This chapter covers subnetting, a core skill for the CompTIA Network+ N10-009 exam. Subnetting is the process of dividing a larger IP network into smaller, manageable subnetworks. It is tested heavily on the exam — approximately 10-15% of questions involve subnetting calculations, network design, or troubleshooting addressing issues. Mastering subnetting is essential not only for passing the exam but for real-world network configuration and troubleshooting.
Jump to a section
Think of the entire internet as the United States postal system. The network portion of an IP address is like the state, city, and ZIP Code prefix — it tells you the general delivery area. The host portion is like the street address within that ZIP Code. Subnetting is the process of dividing a ZIP Code into smaller delivery zones (like ZIP+4 codes). For example, a /24 network is like a 5-digit ZIP Code covering a whole town. By borrowing bits from the host portion, you create a subnet ID — analogous to adding the +4 extension, which narrows delivery to a specific block or building. The subnet mask is the map that tells the postal worker (router) exactly how many bits represent the delivery area versus the local street address. Just as mail is first sorted by state, then city, then ZIP, then +4, routers use the subnet mask to determine whether a destination is local (same subnet) or remote (different subnet). If you misconfigure the mask, mail (packets) gets delivered to the wrong neighborhood or returned as undeliverable. The key mechanistic point: the subnet mask doesn't change the IP address — it changes how the router interprets which part is the network and which part is the host, exactly as ZIP+4 doesn't change your base ZIP but refines the delivery route.
What is Subnetting and Why Does It Exist?
Subnetting is the practice of dividing a single IP network into multiple smaller networks called subnets. The primary reasons for subnetting are:
Efficient IP address utilization: Without subnetting, a Class A network (e.g., 10.0.0.0/8) would contain over 16 million host addresses — far more than any single organization needs. Subnetting allows you to allocate only the required number of addresses per segment.
Reduced broadcast traffic: Each broadcast domain is limited to a subnet. Smaller subnets mean fewer devices hearing broadcasts, reducing network congestion.
Improved security and management: Subnets can be isolated with firewalls and ACLs, and troubleshooting is easier when networks are logically segmented.
Route summarization: Contiguous subnets can be advertised as a single route, reducing routing table size.
How Subnetting Works Internally
An IPv4 address is 32 bits, divided into network and host portions. The subnet mask defines the boundary. In a non-subnetted network (classful), the boundary is fixed by the first octet:
Class A: first 8 bits network, remaining 24 bits host
Class B: first 16 bits network, remaining 16 bits host
Class C: first 24 bits network, remaining 8 bits host
Subnetting borrows bits from the host portion to create a subnet identifier. For example, a Class C network 192.168.1.0/24 has 8 host bits, allowing 256 addresses (254 usable). If we borrow 2 bits for subnetting, the prefix becomes /26 (24+2), leaving 6 host bits. This yields 2^2 = 4 subnets, each with 2^6 - 2 = 62 usable hosts.
Key formula:
Number of subnets = 2^(number of borrowed bits)
Number of usable hosts per subnet = 2^(remaining host bits) - 2
The -2 accounts for the network address (all host bits 0) and broadcast address (all host bits 1).
Subnet Mask Representation
Subnet masks can be written in dotted decimal (e.g., 255.255.255.0) or CIDR notation (e.g., /24). The mask is a 32-bit number where all network bits are 1 and all host bits are 0. For example:
/24: 11111111.11111111.11111111.00000000 = 255.255.255.0
/26: 11111111.11111111.11111111.11000000 = 255.255.255.192
/27: 11111111.11111111.11111111.11100000 = 255.255.255.224
/28: 11111111.11111111.11111111.11110000 = 255.255.255.240
/29: 11111111.11111111.11111111.11111000 = 255.255.255.248
/30: 11111111.11111111.11111111.11111100 = 255.255.255.252
Calculating Subnets: Step-by-Step
Given a network address and subnet mask, you can determine:
Network address (first address in subnet)
Broadcast address (last address in subnet)
Usable host range
Number of hosts
Example: Network 192.168.1.0/26
Determine the subnet mask: /26 = 255.255.255.192
Find the block size (increment): The last non-255 octet is 192. The block size = 256 - 192 = 64.
