The subnet mask of an IP address determines which part of the IP is used for the network and which part is used for hosts. It’s usually represented as four numbers, like 255.255.255.0. To find the subnet mask:

– Look at the first few numbers of the IP address.
– If it’s 255, then that portion is part of the network. If it’s less than 255, that portion is for hosts.

Example
Suppose you have an IP address 192.168.1.100 and a subnet mask of 255.255.255.0. In this case, the first three numbers (192.168.1) represent the network, and the last number (100) is for hosts.

2. What is the subnet mask of 255.255.255.0 IP address

A subnet mask of 255.255.255.0 means that the first three parts of the IP address are used for the network, and the last part is used for hosts. This is often used in small home or office networks.

3. What is the formula for finding a subnet

The formula for finding a subnet involves bitwise operations. You can calculate it using binary arithmetic, but it’s usually done with subnet calculators or tools. One common formula is:

Number of subnets = 2^(number of bits borrowed for subnetting)

4. How do I create a subnet from an IP address

To create a subnet from an IP address, you need to determine how many bits you want to allocate for the subnet and how many for hosts. Then, you adjust the subnet mask accordingly. For example, if you have IP address 192.168.1.0 and want to create subnets with 16 hosts each, you’d use a subnet mask of 255.255.255.240, creating 16 subnets.

5. Why is subnet mask always 255

Subnet masks are not always 255; they vary depending on the network’s needs. However, in common subnet masks, 255 is used to indicate that a portion of the IP is reserved for the network.

6. How do I change my IP address to a subnet mask

You don’t change your IP address to a subnet mask; they serve different purposes. Your IP address identifies your device on a network, while a subnet mask helps route traffic within that network.

7. How do I manually set a subnet mask

You can manually set a subnet mask in your device’s network settings. For example, in Windows, you can go to Control Panel > Network and Sharing Center > Change adapter settings, then right-click on your network adapter, select Properties, and manually configure the subnet mask in the IPv4 properties.

8. Should the subnet mask be the same as the IP address

No, the subnet mask and IP address should not be the same. The subnet mask defines which part of the IP address belongs to the network and which part belongs to hosts. They have different values and purposes.

9. What subnet mask is needed if an IPv4

IPv4 addresses can have various subnet masks depending on the network’s requirements. There is no specific subnet mask for all IPv4 addresses; it depends on the subnetting scheme used in the network.

10. What does the subnet mask 255.255.255.0 tell a router

Yes, a subnet mask of 255.255.255.0 indicates to a router that the first three parts of the IP address are the network portion, and the last part is for host devices within that network.

11. How do I configure IPv4 and subnet mask

To configure IPv4 and subnet mask on your device, you can go to the network settings and enter the desired values. For example, in Windows, it’s done in the IPv4 properties of your network adapter.

12. What is the default subnet mask for an IP address of

The default subnet mask for an IP address depends on the IP address class. For example, for a Class C IP address (e.g., 192.168.1.1), the default subnet mask is usually 255.255.255.0.

13. Why is 192.168 always used

The 192.168 IP range is reserved for private networks, and it’s commonly used because it provides a large number of available IP addresses while not conflicting with public internet IP addresses.

14. What is the IP address 127.0.0.1 used for

The IP address 127.0.0.1 is the loopback address, and it always refers to the local device. It’s used for testing network functionality on your own device without involving an external network.

15. Is 192.168.0.0 allowed on the Internet

No, the 192.168.0.0 IP range is reserved for private networks and is not routable on the public internet. It’s used for internal networks within homes and organizations.

16. Why do some IP addresses start with 10

IP addresses that start with 10 (e.g., 10.0.0.0) are also reserved for private networks. They are often used in larger networks where more IP addresses are needed.

17. Which IP address should you not use

You should not use IP addresses that are reserved for special purposes, such as loopback addresses (127.0.0.0/8) or addresses designated for private networks (e.g., 10.0.0.0/8, 192.168.0.0/16).

18. What is the best subnet mask

The best subnet mask depends on your network’s requirements. There is no one-size-fits-all answer. The subnet mask should be chosen based on the number of hosts and subnets needed in your network.

19. How many subnets can a router have

A router can have as many subnets as it has available interfaces. Each interface can be associated with a different subnet.

20. Can two subnets have the same IP address

No, two subnets on the same network should not have the same IP address. Each IP address should be unique within a subnet to avoid conflicts.

