Subnetting and VLSM
Subnetting is the single most important skill for passing the CCNA 200-301 exam and for real-world network engineering. Exam objective 1.6 requires you to calculate and apply subnet masks, determine network addresses, broadcast addresses, and valid host ranges, and design efficient IP addressing schemes using Variable-Length Subnet Masking (VLSM). Without subnetting, you cannot route, segment broadcast domains, or conserve IPv4 address space. Master this topic, and you unlock the rest of networking.
Jump to a section
Apartment Building Mailbox System
Think of a large apartment building with 256 mail slots in the lobby. The building manager (the network engineer) decides how to assign slots to each floor. Initially, the building has one huge floor (a Class C network /24) with 256 slots, but only 254 are usable (slot 0 is the building address, slot 255 is the broadcast slot). The manager notices that the first floor only has 10 apartments, the second floor has 50, and the third floor has 100. If each floor gets its own bank of slots, the manager must split the 256-slot bank into smaller banks. She decides to divide the slots into four equal groups of 64 slots each (a /26 subnet). The first group (slots 0-63) goes to the first floor — but the first floor only needs 10, so 54 slots are wasted. The second group (64-127) goes to the second floor — 14 wasted. The third group (128-191) goes to the third floor — 36 wasted. The fourth group (192-255) is unused. This is fixed-length subnetting: all subnets are the same size. VLSM is the clever manager who says: "Why waste slots? Let me give the first floor a bank of 16 slots (a /28), the second floor a bank of 64 slots (a /26), and the third floor a bank of 128 slots (a /25)." Now the first floor uses 10 of 16, wasting only 6; the second uses 50 of 64, wasting 14; the third uses 100 of 128, wasting 28. Total waste: 48 slots instead of 104. The manager also leaves the remaining 48 slots for future expansion. This is exactly how VLSM works: you subnet a network into subnets of varying sizes to match host requirements, maximizing address utilization.
How It Actually Works
What is Subnetting and Why Does It Exist?
Subnetting is the process of dividing a single IP network into smaller, logical subnetworks (subnets). The primary reasons for subnetting are: - Efficient IP address utilization: Without subnetting, a Class C network (256 addresses) would be assigned to a point-to-point link that only needs 2 addresses, wasting 254. - Broadcast domain segmentation: Each subnet is its own broadcast domain. Smaller subnets reduce broadcast traffic and improve network performance. - Security and management: Subnets can be isolated with access control lists (ACLs) and routing policies. - Route summarization: Contiguous subnets can be summarized into a single route, reducing routing table size.
How Subnetting Works: The Binary View
An IPv4 address is 32 bits. The subnet mask defines which bits represent the network portion and which represent the host portion. In binary, a subnet mask is a contiguous string of 1s followed by 0s. For example, 255.255.255.0 in binary is 11111111.11111111.11111111.00000000 — the first 24 bits are network, the last 8 are host.
When you subnet, you borrow bits from the host portion to create additional network bits. Each borrowed bit doubles the number of subnets but halves the number of hosts per subnet. For example, borrowing 2 bits from a /24 network gives 4 subnets (2^2) with 64 addresses each (2^6 = 64, but 62 usable because network and broadcast addresses are reserved).
Subnetting Steps (Class C Example)
Given: 192.168.1.0/24, need 4 subnets. 1. Determine number of bits to borrow: 2^2 = 4 subnets, so borrow 2 bits. 2. New subnet mask: /26 or 255.255.255.192. 3. Subnet increment: 256 - 192 = 64 (or 2^(8-6) = 64). 4. Subnet IDs: 0, 64, 128, 192. 5. Broadcast addresses: 63, 127, 191, 255. 6. Usable host ranges: 1-62, 65-126, 129-190, 193-254.
Variable-Length Subnet Masking (VLSM)
VLSM allows you to use different subnet masks for different subnets within the same major network. This is essential for efficient address allocation. For example, a /30 subnet (255.255.255.252) provides 2 usable addresses — perfect for point-to-point links. A /27 (255.255.255.224) provides 30 usable addresses for a small department. VLSM is supported by routing protocols like OSPF and EIGRP (classless routing), but not by RIPv1 (classful).