List subnets: 0, 64, 128, 192
For each subnet:
- Network address: e.g., 192.168.1.0 - First usable host: network + 1 = 192.168.1.1 - Last usable host: broadcast - 1 = 192.168.1.62 - Broadcast address: next subnet - 1 = 192.168.1.63
Verification commands (Cisco IOS):
show ip interface brief
show ip route
show running-config | include ip addressVariable Length Subnet Masking (VLSM)
VLSM allows the use of different subnet masks within the same major network. This is essential for efficient address allocation when subnets have different host requirements. For example, a point-to-point link needs only 2 usable addresses (a /30 subnet), while a LAN with 100 devices needs a /25 (126 usable addresses). VLSM enables you to assign /30s to serial links and /25s to LANs from the same 192.168.1.0/24 network, avoiding wasted addresses.
Design steps: 1. List all subnet requirements (location, number of hosts). 2. Sort by host count descending. 3. Assign the largest subnet first with the appropriate mask. 4. Continue with the next largest, ensuring no overlap.
Classless Inter-Domain Routing (CIDR)
CIDR replaced the classful addressing system. It allows any prefix length, not just /8, /16, /24. CIDR notation (e.g., 10.0.0.0/8) is now standard. The exam expects you to be fluent in CIDR notation and to calculate subnets using any prefix length.
Supernetting (Route Summarization)
Supernetting is the opposite of subnetting — combining multiple contiguous networks into a single larger network. This reduces routing table entries. For example, four /24 networks (192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24) can be summarized as 192.168.0.0/22. The mask /22 indicates the first 22 bits are common.
Calculation: 1. Write the network addresses in binary. 2. Find the leftmost common bits. 3. Count the common bits to get the prefix length.
Common Mistakes and Traps
Forgetting to subtract 2 for network and broadcast: The most common error. Always subtract 2 from the total host addresses.
Using the wrong block size: The block size is 256 - (last non-255 octet of mask). For /26 (mask 192), block size = 64.
Confusing subnet mask and wildcard mask: Wildcard mask (used in ACLs) is the inverse of subnet mask. For /24, wildcard = 0.0.0.255.
Assuming classful addressing: The exam is fully classless. Do not assume a /16 is always Class B; it could be a /16 subnet of a larger block.
Interaction with Related Technologies
VLANs and subnets: Each VLAN should map to a unique subnet. This is a best practice for Layer 3 routing between VLANs.
DHCP: DHCP servers assign IP addresses from a defined scope, which corresponds to a subnet. The default gateway address is typically the first usable host address in the subnet.
Routing protocols: OSPF and EIGRP advertise subnet information. Discontiguous subnets (non-contiguous subnets of the same major network) can cause routing issues unless classless routing is enabled.
IPv6: Subnetting in IPv6 is similar but uses a 128-bit address. The prefix length is typically /64 for LANs. The exam may ask about IPv6 subnetting but focuses on IPv4.
Exam-Relevant Defaults and Values
- Default subnet masks for classful networks: Class A: 255.0.0.0, Class B: 255.255.0.0, Class C: 255.255.255.0 - Private IP ranges (RFC 1918): - 10.0.0.0/8 (10.0.0.0 – 10.255.255.255) - 172.16.0.0/12 (172.16.0.0 – 172.31.255.255) - 192.168.0.0/16 (192.168.0.0 – 192.168.255.255) - Loopback address: 127.0.0.1/8 - Automatic Private IP Addressing (APIPA): 169.254.0.0/16
Binary Math Shortcuts
To quickly calculate subnets without binary conversion: - Magic Number Method: The block size (magic number) = 256 - (last non-255 octet of subnet mask). This gives the increment between subnet network addresses. - Power of 2: Number of subnets = 2^(bits borrowed); hosts per subnet = 2^(remaining bits) - 2.
Summary of Key Formulas
Subnet mask in binary: network bits = 1, host bits = 0
Number of subnets = 2^(bits borrowed)
Number of usable hosts = 2^(host bits) - 2
Block size = 256 - (subnet mask octet value in the interesting octet)
Network address = (floor(IP address / block size) * block size) for the interesting octet
Broadcast address = network address + block size - 1
Determine Subnet Mask and Prefix
Given a network address and subnet mask (e.g., 192.168.1.0/26), identify the prefix length (/26) and convert to dotted decimal if needed (/26 = 255.255.255.192). The interesting octet is the last octet where the mask is not 255 (here, the fourth octet with value 192). This octet determines the block size and subnet boundaries.