21. Can two routers share the same subnet

Yes, two routers can share the same subnet, but they should be properly configured to avoid routing conflicts. This scenario is common in complex network setups.

22. What IP addresses can talk to each other

IP addresses within the same subnet can easily communicate with each other. Routers are used to enable communication between different subnets or networks.

23. Can someone have the same IP as you

Yes, multiple devices can have the same private IP address within different networks, but they cannot have the same public IP address on the internet.

24. How can I tell if two computers are on the same subnet

You can determine if two computers are on the same subnet by comparing their IP addresses and subnet masks. If they have the same network portion as defined by the subnet mask, they are on the same subnet.

25. What happens if 2 IP addresses are the same

If two devices on the same network have the same IP address, it can lead to network conflicts and communication

issues. Each device on a network should have a unique IP address.

26. Can someone with my IP address see my history

No, having the same IP address as you doesn’t give someone access to your browsing history. Your browsing history is stored on your device, not on the network.

27. Does everyone in my house have the same IP address

No, each device in your house typically has its own unique private IP address on your home network.

28. Does everyone on the same WiFi have the same IP

Devices connected to the same WiFi network may have similar IP addresses (i.e., they share the same network portion), but they have different host portions, making them unique on the network.

29. Do you always have the same IP address when you connect to the internet

No, your public IP address assigned by your Internet Service Provider (ISP) can change periodically. This is known as a dynamic IP address. However, some ISPs offer static IP addresses that do not change.

30. Does an IP address change with location

Yes, your public IP address can change based on your physical location and the network you’re connected to. Different networks and locations may assign different IP addresses.

31. Is an IP address tied to a computer or router

An IP address can be tied to either a specific computer or a router, depending on the network configuration. In a home network, the router typically assigns unique IP addresses to each device connected to it.

32. What do the four numbers in an IP address mean

The four numbers in an IP address represent different levels of hierarchy. For example, in the IP address 192.168.1.1, the first number (192) represents the network, the second (168) represents a subnet within that network, and the last two (1.1) represent individual devices within that subnet.

33. What is an IP address for dummies

An IP address is like a digital address for devices on a network. It helps them find and communicate with each other on the internet or within a local network.

34. How do I find the exact location of an IP address

Finding the exact physical location of an IP address is challenging and often requires specialized tools and cooperation from Internet Service Providers. It’s not something a regular user can easily do.

35. Is it illegal to track an IP address

Tracking an IP address for legitimate network management purposes is generally not illegal. However, using IP address tracking for malicious purposes, such as stalking or hacking, is illegal and unethical.

36. Can an IP be traced to an exact location

IP addresses can be traced to a general geographic location, such as a city or region, but pinpointing an exact physical address is usually not possible without cooperation from the ISP.

37. How do I find the location of a device using an IP address

To find the approximate location of a device using an IP address, you can use online IP geolocation services or tools. These services provide general geographic information based on the IP address’s registered location.

Learn more on Subnetting; How to Calculate a Subnet Mask from IP Address

Understand Host and Subnet Quantities

Note: I have used this SKU size as it’s lightweight and sufficient for this lab exercise – Standard B1s (1 vcpu, 1 GiB memory)

First, we’ll create two Linux Ubuntu virtual machines in Azure. We’ll use Azure because it offers a quick and easy way to create virtual machines.

Step 1:

• Sign in to the Azure portal.
• Click on “Create a resource” in the top left corner of the screen.
• Search for “Ubuntu Server” and select the “Ubuntu Server 18.04 LTS” option.
• Choose a subscription, resource group, virtual machine name, region, and size for the virtual machine. You’ll need to create one VM for the image server and another for the video server.
• Set up a username and password for the VM.
• Choose “SSH public key” as the authentication type.
• Create an SSH key pair if you don’t already have one.
• Click “Review + create” to review your settings and create the VM.

Repeat this process to create a second VM for the video server.

Step 2: Configure the Virtual Machines

Next, we’ll configure the virtual machines to serve static assets. We’ll use Nginx as the web server, but you can use any web server you prefer.

SSH into the image server VM or use Azure Run Command Tool.
Install Nginx by running the command

"sudo apt-get update && sudo apt-get install nginx".

Copy your images to the VM and place them in the “/var/www/html” directory.
Repeat this process on the video server VM, but copy your videos to the “/var/www/html/videos” directory.

