab—that’s the fastest way to true understanding. Happy subnetting, and see you at the top!