It is fairly common for organizations to want to subdivide their networks into smaller pieces for manageability purposes. Subnetting breaks a large network address space up into manageable pieces that administrators may assign to smaller subnetworks. Learn how to subdivide large networks using IP subnetting.
- [Instructor] It's fairly common for organizations to want to subdivide their networks into smaller pieces for manageability purposes. This is where IP subnetting can provide an effective solution. Subnetting breaks a large network address space up into manageable pieces that administrators may assign to smaller networks. For example, assume that you are using the 192.168 private address space on your network. You might have a network that looks something like this, with different departments connected to different geographic regions.
Instead of haphazardly assigning addresses throughout your network, you might decide that you want to use subnetworks. The 192.168 address space normally has the dividing line between network and host addresses here. Giving us a single network with over 65,000 possible host addresses. If we shift the dividing line to here, we now have 256 possible subnetworks with 254 possible hosts each.
We go from one network with over 65,000 hosts, to 256 networks with 254 hosts each. While they may not all fit on the screen, you get the point. These smaller networks are much more usable. On our network diagram, we can now give the Accounting group the 192.168.1 address space. The Sales group, the 192.168.2 subnetwork. And then assign the 192.168.3 subnetwork to the IT group.
Leaving the remaining 253 subnets for future uses. Each of those subnetworks can have up to 254 systems connected to it. Once you start shifting the dividing line between network and host addresses around, you'll need to tell network devices how you've done that. You do this by assigning a subnet mask to the network. Before we get into subnet masks, you need to understand that IP addresses are actually written in binary form. If you are not familiar with binary math, you might want to watch the Understanding Binary Basics video with Mark Jacob for more information.
I'll assume that you've already had some exposure to binary math. We can take this decimal IP address and convert it to binary form. Subnet masks use the same dotted quad notation as IP addresses. Let's build one together for the 192.168.1 subnetwork. First, we draw our dividing line between the network and host portions of the address. Then, we build a binary address where we put a one in every location that's used by the network address, and a zero in locations used by the host address.
We can then write our subnet mask in two different forms. First, we can convert the subnet mask into decimal form and describe it as having the subnet mask 255.255.255.0. This is known as the subnet mask notation. Alternatively, we can simply count the number of ones in the address, and then put a slash next to the IP address with the number of ones following it. That would make this network the 192.168.1.0/24 network.
Both of these notations, the subnet mask notation, and the slash notation, describe the same network. IP subnetting is a complex topic. And we've only discussed it in limited detail in this course. If you'd like more information, check out one of our IP addressing courses.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security