A step by step walkthrough as per below;
Install Nginx

sudo apt-get -y update
sudo apt-get -y install nginx

Create Images Folder Path

mkdir /var/www/html/images/
echo "<h1> This is the Images Server </h1>" > /var/www/html/images/index.html

Create Videos Folder Path

mkdir /var/www/html/videos/
echo "<h1>This is the Videos Server</h1>" > /var/www/html/videos/index.html

Step 3: Create the Application Gateway

Now, we’ll create the application gateway in Azure. This will enable us to route traffic to the correct VM based on the URL path.

• Sign in to the Azure portal.
• Click on “Create a resource” in the top left corner of the screen.
• Search for “Application Gateway” and select the “Application Gateway v2” option.
• Choose a subscription, resource group, name, region, and SKU for the application gateway.
• Choose the “Backend pools” option in the left menu.
• Click “Add” to add a backend pool.
• Choose the “Virtual machines” option for the backend target type.
• Choose the image server and video server virtual machines as the targets.
• Choose the “HTTP settings” option in the left menu.
• Click “Add” to add an HTTP setting.
• Choose a name for the HTTP setting and configure the protocol, port, and cookie settings.
• Choose the “Rules” option in the left menu.
• Click “Add” to add a rule.
• Choose a name for the rule and configure the listener, backend target, and URL path map settings.
• Test your application gateway by accessing the image and video servers through the gateway URL with the appropriate path.

Create Application Gateway

create application gateway public ip

create application gateway with images backend pool

create application gateway with videos backend pool

create application gateway images backend setting

create application gateway add multiple targets to create path-based rule

create application gateway add multiple images path-based rule

create application gateway videos backend setting

create application gateway add multiple videos path-based rule

create application gateway add backend targets

create application gateway frontend routing rules for backend pools

Browse to Video Server Resource

create application gateway and check health

Check Overview of Application Gateway

Awesome links for further reading;
Apache web server documentation: https://httpd.apache.org/docs/
Azure documentation: https://docs.microsoft.com/en-us/azure/
Ubuntu server documentation: https://ubuntu.com/server/docs
Virtual machines in Azure: https://docs.microsoft.com/en-us/azure/virtual-machines/
Application Gateway in Azure: https://docs.microsoft.com/en-us/azure/application-gateway/

To configure a Three-Tier design using Cisco commands, follow the steps below:

Configure the Core layer:

Configure the Core layer switches with high-speed links to provide the backbone of the network.
Configure the switchports connected to the Distribution layer switches as trunk ports.
Configure VLANs on the Core layer switches.

Sample Cisco commands:

interface GigabitEthernet0/1
switchport mode trunk
switchport trunk allowed vlan 10,20,30

Configure the Distribution layer:

Configure the Distribution layer switches with uplinks to the Core layer switches and downlinks to the Access layer switches.
Configure the switchports connected to the Core layer switches as trunk ports and the switchports connected to the Access layer switches as access ports.
Configure VLANs on the Distribution layer switches.

Sample Cisco commands:

interface GigabitEthernet0/1
switchport mode trunk
switchport trunk allowed vlan 10,20,30

interface GigabitEthernet0/2
switchport mode access
switchport access vlan 10

Configure the Access layer:

Configure the Access layer switches with uplinks to the Distribution layer switches.
Configure the switchports connected to end devices as access ports.
Configure VLANs on the Access layer switches.

Sample Cisco commands:

interface GigabitEthernet0/1
switchport mode access
switchport access vlan 10

interface GigabitEthernet0/2
switchport mode access
switchport access vlan 20

Configure Spanning Tree Protocol (STP):

Configure STP to prevent loops in the network.
Configure the Core layer switches as the root bridges for each VLAN.
Sample Cisco commands:

spanning-tree mode rapid-pvst
spanning-tree vlan 10,20,30 root primary

Configure Link Aggregation Control Protocol (LACP):

Configure LACP to provide link redundancy and load balancing between switches.
Sample Cisco commands:

interface GigabitEthernet0/1
channel-group 1 mode active

Configure VLANs:

Configure VLANs on the Core, Distribution, and Access layer switches to segment the network.
Assign ports to VLANs based on the device type and location.
Sample Cisco commands:

vlan 10
name Sales
vlan 20
name Engineering
vlan 30
name Marketing

Verify the configuration:

Verify the configuration by checking the switchport settings, VLAN configuration, and STP status.
Sample Cisco commands:

show interfaces GigabitEthernet0/1 switchport
show vlan brief
show spanning-tree vlan 10,20,30

By following these steps, you can configure a Three-Tier design using Cisco commands.

