In this Cisco CCNA tutorial, you’re going to learn about subnet masks. Scroll down for the video and text tutorials.
Cisco Subnet Mask Video Tutorial
Raihan Sajid
Thank you for your wonderful CCNA course, I passed my exam! Your course helped me build the much needed foundation for passing, and also clarified every important topic.
I've opened up a command prompt on my Windows laptop and entered 'ipconfig'. My IP address is 192.168.10.15, my subnet mask is 255.255.255.0, and the default gateway is 192.168.10.1. So, every host in your network will know its IP address, subnet mask, and default gateway.
A host can send traffic directly to another host on the same subnet via the switches they're attached to. For a host to send traffic to another host in a different subnet, it must be forwarded by a router.
Routers are devices that link our different subnets together and route the traffic between them. Therefore, the host needs to understand if the destination is on the same or different subnet to know how to send it.
If the destination is on the same subnet, it will send that there directly. If it's on a different subnet, it knows that it has to send it to the local router, which is the default gateway.
The host knows whether the destination is on the same subnet or a different subnet by comparing the destination's IP address to its own IP address and subnet mask.
The subnet mask, just like the IP address, is also 32 bits long, and it can be written in dotted decimal notation, the same as our IP addresses, or it can be written in slash '/' notation.
Network and Host Portion
A host's IP address is divided into a network portion and a host portion, and it's the subnet mask that defines where the boundary is between the network part and the host part of the address. The easiest way to explain how this work is by giving you an example.
Let's say the host's IP address is 192.168.10.15, and the subnet mask is 255.255.255.0. That's the IP address and subnet mask on my laptop. To figure this out, we write the IP address out in binary notation, and then the subnet mask is also in binary notation underneath.
Subnet Masking
So our example was 192.168.10.15, subnet mask 255.255.255.0. You see, at the top part here, I've written 192.168.10.15 out in binary and then underneath 255.255.255.0 out in binary as well. The IP address is compared or masked with the subnet mask.
A '1' in the subnet mask indicates that bit in the IP address is part of the network address, and a '0' indicates that the bit is part of the host address. So you can quickly see all the 1s on the subnet mask here.
Everything in the IP address above that is part of the network portion of the address. The 0's above that in the IP address are part of the host portion of the address.
The Network Portion
So, subnet mask 255.255.255.0. With the subnet mask, it's always going to have contiguous 1s, and you see the 1's come up to the part where I put a line in. That line is the border between the network portion and the host portion of the address.
In the example, the network address portion is 192.168.10. Whatever is after the line is the host portion of the address. So in our example, the .15 is the address's host portion.
Local Subnet or Routed Traffic
If the host wants to communicate with another host with an IP address that also begins with 192.168.10, for example, this host wants to send traffic to a destination address of 192.168.10.20, it knows it's on the same subnet, and it can send the traffic directly.
If this host wants to communicate with another host on any other network, anything that does not begin with 192.168.10, then it knows it has to send the traffic via a router.
So if it was sending traffic to destination 192.168.11.20, for example, it doesn't begin with 192.168.10. It's a different subnet, so it sends it via the router.
For a destination address to be on the same subnet, the network portion has to be exactly 192.168.10. Anything else means a different subnet, so we must go via a router.
Valid Subnet Masks
The subnet mask always begins with a contiguous block of 1's. This is different from the IP address. You see our example IP address here, it's 1100000010101. With the IP address, the 1's and 0's can be mixed in pretty much any order.
The subnet mask is always a block of 1's and then a block of 0's. We never mix the 1s and 0s with each other in the subnet mask. So, 11111111.11110000.00000000.00000000 is a legal subnet mask. 11101101, mixing up the 1's and 0's, we can't do that. That is not a valid subnet mask.
The Host Portion
The host portion of the address is available to be allocated to the different hosts on that particular subnet, for example, your PCs, Servers, Printers, Routers Interfaces, Switch Management Addresses, etc. The host portion of the address for our example is highlighted below.
Host Addresses
The host portion of the address specifies the individual host and must be unique on that subnet. Your hosts do not need to be numbered sequentially.
For example, we could have a subnet with two hosts on it. One could have an IP address of 10.10.10.10. The other could have an address of 10.10.10.20. We don't need to number them .1 and .2. You can't have two different hosts with the same IP address.
We couldn't have two hosts with the address 10.10.10.10, for example. That would be a duplicate address, and whenever traffic was sent to 10.10.10.10, your network devices wouldn't know which host to send it to. So that's illegal.
You can't have duplicate IP addresses. You could have host 10.10.10.10 on one subnet and host 10.10.20.10 on a different subnet. They're different subnets, so it's not a duplicate address. That's just fine.
The Network Address (Network ID)
All 0's in the host portion designates the network address and is not allowed to be allocated to a host. Remember, two particular addresses can not be assigned to a host. The first one is all 0s in the host portion, which designates the network address of the network ID.
In our example, the network address would be 192.168.10.0, so we fill in the bit pattern in the network portion. So, that was 192.168.10, and then in the host portion, we put all 0's in there.
So all 0's, you can't assign it to a host. It signifies the network address, which is the bottom address in that particular subnet. There's I highlighted there. You can see we've used all 0's.
The Broadcast Address
The other address which can not be assigned to a host is all 1's in the host portion of the address. All 0's signifies the network address, which is the bottom address in the range. All 1's, the top address in the range, is the directed broadcast.
Whenever you send traffic to the directed broadcast address, it goes to all hosts in that subnet. Not to an individual host, so we can't assign that address to an individual host. The host portion is highlighted. I've put all 1's in there.
Host Addresses
That leaves 192.168.10.1 to 192.168.10.254 in our example, and it is available to be allocated to our different hosts.
So all the different PCs, other kinds of hosts, maybe you've got some Windows PCs, some Linux PCs in that subnet, I can number them from 192.168.10.1 up to 192.168.10.254.
They're all in the same subnet. Whenever they send traffic to each other, they can do that directly without going via their default gateway router.
Additional Resources
Configure IP Addresses and Unique Subnets for New Users: https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13788-3.html
Subnet Mask Explained: https://study-ccna.com/subnet-mask/
Understand Host and Subnet Quantities: https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13790-8.html
Subnetting Practice Questions: https://www.flackbox.com/subnetting-practice-questions
Libby Teofilo
Text by Libby Teofilo, Technical Writer at www.flackbox.com
Libby’s passion for technology drives her to constantly learn and share her insights with others. When she’s not immersed in the world of tech, you’ll find her lost in a good book with a cup of coffee or out exploring nature on her next adventure—always curious, always inspired.