Imagine you're a network engineer and a user reports they can't reach the internet. You ping the default gateway and get no reply. You check the IP configuration and find the PC has a 192.168.1.100 address but the router's LAN interface is 10.0.0.1. That's a wrong IP address or subnet mismatch — one of the most common and easily overlooked issues on the CCNA 200-301 exam (Objective 1.6: Troubleshoot IP addressing). Mastering this topic saves you from chasing phantom problems and is essential for real-world network troubleshooting.
Jump to a section
Think of a network as an apartment building. Each apartment has a unique address: the building number (network portion of the IP) and the apartment number (host portion). The subnet mask is like a building directory that tells you which part of the address is the building and which is the specific apartment. Now, imagine you live in building 192.168.1 (network) in apartment 100 (host). Your friend in building 192.168.2 wants to send you a letter. He writes your full address: 192.168.1.100. The postal service (router) looks at the building number: 192.168.1. It knows that building 192.168.1 is on a different street (subnet) than building 192.168.2. So it forwards the letter to the correct building. But if your friend mistakenly thinks you live in building 192.168.0 (wrong network portion) because he misread the directory (wrong subnet mask), he might send the letter to the wrong building entirely. Similarly, if you move to a new building but keep your old apartment number (wrong IP on the same subnet), the postal service might try to deliver mail to your old building. In networking, if two devices have IP addresses from different subnets but are on the same physical LAN, they cannot communicate directly because they think each other is on a different network. The router is the only one that can forward between subnets, but if the IP or mask is wrong, the device won't even send traffic to the router. This analogy shows how a simple mismatch in the network portion or subnet mask breaks communication at the most fundamental level.
What is an IP Address / Subnet Mismatch?
An IP address is a 32-bit logical identifier assigned to a network interface. The subnet mask determines which part of the IP address identifies the network (network portion) and which part identifies the host (host portion). When two devices on the same physical LAN have IP addresses that belong to different subnets, they cannot communicate directly at Layer 3. They will try to send traffic to a router (default gateway) for delivery, but if the default gateway is misconfigured or unreachable, communication fails.
How It Works at the Packet Level
When a host wants to send an IP packet to another host, it performs a logical AND between its own IP address and subnet mask to determine its own network address. It then does the same with the destination IP address. If the two resulting network addresses match, the destination is considered to be on the same subnet, and the host sends an ARP request for the destination's MAC address. If they differ, the host sends the packet to its default gateway (router) for forwarding. - Example: Host A: IP 192.168.1.10/24 (mask 255.255.255.0), Host B: IP 192.168.2.20/24. Host A's network = 192.168.1.0, Host B's network = 192.168.2.0. Different subnets -> Host A sends to default gateway.
If the subnet mask is wrong, the network portion calculation changes. For instance, if Host A has IP 192.168.1.10/25 (mask 255.255.255.128), its network is 192.168.1.0. Host B has 192.168.1.130/25, its network is 192.168.1.128. Even though they share the same Class C network, they are on different subnets. They will not communicate directly.
Common Scenarios and Symptoms
Same subnet, wrong IP: Two devices with IPs in the same subnet but one has an IP that conflicts with another (duplicate IP) or is outside the subnet range due to misconfiguration. Symptoms: intermittent connectivity, address conflict messages.
Different subnet, same LAN: Devices on the same VLAN but with IPs from different subnets. They will try to reach the default gateway for all traffic, even to each other. If no router exists between them, they cannot communicate.
Wrong default gateway: The host's default gateway is not on the same subnet as the host's IP. The host will still send packets to the gateway, but the gateway may not be able to reply because it doesn't have a route back.
Incorrect subnet mask: The mask is too long or too short, causing the host to misinterpret which destinations are local. For example, a /24 mask on a /26 network: the host thinks all 256 addresses are local, so it sends ARP for addresses that are actually in a different subnet, causing timeouts.