Follow a previous article on building a two tier campus network.
Design and Build a Two-Tier Campus Network Architecture

Follow this Cisco Validated Design for Inspiration.

Cisco Meraki has some good validated design ideas here.

DNAT (Destination NAT) is a type of NAT that allows inbound traffic to be redirected from a public IP address to a private IP address. DNAT is typically used when a server on a private network needs to be accessed from the internet. When a request is made to the public IP address, the NAT device will translate the public IP address to the private IP address of the server and forward the request to the server.

Use cases for DNAT:

Remote access: DNAT can be used to enable remote access to a server on a private network. For example, a company might use DNAT to allow employees to access a company server from home or when traveling.
Load balancing: DNAT can be used to distribute inbound traffic across multiple servers on a private network. This can help improve performance and ensure that traffic is handled efficiently.
Website hosting: DNAT can be used to host a website on a private network. When a request is made to the public IP address of the website, the DNAT device will redirect the traffic to the private IP address of the web server.

On the other hand, SNAT (Source NAT) is a type of NAT that changes the source IP address of outbound traffic. SNAT is typically used when multiple devices on a private network need to access the internet using a single public IP address. When a device on the private network sends a request to the internet, the NAT device will translate the private IP address to the public IP address before forwarding the request to the internet.

Use cases for SNAT:

Internet sharing: SNAT can be used to enable multiple devices on a private network to share a single public IP address. This is common in home networks where multiple devices (such as smartphones, tablets, and laptops) need to access the internet.
Security: SNAT can be used to hide the IP addresses of devices on a private network from the internet. This can help improve security by making it harder for attackers to target individual devices on the network.
Compliance: SNAT can be used to comply with certain regulations that require all outgoing traffic to have the same source IP address. For example, some financial institutions might use SNAT to comply with regulations that require all outgoing traffic to originate from a specific IP address.

Now that you have understood the differences between SNAT and DNAT, why don’t we go through a set of commands we can use to achieve this on Cisco equipment?

SNAT (Source NAT) and DNAT (Destination NAT) are two commonly used features in Cisco networking to manipulate network traffic. Here are the commands for configuring SNAT and DNAT in Cisco devices:

SNAT:

To configure SNAT on a Cisco router or firewall, use the following command:

ip nat inside source static  

This command tells the router/firewall to translate the source IP address of traffic leaving the “inside” interface to the specified “public” IP address.

DNAT:

To configure DNAT on a Cisco router or firewall, use the following command:

ip nat outside source static  

This command tells the router/firewall to translate the destination IP address of traffic arriving at the “outside” interface to the specified “local” IP address.

Note: The above commands are just examples, and the actual syntax may vary depending on the specific device and operating system version.

In summary, DNAT is used to translate inbound traffic to a private IP address, while SNAT is used to translate outbound traffic to a public IP address. Both DNAT and SNAT are useful techniques for managing IP addresses in a network and ensuring that devices on a private network can access the internet using a single public IP address.

I have another article demonstrating the real use case of NAT here – https://www.expertnetworkconsultant.com/configuring/how-to-configure-nat-the-cisco-and-vyos-way/

Here are some links to Cisco’s website that explain how to configure SNAT and DNAT:

SNAT:

Configuring Network Address Translation: https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html

Configuring Static NAT: https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html#anc13

DNAT:

Configuring Port Address Translation: https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html#anc11

Configuring Dynamic NAT: https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html#anc12

These links provide detailed information on the configuration of SNAT and DNAT, along with examples and best practices.

In some cases, however, containerized applications require a DHCP server to lease IP addresses to the containers running on the same network. By running a Dockerized DHCP server, you can simplify the deployment and management of your containerized applications, and create virtual networks for practicing networking concepts and configurations. In this article, we will walk through the steps for creating and using a Dockerized DHCP server for your applications and networks.

We will cover how to create a bridge network, run the DHCP server container, and configure your host and other containers to use the DHCP server to obtain IP addresses.

Choose a base image: You will need a base image for your DHCP server. In this example, we will use the Alpine Linux base image, which is a lightweight distribution of Linux that is popular for Docker images.

