Subnet Help

I had a colleague recently come to me to ask if he could shadow me at work, as he is studying a Masters in Cyber Security and needed to get his network skills up.

At first, I was kind of nervous. Then I was kind of honoured that someone saw me as a possible expert to assist. I have always wanted to be a teacher in the later stages of my career so this was good practice for me.

I stewed on it for a bit, as he told me that he was having trouble with subnetting.

Subnetting, is not my strongest subject. I have never been fast with numbers in my head. I am more or a visual/creative type person, so doing mathematics in my head has never been easy. I usually use a subnet calculator, and very much so with IPv6.

When I enter a Cisco Exam I always write the following on the paper they give me before I start –

128 64 32 16 8 4 2 1      (For Binary to Decimal Conversion)

/30 –

/29 –

/28 –

/27 –

/26 –

/25 –

I use the above for Wildcard Mask checks, so a /28 is 256 – 240 (last octet) = 16 then -1 = 15, so wild card is

A = 10 B = 11 C = 12 D = 13 E = 14 F = 15 ( For Hex to Decimal Conversion)

He explained to me that he is aware of the IP Classes, Class A, B etc and also the basics on binary when it comes to an IP address and 32 bit dotted decimal numbers.

I gave him the following small one on one introduction and I am hoping this might help someone else.

I first started to make it relevant for him and asked for his machines IP address – 

IP –

Mask –

GW –

I then converted to binary – 

IP       – 00001010.10101000.10001010.01000000

Mask – 11111111.11111111.11111100.00000000

GW    – 00001010.10101000.10001000.00000000

I then showed him each bit in the octet, represents a decimal number  – 

128       64       32        16        8        4        2       1

0            0          0           0        1        0        1       0    = Add the 1’s = 8 + 2 = 10

1             0         1           0        1        0        0       0   = Add the 1’s = 128 + 32 + 8 = 168

1             0         0           0        1        0        1       0   = Add the 1’s = 128 + 8 + 2 = 138

0             1         0           0        0        0        0       0   = Add the 1’s = 64

Hence, his IP is

I then showed him how the subnet mask is used – 

By checking the 1’s in the subnet mask, it will reveal the network portion of the subnet

Bold is Network Portion, which = 10.168.136.

Italic is Host Portion = 138.64

IP       – 00001010.10101000.10001010.01000000

Mask – 11111111.11111111.11111100.00000000

Adding it all together, his host IP is with mask

Remember that the network portion will not change, so there is two bits remaining in the third octet here –


As you may have guessed, if they both ones then it would be 3 in decimal. If you add 136 + 3 you get 139 and no more in that octet.

So, the only possibilities are* =

00001010.10101000.10001000.00000000 =


00001010.10101000.10001011.11111111 =

* You can’t use the first and last address, so it’s – – to 

Add that all up and you have 1024 hosts, minus two non-useable and you get 1022.

I also calculated the bit mask – 

Add up how many 1’s in the mask when in binary

11111111.11111111.11111100.00000000 = 22 1’s

So, that becomes your /22

I did this, to show him how a network device works out what the host section of the IP is and the network section. The network section doesn’t change, it is usually assigned to a VLAN or a Layer 3 interface. The VLAN is a Virtual LAN, which contains a subnet. Inside this subnet is hosts. Hosts can be machines, cameras or phones. Anything that wants to talk on the network.

I also explained, that the network is a private class A address. It is designed to be used inside a network and it cannot be routed on the public Internet. During the network design phase, the network engineers divided this network into multiple subnets to be deployed throughout the organization.

They possibly assigned a network, and then realised we need more hosts. The only way to get more hosts is to start taking bits from the network portion of the address.

The /24 mask is –


For a /22 we take two of the network bits, and make them hosts –


This is the essence of VLSM, Variable Length Subnet Masking. Taking what was once a Class A address – and dividing into a Class C Subnet – and then borrowing some bits (for keeps) to create

I have now asked him to go forth and read up on subnetting, using this as an introduction. I am sure he will have many questions, but this is the only way I thought of trying to explain it initially.

I finished the lesson, explaining that the host when searching for a destination will use its subnet mask to work out if the host is on the same network or not.

So his machine, wanted to talk to His machine will look at his subnet mask and the IP and through binary calculation will determine that it is indeed on his local network i.e i the same subnet.

His machine will send an ARP message to get the Physical Hardware address (MAC) of this host, and then it will encapsulate the IP packet into a frame, add the destination MAC address, convert it to bits and deposit it onto the wire.

What if he wants to go to He does the same thing, but this time he knows it is not on his subnet after calculating and will send it to his default gateway. The default gateway will then take care of sending this packet to its destination.

But that, is another blog…and so is IPv6 Subnetting.

IPv4 address – = 1022 hosts
IPv6 address – 2000:1234:5678:9ABC:1DF:5678:9ABC:1111/64 = 18446744073709551616 hosts










Published by


Cisco Certified Engineer, studied at the Cisco Network Academy in Box Hill, Australia and trying to find my place in the networking world. Come on a journey with me as I navigate the day to day and study to become a CCIE.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s