Calculate Block Size
Block size = 256 - subnet mask value in the interesting octet. For 255.255.255.192, block size = 256 - 192 = 64. This is the increment between subnet network addresses. Subnets will start at 0, 64, 128, 192 in the interesting octet. Verify: 0 + 64 = 64, 64 + 64 = 128, etc.
List Subnet Network Addresses
Starting from 0 (if the network is 192.168.1.0), add the block size to list all subnet network addresses. For /26: 192.168.1.0, 192.168.1.64, 192.168.1.128, 192.168.1.192. Each subnet's network address has all host bits set to 0. These are the first addresses of each subnet.
Determine Broadcast Addresses
The broadcast address of a subnet is the address just before the next subnet's network address. For subnet 192.168.1.0, the next subnet is 192.168.1.64, so broadcast = 192.168.1.63. For 192.168.1.64, broadcast = 192.168.1.127, etc. Broadcast addresses have all host bits set to 1.
Identify Usable Host Range
The usable host range is from network address + 1 to broadcast address - 1. For subnet 192.168.1.0/26: first usable = 192.168.1.1, last usable = 192.168.1.62. Total usable hosts = 2^(32-26) - 2 = 2^6 - 2 = 64 - 2 = 62. This matches the range length.
Enterprise Scenario 1: Office Network Segmentation
A company with 500 employees across three floors needs separate subnets for each floor to contain broadcast traffic and enforce access control policies. The IT department is allocated the 10.10.0.0/16 private network. Each floor has approximately 200 devices. The network engineer decides to use /24 subnets (254 usable hosts each) for each floor: 10.10.1.0/24 (Floor 1), 10.10.2.0/24 (Floor 2), 10.10.3.0/24 (Floor 3). Additional /24 subnets are assigned for servers (10.10.10.0/24), printers (10.10.20.0/24), and guest Wi-Fi (10.10.30.0/24). VLSM is not needed here because the host counts are similar. However, point-to-point links between switches use /30 subnets from a separate block (10.10.255.0/30, 10.10.255.4/30, etc.) to conserve addresses. The engineer configures VLANs matching each subnet and enables inter-VLAN routing on the core switch. A common misconfiguration is using overlapping subnets — e.g., assigning 10.10.1.0/24 to two VLANs, causing routing ambiguity. The fix is to ensure each subnet is unique and matches the VLAN interface IP.
Enterprise Scenario 2: Data Center with VLSM
A data center hosts multiple applications, each requiring a specific number of IP addresses. The network team uses VLSM to allocate from a single 172.16.0.0/20 block. The largest subnet is for web servers (500 hosts), which requires a /23 (510 usable). Next, database servers need 200 hosts, so a /24 (254 usable). Management network needs 50 hosts — /26 (62 usable). Point-to-point links between routers need only 2 hosts — /30 (2 usable). The engineer assigns: - 172.16.0.0/23 (web servers) - 172.16.2.0/24 (database) - 172.16.3.0/26 (management) - 172.16.3.64/30 (link1), 172.16.3.68/30 (link2), etc. This design uses 512 + 256 + 64 + 4*2 = 840 addresses from the 4096 available, leaving room for growth. A mistake is assigning a subnet that overlaps with an existing one — e.g., assigning 172.16.3.128/25 after already using 172.16.3.64/30. The engineer must carefully plan the order: largest subnets first, then smaller ones, ensuring no overlap.
Scenario 3: Route Summarization Failure
A company has contiguous /24 subnets 192.168.0.0/24 through 192.168.3.0/24. The network engineer configures a summary route 192.168.0.0/22 to advertise to the upstream ISP. However, if a new subnet 192.168.4.0/24 is added later, it falls outside the /22 summary (which covers 0-3 only). The engineer must either update the summary to /21 (covers 192.168.0.0/21) or create a separate route. Failure to update causes traffic to 192.168.4.0/24 to be blackholed if the summary is too specific. The exam tests this: you must calculate the correct summary mask by aligning the common bits.