Install DHCP server software: Next, you will need to install the DHCP server software on your image. In this example, we will use the ISC DHCP server software, which is a widely used and well-supported DHCP server.

Configure the DHCP server: Once you have installed the DHCP server software, you will need to configure it to lease IPs. You will need to specify the range of IP addresses that can be leased, the subnet mask, and other network settings.

Create a Docker Network – I have called mine <my>-<network>

docker network create my-network

Create the DHCPD.CONF file in the build directory.

##########dhcpd.conf###########

default-lease-time 259200;
max-lease-time 777600;
option domain-name "your-domain.com";

subnet 192.168.2.0 netmask 255.255.255.0{
range 192.168.2.2 192.168.2.250;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
option domain-name-servers 192.168.1.1;
}

Create a Dockerfile: With the base image and DHCP server software installed and configured, you can now create a Dockerfile that will build the image. Here is an example Dockerfile:

Create a Dockerfile

FROM alpine:latest

RUN apk add --no-cache dhcp

COPY dhcpd.conf /etc/dhcpd.conf

EXPOSE 67/udp

ENTRYPOINT ["dhcpd", "-f", "-d", "--no-pid"]

In this Dockerfile, we start with the latest Alpine Linux image, then we install the ISC DHCP server software using the apk package manager. We copy a pre-configured dhcpd.conf file to the /etc directory, which contains the configuration settings for the DHCP server. We expose port 67/udp, which is the port used by DHCP servers to lease IP addresses. Finally, we set the ENTRYPOINT to start the dhcpd daemon with the specified options.

Build the image: Once you have created the Dockerfile, you can build the image using the docker build command:

docker build -t dhcp-server .

Run the container: With the image built, you can now run a container from the image using the docker run command:

docker run -d --name dhcp-server --net=host dhcp-server

In this command, we run the container in detached mode (-d), give it a name (–name dhcp-server), and use the host network (–net=host) so that the DHCP server can lease IPs to devices on the same network as the host. We specify the name of the image we built in the previous step (dhcp-server) as the container to run.

Your DHCP server container should now be running and leasing IPs to devices on your network. You can view the logs of the container using the docker logs command:

docker logs dhcp-server

And you can stop and remove the container using the docker stop and docker rm commands:

docker stop dhcp-server
docker rm dhcp-server

There are several use cases for having a Docker image running as a DHCP server:

Development and testing: Developers and testers can use a Dockerized DHCP server to create isolated test networks for their applications or services. This allows them to test network configurations and connectivity without interfering with the production network.

Containerized applications: Some containerized applications require a DHCP server to lease IP addresses to the containers running on the same network. By running a Dockerized DHCP server, you can simplify the deployment and management of your containerized applications.

Education and training: DHCP servers are commonly used in networking courses and training programs. By running a Dockerized DHCP server, educators and students can create virtual networks for practicing networking concepts and configurations.

To get hosts to connect to the network served by the Dockerized DHCP server, you will need to configure the hosts to use DHCP to obtain an IP address. This can usually be done by configuring the network interface of the host to use DHCP. The exact steps to do this will depend on the operating system of the host.

For example, on a Linux host, you can configure the network interface to use DHCP by editing the /etc/network/interfaces file and adding the following lines

auto eth0
iface eth0 inet dhcp

On a Windows host, you can configure the network interface to use DHCP by going to the Control Panel, selecting Network and Sharing Center, selecting Change adapter settings, right-clicking on the network adapter, selecting Properties, selecting Internet Protocol Version 4 (TCP/IPv4), and selecting Obtain an IP address automatically.

Once the host is configured to use DHCP, it will automatically obtain an IP address from the Dockerized DHCP server when it is connected to the network.

You might rightly ask how these other containers or hosts get an IP address from the above DHCP server container.

Well, below is the answer to your question.

You would need to create a Docker network to add containers in there before they can receive IP addresses from the DHCP server. When you create a Docker network, you can specify that it is a bridge network, which is the default network type for Docker. Containers connected to a bridge network can communicate with each other using their IP addresses.

To create a bridge network, you can use the docker network create command. Here’s an example:

docker network create my-network

This command creates a bridge network named my-network. You can then start your DHCP server container on this network by using the –network option when running the container:

docker run -d --name dhcp-server --network my-network dhcp-server

This command starts the DHCP server container in detached mode (-d), names the container dhcp-server, and connects it to the my-network network.