IOS CLI Verification Commands
On Cisco routers/switches, use these commands to check IP configuration:
show ip interface brief
show ip interface [interface]
show running-config | section interfaceExample output:
Router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.1.1 YES NVRAM up up
GigabitEthernet0/1 10.0.0.1 YES NVRAM up upTo check the subnet mask configured on an interface:
Router# show running-config interface gigabitEthernet 0/0
Building configuration...
Current configuration : 103 bytes
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
endOn a Windows PC, use ipconfig; on Linux/Mac, ifconfig or ip addr.
Interaction with ARP and Routing
If a host believes the destination is on the same subnet, it sends an ARP request. If the destination does not exist (because the IP is in a different subnet), no ARP reply comes, and the ping fails with "Destination Host Unreachable." If the host sends to the default gateway but the gateway's IP is on a different subnet than the host's interface, the gateway may drop the packet or send an ICMP redirect.
Misconfigured IP/subnet can also cause routing loops if routers have overlapping subnets. But the most common exam scenario: a PC cannot ping another PC on the same VLAN because their IPs are in different subnets.
Troubleshooting Approach
Verify the IP address, subnet mask, and default gateway on the host.
Ping the default gateway to test Layer 3 connectivity to the router.
Ping another host on the same subnet to test local connectivity.
Use show ip interface on routers to confirm the subnet mask.
Check for duplicate IPs using show ip arp or arp -a.
Key Defaults and Values
Default subnet masks: Class A: 255.0.0.0, Class B: 255.255.0.0, Class C: 255.255.255.0.
CIDR notation: /24 = 255.255.255.0, /25 = 255.255.255.128, etc.
The network address is the first address in the subnet (all host bits 0).
The broadcast address is the last address (all host bits 1).
Hosts cannot use network or broadcast addresses as IPs.
Exam Trap: The "Same Subnet" Illusion
Cisco loves to give two IPs like 10.1.1.1/24 and 10.1.2.1/24 on the same switch. Candidates think they can ping because they are both in the 10.x.x.x range. But with /24, they are in different subnets: 10.1.1.0 and 10.1.2.0. They need a router. Another trap: using a /27 mask, two hosts with IPs 192.168.1.30 and 192.168.1.33 are on different subnets (0-31 vs 32-63). Always calculate the network address.
Summary
Wrong IP address or subnet mismatch is a Layer 3 addressing problem. It prevents direct communication between hosts on the same physical segment and can cause traffic to be sent to the default gateway unnecessarily. Always verify the full IP configuration, including mask and gateway, and calculate the network address to ensure devices are on the same subnet.
Check Host IP Configuration
On the affected host, run the command to display IP configuration. On Windows: `ipconfig /all`. On Linux/Mac: `ifconfig` or `ip addr show`. Look for the IPv4 address, subnet mask, and default gateway. Note the values. For example, if the host shows IP 192.168.1.100, mask 255.255.255.0, gateway 192.168.1.1, then the host believes it is on subnet 192.168.1.0/24. If the gateway's actual IP is 192.168.2.1, there is a mismatch. Write down the network address (IP AND mask) for the host and the gateway.
Verify the Default Gateway Router Interface
Access the router that should act as the default gateway. Use `show ip interface brief` to see all interfaces and their IPs. Use `show running-config interface [interface]` to see the configured subnet mask. For example, if the router's LAN interface is GigabitEthernet0/0 with IP 192.168.1.1 255.255.255.0, then the subnet is 192.168.1.0/24. Compare the host's network address (from step 1) with the router's network. If they differ, the host is on a different subnet than the gateway. Also check that the router's interface is up/up.
Ping the Default Gateway
From the host, ping the default gateway IP. For example: `ping 192.168.1.1`. If the ping fails, check if the host can reach its own IP (loopback ping `127.0.0.1`). If loopback works but gateway fails, the problem is likely the IP configuration. If the gateway IP is on a different subnet than the host, the host will send the ping to its default gateway (which is the same IP) but the router may receive it on a different interface or not at all. If the ping succeeds, the Layer 3 connectivity to the gateway is working, but there may still be a subnet mismatch between hosts.