Exactly What N10-009 Tests
The CompTIA Network+ N10-009 exam objective 1.4 states: "Given a scenario, configure a subnet and use appropriate IP addressing schemes." This includes:
Calculating subnet addresses, broadcast addresses, and usable host ranges
Determining the appropriate subnet mask given a number of hosts or subnets
Identifying the network address from an IP and mask
Understanding VLSM and CIDR
Troubleshooting addressing issues (e.g., duplicate IPs, wrong mask)
Common Wrong Answers and Why Candidates Choose Them
Using 2^host bits without subtracting 2: Candidates often forget the network and broadcast addresses. For a /27 (5 host bits), they say 32 hosts instead of 30. The exam will have both 32 and 30 as options; 30 is correct.
Mistaking the subnet mask for the wildcard mask: When asked for the subnet mask of a /27, some choose 0.0.0.31 (wildcard) instead of 255.255.255.224. Remember: subnet mask bits are 1 for network, 0 for host.
Using classful assumptions: The exam may give 172.16.0.0/20 and ask for the number of subnets. Candidates might default to /16 as the classful boundary, but /20 borrows 4 bits from /16, yielding 16 subnets. Some incorrectly calculate based on /8 or /24.
Confusing the number of subnets vs. hosts per subnet: For a /26 of a /24, candidates might say 2 subnets (2 bits borrowed) and 62 hosts, which is correct. But some mix them up: 62 subnets and 2 hosts. The formula: subnets = 2^(borrowed bits), hosts = 2^(remaining) - 2.
Specific Numbers and Terms That Appear Verbatim
Private IP ranges (RFC 1918): 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
APIPA: 169.254.0.0/16
Loopback: 127.0.0.0/8
Default subnet masks: /8 (255.0.0.0), /16 (255.255.0.0), /24 (255.255.255.0)
Common CIDR prefixes: /30 (2 usable), /29 (6), /28 (14), /27 (30), /26 (62), /25 (126), /24 (254)
The formula: 2^n - 2
Edge Cases and Exceptions
/31 subnet: RFC 3021 allows /31 for point-to-point links, providing 2 usable addresses (no network/broadcast). The exam may test this, but typically expects /30 with 2 usable.
/32 subnet: A single host route. Used for loopbacks or specific host entries. No usable hosts beyond the one IP.
Zero subnet: The first subnet (e.g., 192.168.1.0/26) is usable if the router supports ip subnet-zero (enabled by default on modern devices). The exam assumes zero subnet is usable.
Broadcast address: The last address in a subnet (all host bits 1). Cannot be assigned to a host.
How to Eliminate Wrong Answers
Always subtract 2 from the total host count. If the answer choice doesn't subtract 2, it's wrong.
For subnet mask questions, convert the prefix to dotted decimal and match it to the mask. If the mask has a 0 in a bit that should be 1, it's wrong.
For network address identification, AND the IP with the mask. If the result doesn't match one of the options, recalculate.
Use the block size method to verify subnet boundaries. If the network address is not a multiple of the block size, it's invalid.
Subnetting borrows bits from the host portion to create subnet identifiers; the subnet mask defines the boundary.
Number of usable hosts per subnet = 2^(host bits) - 2.
Block size (increment) = 256 - subnet mask octet value in the interesting octet.
The network address has all host bits set to 0; the broadcast address has all host bits set to 1.
VLSM allows different subnet masks within the same major network, improving address efficiency.
CIDR notation (e.g., /26) is used for classless addressing; classful addressing is obsolete.
Private IP ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
Common exam masks: /30 (2 usable), /29 (6), /28 (14), /27 (30), /26 (62), /25 (126), /24 (254).
Route summarization (supernetting) combines contiguous subnets into a larger network with a shorter prefix.
Always subtract 2 from total addresses for network and broadcast when calculating usable hosts.
These come up on the exam all the time. Here's how to tell them apart.
FLSM (Fixed-Length Subnet Mask)
All subnets use the same mask.
Simpler to design and configure.
Wastes IP addresses if subnets have different host requirements.
Common in older networks or small environments.
Example: /24 for all subnets.
VLSM (Variable-Length Subnet Mask)
Different subnets can have different masks.
More efficient IP address utilization.