Once your DHCP server container is running on the my-network network, you can start other containers on the same network by using the –network option:

docker run -d --name my-container --network my-network my-image

This command starts a container named my-container from the my-image image, and connects it to the my-network network.

When the container starts up, it will obtain an IP address from the DHCP server running on the my-network network. You can view the IP address of the container by using the docker inspect command:

docker inspect my-container

In the output, look for the IPAddress field under the NetworkSettings section. This will show you the IP address that was assigned to the container by the DHCP server.

Ubuntu has a good guide on DHCP – https://ubuntu.com/server/docs/network-dhcp

What is Subnetting?

Subnetting is the process of dividing a larger network into smaller networks or subnets. It is accomplished by borrowing bits from the host portion of an IP address and using them to create subnets. The subnet mask is used to determine the network and host portions of an IP address. The subnet mask is a 32-bit number that consists of a series of ones followed by a series of zeros. The ones represent the network portion of the address, and the zeros represent the host portion of the address.

Why Subnetting is Important?

Subnetting is essential for the following reasons:

Efficient use of IP addresses: Subnetting allows you to use IP addresses more efficiently by dividing a larger network into smaller networks. This way, you can allocate IP addresses only to devices that need them, and avoid wasting IP addresses.

Better network performance: Subnetting can improve network performance by reducing network congestion and improving network efficiency.

Improved security: Subnetting can enhance network security by isolating different segments of a network and restricting access to specific devices.

Subnetting Cheat Sheet

The following subnetting cheat sheet will help you understand the basics of subnetting:

Subnet Mask: A subnet mask is a 32-bit number that determines the network and host portions of an IP address.

Network Address: The network address is the first address in a subnet and is used to identify the network.

Broadcast Address: The broadcast address is the last address in a subnet and is used to send a message to all devices on the network.

IP Address Range: The IP address range is the set of IP addresses available for use in a subnet.

CIDR Notation: CIDR notation is a shorthand notation for representing subnet masks. It is written as a slash (/) followed by the number of bits in the subnet mask.

Subnetting Formula: The subnetting formula is used to calculate the number of subnets and hosts per subnet. The formula is 2^n, where n is the number of bits borrowed for the subnet.

Subnetting Example: To subnet a network, follow these steps:

a. Choose the number of subnets required.
b. Choose the number of host bits required per subnet.
c. Calculate the subnet mask.
d. Calculate the network address and broadcast address.
e. Determine the IP address range.

Subnet Mask	CIDR Notation	Binary Value	Decimal Value
255.255.255.0	/24	11111111.11111111.11111111.00000000	255.255.255.0
255.255.255.128	/25	11111111.11111111.11111111.10000000	255.255.255.128
255.255.255.192	/26	11111111.11111111.11111111.11000000	255.255.255.192
255.255.255.224	/27	11111111.11111111.11111111.11100000	255.255.255.224
255.255.255.240	/28	11111111.11111111.11111111.11110000	255.255.255.240
255.255.255.248	/29	11111111.11111111.11111111.11111000	255.255.255.248
255.255.255.252	/30	11111111.11111111.11111111.11111100	255.255.255.252

Conclusion:

Subnetting is an essential concept in computer networking. It allows you to divide a larger network into smaller networks, use IP addresses more efficiently, improve network performance, and enhance network security. The subnetting cheat sheet provided in this article will help you understand the basics of subnetting and become a subnetting pro. Remember to use the subnetting formula and follow the subnetting example to subnet a network successfully.

Example 1: Subnetting a Class A Network

Let’s say we want to subnet the Class A network 10.0.0.0/8 to create smaller subnets for different departments in our organization. We want to create 4 subnets with a maximum of 2,000 hosts per subnet.

To create 4 subnets, we need to borrow 2 bits from the host portion of the IP address. This leaves us with 14 bits for the host portion of the IP address, which gives us 16,384 IP addresses (2^14) per subnet.

To determine the subnet mask for each subnet, we need to determine the value of the bits we borrowed. In this case, we borrowed the first 2 bits, which gives us a value of 192 (11000000) in binary. Therefore, the subnet mask for each subnet will be 255.255.192.0.

The table below shows the network address, subnet mask, and valid host range for each subnet:

In this example, we created 4 subnets, each with a subnet mask of 255.255.192.0. This means that each subnet has 16,384 IP addresses available for hosts.