Ping Another Host on the Same VLAN
If the host can ping the gateway, test communication with another host on the same VLAN. Ping the other host's IP. If the ping fails, suspect a subnet mismatch between the two hosts. Calculate the network address for both hosts. For example, Host A: 192.168.1.10/25 (network 192.168.1.0), Host B: 192.168.1.130/25 (network 192.168.1.128). They are on different subnets even though they are in the same /24 range. They will not communicate directly. The ping will go to the default gateway, which may or may not route between the subnets. If the gateway does not have inter-VLAN routing configured, the ping fails.
Check for Duplicate IP Addresses
Use the command `show ip arp` on the router or `arp -a` on the host to see IP-to-MAC mappings. If two devices have the same IP, there will be conflicting ARP entries. On Cisco switches, use `show mac address-table` to see which MAC is on which port. A duplicate IP can cause intermittent connectivity. Also check the host's event logs for IP address conflict messages. In Windows, you may see a popup. In Cisco, `show logging` may show %IP-4-DUPADDR warnings.
Verify VLAN Configuration on Switch
If the hosts are on different subnets but should be on the same VLAN, check the switch configuration. Use `show vlan brief` to see which ports are in which VLAN. Use `show interfaces status` to see the access VLAN. If two hosts are in different VLANs, they are on different broadcast domains and cannot communicate without a router. This is not a pure IP/subnet issue, but it often presents as one. Ensure that both hosts are in the same VLAN if they are supposed to be on the same subnet. If they are in different VLANs, the solution is to either change the VLAN assignment or configure inter-VLAN routing.
In a typical enterprise network, IP address and subnet misconfigurations are a daily occurrence, especially in environments with static IP assignments or poorly managed DHCP scopes. Consider a scenario where a company expands its office floor and adds new cubicles. The network team creates a new VLAN for the new area, say VLAN 20 with subnet 192.168.20.0/24. However, the DHCP server is configured to hand out addresses from the old subnet 192.168.10.0/24. New users get IPs in the 192.168.10.0 range, but their access ports are in VLAN 20. When they try to reach the default gateway (which is on VLAN 20 with IP 192.168.20.1), they cannot because their IP is in a different subnet. The host sends traffic to its configured default gateway (which might be 192.168.10.1, but that router interface is on a different VLAN). The result: no internet access. The fix is to either change the DHCP scope to 192.168.20.0/24 or reconfigure the VLAN assignment.
Another common scenario: during a network migration, an engineer renumbers a subnet from 10.1.1.0/24 to 10.1.2.0/24 but forgets to update the static IP on a critical server. The server still has 10.1.1.100/24. Devices on the new subnet (10.1.2.0/24) try to reach the server directly, but because the server's IP is in a different subnet, they send traffic to the default gateway. The gateway, however, may have a route to 10.1.1.0/24 pointing elsewhere (or no route), causing traffic to be dropped. The server itself can reach local devices but not the internet because its default gateway is still the old router interface. This can cause hours of troubleshooting if not caught early.
Scale considerations: In large networks with hundreds of VLANs, a single incorrect subnet mask on a router interface can break routing for an entire subnet. For example, if an interface is configured with /24 instead of /25, the router will think the subnet includes addresses that are actually in a different subnet. This can cause routing loops or black holes. Performance-wise, misconfigured subnets lead to unnecessary ARP traffic and router processing. Best practice is to use DHCP with proper scope configuration and to document all static IP assignments. When troubleshooting, always start with the IP configuration on the endpoints and work your way to the network devices.
The CCNA 200-301 exam tests your ability to troubleshoot IP addressing issues under Objective 1.6. You will see scenario-based questions where a user cannot ping a specific server or the internet. The key is to identify whether the problem is a subnet mismatch, wrong default gateway, or duplicate IP.