Key Formulas and Calculations
Number of subnets = 2^(borrowed bits)
Number of hosts per subnet = 2^(remaining host bits) - 2
Subnet increment (block size) = 256 - subnet mask octet (for the last non-255 octet) or 2^(8 - number of host bits in that octet)
Network address: any address ANDed with the subnet mask (binary)
Broadcast address: network address + (increment - 1)
IOS CLI Verification Commands
To verify subnetting on a Cisco router, use:
R1# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.1.1 YES manual up up
GigabitEthernet0/1 192.168.1.65 YES manual up upR1# show running-config | include ip address
ip address 192.168.1.1 255.255.255.192
ip address 192.168.1.65 255.255.255.192R1# show ip route
Codes: L - local, C - connected, S - static, ...
192.168.1.0/26 is subnetted, 2 subnets
C 192.168.1.0/26 is directly connected, GigabitEthernet0/0
C 192.168.1.64/26 is directly connected, GigabitEthernet0/1Interaction with Routing
Subnets must be reachable via routing. For a router to forward packets to a subnet, it must have a route in its routing table. Connected subnets are automatically added. Static routes or dynamic routing protocols propagate subnet information. VLSM requires classless routing; otherwise, subnets may be summarized incorrectly.
Common Mistakes on the Exam
Forgetting to subtract 2 for network and broadcast addresses.
Using the wrong subnet mask (e.g., using /24 when /26 is needed).
Misidentifying the subnet increment.
Assuming all subnets must be the same size (fixed-length subnetting).
Confusing network address with broadcast address.
Summary of Steps for Any Subnetting Question
Identify the classful network (if applicable) and the given subnet mask.
Determine the number of subnet bits and host bits.
Calculate the number of subnets and hosts per subnet.
Find the subnet increment.
List all subnet IDs, broadcast addresses, and valid host ranges.
Answer the question (which subnet does this IP belong to? How many hosts? etc.).
Walk-Through
Determine Subnetting Requirements
Before you start subnetting, you must know the number of subnets needed and the maximum number of hosts per subnet. For example, a company with 4 departments (Sales, Marketing, Engineering, HR) needs at least 4 subnets. Sales needs 50 hosts, Marketing 30, Engineering 10, HR 5. Also consider future growth. This step ensures you choose the correct subnet mask(s). For CCNA, you'll often be given these numbers directly.
Choose a Base Network
Select a private IP network to work with, such as 192.168.1.0/24 or 10.0.0.0/8. The base network must be large enough to accommodate all subnets. For VLSM, start with the largest subnet requirement. In our example, the largest need is 50 hosts. A /26 subnet (64 addresses, 62 usable) fits. So we'll use 192.168.1.0/24 as the base.
Calculate Subnet Masks for Each Requirement
For each subnet, calculate the smallest subnet mask that provides enough usable addresses. Use the formula: 2^(host bits) - 2 >= required hosts. For 50 hosts, host bits = 6 (2^6 = 64, 64-2=62 >=50), so mask = /26 (32-6=26). For 30 hosts, host bits = 5 (2^5=32, 32-2=30), mask = /27. For 10 hosts, host bits = 4 (2^4=16, 16-2=14), mask = /28. For 5 hosts, host bits = 3 (2^3=8, 8-2=6), mask = /29.
Assign Subnets from Largest to Smallest (VLSM)
Start with the largest subnet mask (smallest subnet) to avoid overlapping. For 50 hosts (/26), the first subnet is 192.168.1.0/26 (range 0-63). Next, for 30 hosts (/27), the next available block is 192.168.1.64/27 (range 64-95). For 10 hosts (/28), next block is 192.168.1.96/28 (range 96-111). For 5 hosts (/29), next block is 192.168.1.112/29 (range 112-119). Record each subnet's network address, broadcast address, and usable host range.
Verify Subnet Assignments for Overlaps
Ensure no subnet ranges overlap. In our example: /26: 0-63, /27: 64-95, /28: 96-111, /29: 112-119. They are contiguous and non-overlapping. Also check that future growth can be accommodated. For instance, we have remaining space from 120 to 255. This step is critical in exams where they give you a list of subnets and ask which are valid.
Configure and Verify on Cisco Devices
On Cisco routers, assign IP addresses to interfaces using the correct subnet mask. For example: interface GigabitEthernet0/0, ip address 192.168.1.1 255.255.255.192 (for /26). Use 'show ip interface brief' and 'show ip route' to verify connectivity. Ensure routing is configured (static or dynamic) so all subnets are reachable.
What This Looks Like on the Job
In a real enterprise network, subnetting and VLSM are used daily. Consider a mid-size company with headquarters and three branch offices. The headquarters has a /22 network (1024 addresses) but needs to allocate addresses to different departments: IT (200 hosts), HR (50), Sales (100), and Engineering (150). Using VLSM, the network engineer assigns a /24 (256 addresses) to IT, a /26 (64) to HR, a /25 (128) to Sales, and a /25 (128) to Engineering. This uses 576 addresses out of 1024, leaving plenty for growth. Without VLSM, using fixed /24 subnets would waste 256 addresses per department (1024 total) or require multiple /24 networks.