Example 2: Subnetting a Class B Network

As previously mentioned, we have been assigned the IP address 172.16.0.0/16, which means we have 65,536 IP addresses (2^16) available for our network. However, we want to divide this network into smaller subnets.

To subnet this network, we need to borrow bits from the host portion of the IP address. Let’s say we decide to borrow 4 bits to create 16 subnets (2^4). This leaves us with 12 bits for the host portion of the IP address, which gives us 4,096 IP addresses (2^12) per subnet.

To determine the subnet mask for each subnet, we need to determine the value of the bits we borrowed. In this case, we borrowed the first 4 bits, which gives us a value of 240 (11110000) in binary. Therefore, the subnet mask for each subnet will be 255.255.240.0.

The table below shows the network address, subnet mask, and valid host range for each subnet:

In this example, we created 8 subnets, each with a subnet mask of 255.255.248.0. This means that each subnet has 8,192 IP addresses available for hosts.

Example 3: Subnetting a Class C Network

A Class C network has an IP address range of 192.0.0.0 to 223.255.255.0. Let’s say we have been assigned the IP address 192.168.0.0/24 and we want to subnet it. This means we have 256 IP addresses (2^8) available for our network. However, we want to divide this network into smaller subnets.

To subnet this network, we need to borrow bits from the host portion of the IP address. In this case, we will borrow 3 bits to create 8 subnets (2^3). This leaves us with 5 bits for the host portion of the IP address, which gives us 32 IP addresses (2^5) per subnet.

To determine the subnet mask for each subnet, we need to determine the value of the bits we borrowed. In this case, we borrowed the first 3 bits, which gives us a value of 224 (11100000) in binary. Therefore, the subnet mask for each subnet will be 255.255.255.224.

The table below shows the network address, subnet mask, and valid host range for each subnet:

Conclusion

Subnetting can seem daunting at first, but it is an important tool for managing IP addresses and optimizing network performance. By dividing a larger network into smaller subnets, we can reduce broadcast traffic and improve network security. The examples above demonstrate how subnetting works and how to determine the subnet mask and valid host range for each subnet.

If you’re new to subnetting, it’s important to take the time to understand the basics before diving into more complex examples.

For additional resources and information on subnetting;

Subnetting Practice: https://www.subnettingpractice.com/
IP Subnet Calculator: https://www.calculator.net/ip-subnet-calculator.html

In this article, we will provide a step-by-step guide to help you understand IP subnetting.

Step 1: Determine the IP Address Class

The first step in subnetting is to determine the IP address class. IP addresses are divided into 5 classes: A, B, C, D, and E. Classes A, B, and C are commonly used for networking.

Class A networks have a default subnet mask of 255.0.0.0, Class B networks have a default subnet mask of 255.255.0.0, and Class C networks have a default subnet mask of 255.255.255.0.

Step 2: Determine the Number of Subnets Needed

The next step is to determine the number of subnets needed. This is based on the number of departments, locations, or other factors that require separate networks. To determine the number of subnets, you need to borrow bits from the host portion of the IP address.

For example, if you need 4 subnets, you need to borrow 2 bits (2^2 = 4) from the host portion of the IP address.

Step 3: Determine the Number of Hosts Needed per Subnet

The next step is to determine the number of hosts needed per subnet. This is based on the number of devices that need to be connected to the network in each subnet.

To determine the number of hosts per subnet, you need to subtract 2 from the total number of IP addresses in the subnet. The first IP address is used for the network address, and the last IP address is used for the broadcast address.

For example, if you need 100 hosts per subnet, you need to have a subnet that provides at least 102 IP addresses (100 + 2).

Step 4: Create the Subnet Mask

The subnet mask determines the range of IP addresses available for hosts in each subnet. To create the subnet mask, you need to determine the value of the bits you borrowed from the host portion of the IP address.

For example, if you borrowed 2 bits from the host portion of the IP address, you need to determine the binary value of those bits. In this case, the binary value would be 11 (2 bits).

The subnet mask for this example would be 255.255.255.192 (or /26 in CIDR notation). This subnet mask provides 64 IP addresses (2^6 = 64) per subnet.

Step 5: Determine the Valid Host Range

The valid host range is the range of IP addresses available for hosts in each subnet. To determine the valid host range, you need to subtract 2 from the total number of IP addresses in the subnet.