Requires careful planning to avoid overlap.
Standard in modern enterprise networks.
Example: /30 for point-to-point, /24 for LANs.
Mistake
Subnetting changes the IP address of a device.
Correct
Subnetting does not change the IP address itself; it changes how the subnet mask interprets the address. The same IP can belong to different subnets depending on the mask.
Mistake
The broadcast address is always the last address in the subnet (like .255).
Correct
The broadcast address is the last address in the subnet, but it is not always .255. For a /26 subnet starting at .0, the broadcast is .63. For .64 subnet, broadcast is .127. Only in a /24 subnet does broadcast end in .255.
Mistake
A /30 subnet provides 4 usable host addresses.
Correct
A /30 subnet has 2^2 = 4 total addresses, but 2 are reserved (network and broadcast), leaving only 2 usable hosts. This is the standard for point-to-point links.
Mistake
Classful addressing is still the default on modern networks.
Correct
Classful addressing is obsolete. CIDR (classless) is used universally. The exam expects classless calculations. Never assume a /16 is always a Class B network; it could be a subnet of a larger block.
Mistake
The subnet mask 255.255.255.0 is the only mask used for LANs.
Correct
While /24 is common, LANs often use /23, /22, /25, /26, etc., depending on the number of hosts needed. The exam tests various masks.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
To calculate the number of subnets, determine how many bits were borrowed from the host portion. For example, if you have a /24 network and you use a /26 mask, you borrowed 2 bits (26-24=2). The number of subnets is 2^2 = 4. In general, subnets = 2^(new prefix - original prefix). If the original network is classless, you need to know the base prefix. The exam often gives a base network like 192.168.1.0/24 and asks for subnets when using /26, so answer is 4.
A subnet mask has 1s in the network portion and 0s in the host portion. A wildcard mask is the inverse: 0s for network and 1s for host. For example, subnet mask 255.255.255.0 (/24) corresponds to wildcard mask 0.0.0.255. Wildcard masks are used in ACLs and OSPF configurations to match IP addresses. A common mistake is using a subnet mask where a wildcard is required, or vice versa. On the exam, if you see an ACL command like 'access-list 10 permit 192.168.1.0 0.0.0.255', the 0.0.0.255 is the wildcard mask.
Perform a bitwise AND between the IP address and the subnet mask. For example, IP 192.168.1.55 with mask 255.255.255.192 (/26). Convert both to binary: IP: 11000000.10101000.00000001.00110111; Mask: 11111111.11111111.11111111.11000000. AND result: 11000000.10101000.00000001.00000000 = 192.168.1.0. This is the network address. Quick method: in the interesting octet (last octet), the network address is the largest multiple of the block size that is less than or equal to the IP octet. Block size = 64, multiples: 0,64,128,192. 55 falls between 0 and 64, so network = 0.
A /30 subnet (mask 255.255.255.252) provides exactly 2 usable host addresses. It is commonly used for point-to-point links between routers because only two addresses are needed (one for each end). The network and broadcast addresses consume the other two addresses. For example, 192.168.1.0/30: network 192.168.1.0, usable 192.168.1.1 and 192.168.1.2, broadcast 192.168.1.3.
Each VLAN is a separate broadcast domain at Layer 2. To route between VLANs, you need a Layer 3 device (router or Layer 3 switch) with an interface in each VLAN. Each VLAN should have its own unique subnet. For example, VLAN 10 might use 192.168.10.0/24, VLAN 20 use 192.168.20.0/24. The router's interface in each VLAN gets an IP from that subnet (usually the first usable address). This is called 'router-on-a-stick' if using a single physical link with subinterfaces. The exam tests that VLANs and subnets are mapped 1:1.
The magic number (or block size) is 256 minus the subnet mask octet in the interesting octet. For mask 255.255.255.192, magic number = 256-192 = 64. This number tells you the increment between subnet network addresses. Subnets start at 0, then 64, 128, 192. To find the network address of an IP, divide the interesting octet by the magic number, floor it, then multiply back. For 192.168.1.55 with magic 64: 55/64 = 0.859, floor = 0, 0*64 = 0, so network = 192.168.1.0. This method avoids binary conversion.
You've just covered Subnetting for Network+ — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?