CCNA Prep: Learn how to Subnet properly

In this article we cover one of what I have found to be the most common stumbling blocks for individuals attempting to pass the CCNA. This comes from experience in helping several individuals through the study process.

Understanding subnets, wildcard masks, and slash notation

Subnetting is used to divide a classful address space into smaller blocks to ease network management.


A college is using the classful private address space. They want to separate buildings, administrative and student networks, and individual rooms.


They need a maximum of 28 hosts in each room.
They need to accommodate 27 rooms per building.
They need to accommodate 5 buildings.
All “extra” space should be reserved for accommodating additional buildings.
They need to accommodate an administrative and student virtual LAN for each.
You have some legacy hardware that doesn’t support subnet zero.

Why do some people find it difficult?

Some people find subnetting difficult simply because they learn “shortcut rules” without understanding how address space is actually divided. They may also have trouble trying to intuit the answer instead of doing the math and conversions.

Building our network address space:

Let’s actually build the addressing scheme for this scenario. Knowing that we can’t use network and broadcast addresses in our “slot count”, we start by adding two to each of our size requirements.

Step 1

Account for network and broadcast addresses.

28 hosts per room: add two for not being able to use network or broadcast addresses.
27 rooms per building: add one for not using subnet zero.
5 buildings: add one for not using subnet zero.
Administrative and student networks: add one for not using subnet zero.

Step 2

Move up to the next power of 2.

30 – 32
28 – 32
6 – 8
3– 4

Step 3

Start packing in subnets right to left.

Hosts per room:
XXXX XXXX . 0000 0000 . 0000 0000 . 0000 hhhh

Rooms per building:
XXXX XXXX . 0000 0000 . 0000 0000 .rrrrhhhh

Special case:
We are supposed to allow as many buildings as possible, but we know that each building will have an administrative or student network. We may also want to control traffic to the entire administrative or entire student network. We put that Boolean value at the front to keep things very readable for the naked eye.

Administrative or student:
XXXX XXXX. AA00 0000 . 0000 0000 .rrrrhhhh
For the purposes of the example, we’ll make student 2 and administrative 1.

All remaining middle bits:

Now we know our address scheme and we can match out just about any question they can throw at us.

Step 4

Examining questions.

What is the subnet mask and address range for administrative network, building 1, subnet zero?
To solve this question, we simply slide in the appropriate values. They are using the 10 private address spaces, so that takes care of the first octet.

0000 1010 = 10

Now we need the administrative network, so:


Now we slide in the building number, justify to the right.

0100 000. 0000 0001

The question is asking for subnet zero at this dividing line, so we have 24 bits occupied: (

To get the range of addresses just set the non-mask bits to all ones and convert again:
0000 1010 . 0100 000. 0000 0001 . 1111 1111

Step 5

That was an easy one. What if they asked for administrative network subnet zero? Repeat your first two steps in order to arrive here with the administrative-only chunk filled in:

0000 1010 .01XX XXXX . XXXX XXXX

Set everything that follows to zero and convert back to dotted decimal and you have:

To get the range of addresses, just set the non-mask bits to all ones and convert again
0000 1010 . 0111 1111 . 1111 1111 . 1111 1111 –

Step 6

Finding an arbitrary subnet number.

So we can find subnet zero; what about finding an arbitrary subnet number? We just slide it in to the appropriate slot. Find the student network, building 3, subnet four (room four).


Be the first to hear of new free tutorials, training videos, product demos, and more. We'll deliver the best of our free resources to you each month, sign up here:

10. 4 <-> 3 <-> 4 <-> 0

0000 1010 .1000 0000 . 0000 0011 . 0100 0000

Step 7

Finding a specific host.

Find the student network, building 3, subnet four (room four), host 3.


10. 4 <-> 3 <-> 4 <-> 3

0000 1010 .1000 0000 . 0000 0011 . 0100 0011

Note: If we could have used subnet zero, the administrative to student split could have been implemented with a single bit instead of two.

Broadcast address:

What if you get asked for broadcast address? Since broadcast is the highest address in a network or subnet, we already solved this with our “range of addresses” question. Just find the range of addresses in an address space and use the last value.

Number of usable addresses per subnet:

Another type of question you can receive within this topic is determining the number of usable addresses based on a subnet mask.

Determine the number of available hosts per network for this subnet mask:


All we did there is dividing the address up into network, subnet, and host bits so we convert Host bits to all ones and one decimal number, not dotted decimal, to get 16383. We know that we can’t use network or broadcast addresses, which makes our answer 16382. We didn’t have to subtract the zero, but we did have to subtract the all ones value.

Number of usable networks:

Another type of question you can receive within this topic is determining the number of usable addresses based on a subnet mask.

Determine the number of available networks for this subnet mask:


We made our same diagram with slots. Now we just need to pull out our subnet bits and we get 3. Add one to account for the 0 value that doesn’t show up as part of the count and you get 4.

Wildcard Masks

And there you go: all the subnet masking questions you’ll probably receive. What about wildcard masks? They are just the inverse of subnet masks, so just convert and solve.

11111111 . 11111111 . 1100 0000 . 0000 0000

Just subtract from all ones:

255 – 192 = 32

There you have it. You just converted a subnet mask to a wildcard mask.

Slash notation

Converting a subnet mask to slash notation is incredibly simple. Simply convert to binary. We’ll continue with the subnet mask from the previous example:

11111111 . 11111111 . 1100 0000 . 0000 0000

Just count the ones from left to right to get the slash notation representation. In this case, it’s 18.


That covers all of the possible subnet style questions that could be asked. It doesn’t cover how they’re asked, but if you can reproduce that scenario in its entirety, you can get the right data to answer. Just read the question carefully.

Practice problem:

Rework through that scenario with subnet zero available.
Rework through that scenario changing which slot should accommodate growth.

Rework that scenario changing the numbers for each slot.

Use the online IP subnet calculator to check your work:

Study tips:

There is the ubiquitous subnet chart that lists all the sizes, start addresses, slash notations, and wildcard notations. Do not rote memorize that chart. Instead, be able to derive that chart. If you don’t do this day to day, just derive the chart immediately at the beginning of the exam. This is when you are thinking most clearly and have the most stamina before the rest of the test.

Be able to solve it manually. Don’t depend on shortcut formulas. Get faster at converting between numbering systems.

When you’re checking your answers, remember that broadcast should always be odd and network should always be even. It can help you avoid some mistakes. Available hosts should also always be even.

The following two tabs change content below.

Andy King

Andrew has contributed video to and has multiple speaking engagements at conferences both domestic and abroad. The current focus of his research is anti-virus bypass and reverse engineering compiled binaries.

Latest posts by Andy King (see all)