Another scenario: point-to-point WAN links between routers. Each link only needs 2 usable IP addresses. Using a /30 subnet (255.255.255.252) provides exactly 2 usable addresses. If you used a /24, you'd waste 252 addresses per link. Over 50 links, that's 12,600 wasted addresses! VLSM allows you to use /30 for links and larger subnets for LANs.
A common real-world mistake: misconfiguring subnet masks causes hosts to be unreachable. For example, if a host has a /24 mask but the router expects /26, the host may not be able to communicate outside its subnet because it thinks the destination is local when it's not. This leads to 'destination unreachable' errors. Another issue: overlapping subnets. If two subnets overlap (e.g., 192.168.1.0/25 and 192.168.1.64/26), routing becomes unpredictable, and some hosts become unreachable. Network engineers use IP address management (IPAM) tools to track allocations.
Performance-wise, smaller subnets reduce broadcast traffic. A /24 subnet with 254 hosts can have significant broadcast overhead. Breaking it into /26 subnets reduces broadcast domain size to 62 hosts, improving performance. However, too many small subnets increase routing table size if not summarized. Good design balances subnet size and route aggregation.
How CCNA 200-301 Actually Tests This
The CCNA 200-301 exam (objective 1.6) tests your ability to:
Given an IP address and subnet mask, determine the network address, broadcast address, and valid host range.
Given a network and host requirements, choose the appropriate subnet mask (including VLSM).
Identify the number of subnets and hosts per subnet.
Troubleshoot subnetting issues.
Most common wrong answers and why: 1. Forgetting to subtract 2 for network and broadcast addresses. Candidates often think a /30 gives 4 hosts, but it gives 2 usable. Trap: they count 2^2=4, but forget the reserved addresses. 2. Using the wrong increment. For a /28 mask (255.255.255.240), increment is 16. Candidates sometimes use 32 or 8. They confuse the increment with the number of host bits. 3. Misidentifying the subnet ID. Given 192.168.1.130/26, some think the subnet is 192.168.1.128/26, but they incorrectly calculate the increment as 64 and then pick 128 instead of 128. Actually, 130 falls in the 128-191 range, so subnet ID is 192.168.1.128. The trap is forgetting that the subnet ID must be a multiple of the increment. 4. Confusing VLSM with FLSM. Questions that ask for the most efficient subnetting often expect VLSM. Candidates who use fixed-length masks lose points.
Specific values that appear on the exam: - /30 mask: 255.255.255.252, increment 4, 2 usable hosts. - /29 mask: 255.255.255.248, increment 8, 6 usable hosts. - /27 mask: 255.255.255.224, increment 32, 30 usable hosts. - /26 mask: 255.255.255.192, increment 64, 62 usable hosts.
Calculation traps: - When the mask is not in the last octet, e.g., 255.255.254.0 (/23). The increment is 2 in the third octet (256-254=2). So subnets are 10.0.0.0/23, 10.0.2.0/23, etc. Candidates often think the increment is in the last octet. - When the network is classful but the mask is different, e.g., 10.0.0.0/16. The subnet bits are 8 (since class A default is /8), so 256 subnets, each with 65534 hosts.
Decision rule for scenario questions: First, determine the required number of hosts per subnet. Use the formula: 2^h - 2 >= required hosts. Solve for h. Then, the subnet mask is 32 - h. For VLSM, always start with the largest requirement and assign subnets in order. If the question asks for the number of subnets, use 2^s where s = mask bits - default mask bits.
Key Takeaways
Subnetting divides a network into smaller broadcast domains and conserves IP addresses.
VLSM allows different subnet masks within the same major network for efficient address use.
Number of usable hosts per subnet = 2^(host bits) - 2.
Number of subnets = 2^(borrowed bits) (when using a fixed mask).
Subnet increment (block size) = 256 - subnet mask octet (for the last non-255 octet).
Common exam subnet masks: /30 (255.255.255.252), /29 (255.255.255.248), /27 (255.255.255.224), /26 (255.255.255.192).
For VLSM, always assign subnets from largest to smallest to avoid overlap.
Easy to Mix Up
These come up on the exam all the time. Here's how to tell them apart.
Fixed-Length Subnet Masking (FLSM)
All subnets use the same subnet mask.
Simpler to design and manage.