Common Wrong Answers: 1. "The host cannot reach the server because the server is on a different VLAN." While VLAN mismatch can cause similar symptoms, the exam often presents a scenario where both devices are on the same VLAN but have IPs from different subnets. Candidates incorrectly blame VLAN because they see different IP ranges. Always check the subnet mask first. 2. "The default gateway is unreachable because the router is down." The exam may give a scenario where the host can ping the gateway but not another host. The wrong answer says the gateway is down, but the correct issue is that the two hosts are on different subnets. 3. "The subnet mask is wrong on the router interface." This is sometimes correct, but the exam might show that the router interface mask is correct and the host mask is wrong. Candidates tend to blame the router first. 4. "The host has a duplicate IP address." Duplicate IPs cause intermittent issues or address conflict messages. If the scenario describes a consistent failure, duplicate IP is less likely.
Values and Commands:
- Know how to calculate network addresses: e.g., 192.168.1.10/25 = network 192.168.1.0, broadcast 192.168.1.127.
- Common masks: /24 (255.255.255.0), /25 (255.255.255.128), /26 (255.255.255.192), /27 (255.255.255.224).
- Commands: ipconfig, show ip interface brief, show running-config, ping, traceroute.
Calculation Traps: - Two IPs like 10.10.10.1/25 and 10.10.10.130/25: they are on different subnets (0-127 and 128-255). Candidates think they are on the same /24. - A host with IP 172.16.5.10/22 (mask 255.255.252.0) has network 172.16.4.0. Another host with 172.16.5.20/22 is on the same network, but if one has /23, they may differ.
Decision Rule: In a scenario question, first determine if the two devices are on the same subnet by calculating network addresses. If they are on different subnets, the problem is a subnet mismatch. If they are on the same subnet but cannot ping, check for duplicate IPs or ARP issues. If they can ping the gateway but not each other, and they are on the same subnet, suspect a firewall or switch issue.
An IP address and subnet mask define the network and host portions; the network address is calculated by ANDing the IP with the mask.
Two devices on the same physical LAN but with different network addresses cannot communicate directly; they require a router.
The default gateway must be on the same subnet as the host's IP; otherwise, the host cannot reach the gateway.
Common Cisco commands: show ip interface brief, show running-config interface, show ip arp.
A duplicate IP address causes intermittent connectivity and address conflict messages.
The network address (all host bits 0) and broadcast address (all host bits 1) cannot be assigned to hosts.
Always verify the subnet mask on both the host and the router interface to ensure consistency.
These come up on the exam all the time. Here's how to tell them apart.
Wrong IP Address
Host IP is outside the intended subnet range.
Often causes complete lack of connectivity to the default gateway.
Example: Host set to 192.168.2.100 but gateway is 192.168.1.1.
Can cause IP address conflict if duplicate.
Troubleshoot by checking IP against DHCP scope or documentation.
Wrong Subnet Mask
Host IP is within the intended subnet but mask is incorrect.
May still ping the gateway but fail to reach some hosts.
Example: Host IP 192.168.1.10 with mask 255.255.255.128 instead of 255.255.255.0.
Does not cause duplicate IP but causes wrong network calculation.
Troubleshoot by comparing mask to the router interface mask.
Mistake
Two devices with IPs in the same Class A, B, or C range are always on the same subnet.
Correct
With CIDR, the subnet mask determines the network. For example, 10.1.1.1/24 and 10.1.2.1/24 are on different subnets (10.1.1.0 and 10.1.2.0) even though both are Class A.
Candidates often default to classful thinking (Class A, B, C) and forget that subnet masks can vary.
Mistake
If a host can ping its default gateway, the IP configuration is correct.
Correct
Pinging the gateway only confirms Layer 3 connectivity to that specific IP. The host may still have a wrong subnet mask that causes it to treat some destinations as local when they are not, or vice versa.
A successful ping to the gateway gives a false sense of security; the mask issue may only affect traffic to other subnets.
Mistake
A wrong subnet mask on a host only affects communication with devices on different subnets.
Correct
A wrong mask can also affect local communication. For example, if the mask is too long, the host may think some local devices are on a different subnet and send traffic to the gateway unnecessarily.
Candidates think the mask only matters for remote destinations, but it also determines the local broadcast domain.
Mistake
If two hosts are on the same VLAN, they must be on the same subnet.
Correct
VLANs are Layer 2 broadcast domains; subnets are Layer 3. It is possible to have multiple subnets in the same VLAN (though not recommended), and hosts in the same VLAN can be on different subnets, preventing direct communication.
Candidates conflate VLANs and subnets; they assume VLAN equals subnet.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Perform a logical AND operation between the IP address and the subnet mask, both in binary. For example, IP 192.168.1.10 (11000000.10101000.00000001.00001010) with mask 255.255.255.0 (11111111.11111111.11111111.00000000) gives network 192.168.1.0 (11000000.10101000.00000001.00000000). In decimal, you can also do it octet by octet: for each octet, if the mask is 255, keep the IP octet; if 0, set to 0. For non-octet boundaries (e.g., /25), you need to convert to binary. Exam tip: know the magic number method: 256 - mask in interesting octet gives block size; the network address is the first multiple of that block size less than or equal to the IP octet.
A wrong IP address means the host's IP does not belong to the intended subnet (e.g., the subnet is 192.168.1.0/24 but the host has 192.168.2.10). This usually breaks connectivity to the default gateway because the gateway is on a different network. A wrong subnet mask means the IP is correct but the mask is wrong, causing the host to misinterpret which network it is on. For example, if the mask is /24 instead of /25, the host thinks it is on a larger subnet. This can cause the host to try to send ARP for addresses that are actually on a different subnet, leading to timeouts. Both are common exam topics.
Yes, they can communicate at Layer 2 (they can send frames to each other), but at Layer 3, they may not be able to communicate directly if their network addresses differ. For example, Host A: 192.168.1.10/24 (network 192.168.1.0), Host B: 192.168.1.10/25 (network 192.168.1.0) - same network, so they can communicate. But if Host B is 192.168.1.130/25 (network 192.168.1.128), then the network addresses differ, and Host A will try to send traffic to the default gateway. So it depends on the actual IPs and masks. In practice, it's best to use consistent masks within a VLAN.
This message usually means the host cannot find a route to the destination. Check if the destination IP is on the same subnet as the host. If yes, the host sends an ARP request; if no ARP reply, you get 'Destination Host Unreachable'. If the destination is on a different subnet, the host sends the packet to the default gateway; if the gateway is unreachable (no ARP reply for the gateway), you get the same message. Use `ipconfig` to verify the host's IP, mask, and gateway. Ping the gateway. If that fails, check the gateway's IP and mask. Also check if the gateway has a route to the destination.
The magic number is 256 minus the subnet mask in the interesting octet. For example, for mask 255.255.255.192, the interesting octet is the fourth (192), magic number = 256 - 192 = 64. This gives block sizes of 64. The network addresses are multiples of 64: 0, 64, 128, 192. Given an IP like 192.168.1.75, the network address is 64 (since 75 is between 64 and 127). The broadcast address is the next network minus 1: 127. This method is faster than binary for exam calculations.
If Host A has a /24 mask, it considers the entire 192.168.1.0/24 as its local subnet. Host B with IP 192.168.1.130/25 is actually on subnet 192.168.1.128/25. Host A, using its /24 mask, will compute the network address for Host B as 192.168.1.0 (since 192.168.1.130 AND 255.255.255.0 = 192.168.1.0). So Host A thinks Host B is local and sends an ARP request. But Host B, with its /25 mask, sees that Host A's IP (192.168.1.10) is on subnet 192.168.1.0/25, which is different from its own (192.168.1.128/25). Host B will not reply to the ARP because it thinks Host A is on a different subnet. Thus, the ARP fails, and Host A gets no reply. This is a classic exam scenario.
Use the command `show running-config interface [interface]` or `show ip interface [interface]`. For example, `show ip interface gigabitEthernet 0/0` will display the IP address and subnet mask. Alternatively, `show running-config | section interface GigabitEthernet0/0` shows the configuration line `ip address [IP] [mask]`. The mask is shown in dotted decimal format. You can also use `show interfaces [interface]` but it does not show the mask directly; it shows the IP and prefix length in some IOS versions.
You've just covered Troubleshoot: Wrong IP Address or Subnet — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?