Wastes IP addresses if host requirements vary.
Used in older routing protocols like RIPv1.
Example: /24 split into 4 /26 subnets, each with 62 hosts.
Variable-Length Subnet Masking (VLSM)
Subnets can have different subnet masks.
More efficient address utilization.
Requires careful planning to avoid overlap.
Supported by classless routing protocols (OSPF, EIGRP, RIPv2).
Example: /24 split into /26 (62 hosts), /27 (30 hosts), /28 (14 hosts), /29 (6 hosts).
Watch Out for These
Mistake
A /30 subnet provides 4 usable host addresses.
Correct
A /30 subnet has 2^2 = 4 total addresses, but the first (network) and last (broadcast) are reserved, leaving 2 usable addresses.
Candidates forget to subtract 2 because they only count the total addresses.
Mistake
The subnet mask 255.255.255.0 is always used for Class C networks.
Correct
Class C networks have a default mask of /24, but you can use any mask (e.g., /26) to create subnets.
Confusion between classful and classless addressing.
Mistake
VLSM means all subnets must have different masks.
Correct
VLSM allows different masks, but subnets can have the same mask if needed. The key is that masks can vary, not that they must.
Misunderstanding of 'variable' — it means not fixed, not necessarily all different.
Mistake
The subnet ID 192.168.1.64/27 is valid because it is a multiple of 32.
Correct
192.168.1.64/27 is valid only if the increment is 32. 64 is a multiple of 32, so it is a valid subnet ID. The misconception is that the subnet ID must be a multiple of the increment in the octet where the mask ends, which is correct.
Candidates sometimes think the subnet ID must be a multiple of the number of subnets, not the increment.
Do You Actually Know This?
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Frequently Asked Questions
How do I quickly calculate the subnet increment?
The subnet increment (block size) is 256 minus the subnet mask's decimal value in the octet where the mask is not 255. For example, mask 255.255.255.240: the interesting octet is the fourth, 256-240=16. For mask 255.255.252.0: interesting octet is the third, 256-252=4. For mask 255.255.255.192: increment is 64. On the exam, you can memorize common increments: /30=4, /29=8, /28=16, /27=32, /26=64. Also, if the mask is /24 or less, the increment is in the third octet or beyond. Practice until you can do it in seconds.
What is the difference between a subnet ID and a network address?
They are the same thing. The subnet ID (or network address) is the first address in a subnet, used to identify the subnet. It cannot be assigned to a host. The broadcast address is the last address. Valid host addresses are all addresses between them. For example, in subnet 192.168.1.64/26, the subnet ID is 192.168.1.64, broadcast is 192.168.1.127, and hosts range from 192.168.1.65 to 192.168.1.126.
Can I use VLSM with any routing protocol?
No. Classful routing protocols (RIPv1, IGRP) do not support VLSM because they do not include subnet mask information in updates. Classless routing protocols (RIPv2, OSPF, EIGRP, BGP) support VLSM. On the CCNA exam, assume OSPF and EIGRP support VLSM unless stated otherwise.
How do I determine if two IP addresses are in the same subnet?
Perform a logical AND between each IP address and the subnet mask. If the results are equal, they are in the same subnet. For example, IP1=192.168.1.10, IP2=192.168.1.70, mask=255.255.255.192. AND results: 192.168.1.0 vs 192.168.1.64. They differ, so they are in different subnets. This is a common exam question.
What is the maximum number of subnets I can get from a /24 network using a /30 mask?
A /30 mask uses 6 subnet bits (since /24 to /30 borrows 6 bits). 2^6 = 64 subnets. Each subnet has 2 usable hosts. So you can have 64 point-to-point subnets from a single /24. This is a typical design for WAN links.
Why do we subtract 2 from the total number of addresses?
The first address (all host bits 0) is reserved as the network address (subnet ID). The last address (all host bits 1) is reserved as the broadcast address. These cannot be assigned to hosts. So usable hosts = total addresses - 2. For a /30, total addresses = 4, usable = 2. This is a fundamental rule of IPv4.
How do I handle subnetting when the network is not a full octet (e.g., /23)?
When the mask is not an even octet boundary, the increment is in the octet where the mask ends. For /23 (255.255.254.0), the interesting octet is the third (254). Increment = 256 - 254 = 2. So subnets are 10.0.0.0/23, 10.0.2.0/23, 10.0.4.0/23, etc. The host portion spans the third and fourth octets. This is trickier, so practice with such masks.
Terms Worth Knowing
Ready to put this to the test?
You've just covered Subnetting and VLSM — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?