For example, if you have a subnet with a subnet mask of 255.255.255.192, the total number of IP addresses in the subnet is 64. Subtracting 2 gives you 62, which is the number of valid IP addresses in the subnet.

The first IP address in the subnet is used for the network address, and the last IP address is used for the broadcast address. Therefore, the valid host range for this example would be 192.168.1.1 – 192.168.1.62.

Conclusion

Subnetting is an important tool that allows you to optimize your network performance and improve security. By dividing a larger network into smaller subnets, you can reduce network congestion, increase efficiency, and create separate segments for different departments or functions within your organization.

Follow another step by step walkthrough here – https://www.expertnetworkconsultant.com/subnetting/step-by-step-guide-to-understanding-ip-subnetting/

In this article, we will explore VLSM in more detail, including its benefits, how to use it, and common terms associated with VLSM.

What is VLSM?

Variable Length Subnet Masking (VLSM) is a method used to allocate IP addresses to subnets of different sizes. It allows network administrators to divide an IP address range into smaller subnets of varying sizes, depending on the specific needs of the network. This is in contrast to traditional subnetting, which involves dividing a network into equal-sized subnets.

Benefits of VLSM:

The primary benefit of VLSM is that it allows network administrators to make more efficient use of IP addresses. By dividing an IP address range into smaller subnets of varying sizes, it is possible to allocate IP addresses more precisely, reducing the number of unused IP addresses.

Another benefit of VLSM is that it allows for flexibility and scalability. Network administrators can adjust the size of subnets as needed to accommodate changes in the network, such as the addition of new hosts or the creation of new subnets.

How to use VLSM:

Using VLSM involves the following steps:

For example, suppose you need to allocate IP addresses to a network with the following requirements:

100 hosts for subnet A
50 hosts for subnet B
25 hosts for subnet C
To use VLSM to allocate IP addresses to these subnets, you would follow these steps:

Convert the number of hosts required for each subnet into binary form:
Subnet A: 100 hosts = 01100100
Subnet B: 50 hosts = 00110010
Subnet C: 25 hosts = 00011001

Determine the number of bits required to accommodate each binary value:
Subnet A: 7 bits
Subnet B: 6 bits
Subnet C: 5 bits

Add the number of bits determined in step 2 to the original subnet mask to create a new subnet mask:
Subnet A: 255.255.255.128 (original mask) + 7 bits = 255.255.255.254 (new mask)
Subnet B: 255.255.255.128 (original mask) + 6 bits = 255.255.255.192 (new mask)
Subnet C: 255.255.255.128 (original mask) + 5 bits = 255.255.255.224 (new mask)

Divide the network into subnets using the new subnet masks:
Subnet A: 192.168.1.0/25
Subnet B: 192.168.1.128/26
Subnet C: 192.168.1.192/27
Common terms associated with VLSM:

Benefits of VLSM
VLSM offers several benefits, including:

Efficient use of IP address space: VLSM allows network administrators to divide an IP address space into smaller subnets, which reduces the number of IP addresses wasted on unused subnets.
Flexibility: VLSM provides flexibility in the allocation of IP addresses, allowing administrators to create subnets of various sizes.
Scalability: VLSM allows for the creation of subnets of different sizes, making it easier to scale a network as it grows.
Improved network performance: By creating smaller subnets, VLSM reduces the size of broadcast domains, which can improve network performance.

In conclusion, VLSM is a powerful technique that allows network administrators to divide an IP address space into subnets of variable sizes. VLSM offers several benefits, including efficient use of IP address space, flexibility, scalability, and improved network performance. By using VLSM, network administrators can optimize their network and improve its overall efficiency.

Network Access Control (NAC) is a crucial component of modern-day network security that allows organizations to restrict access to their networks and systems to authorized users and devices. NAC helps to ensure that only trusted devices and users can access sensitive information, preventing potential security breaches and protecting critical data. In this article, we’ll take a closer look at what NAC is, how it works, and why it’s essential for organizations to implement it as part of their overall cybersecurity strategy.

What is Network Access Control (NAC)?

Network Access Control (NAC) is a security technology that controls access to network resources based on predefined policies. NAC systems are designed to verify the identity of devices and users attempting to access a network, ensuring that only authorized users and devices are granted access. NAC systems are typically deployed at the network’s edge, such as firewalls or switches, and are used to enforce security policies and restrict access to network resources.

How Does NAC Work?

NAC works by controlling access to network resources based on predefined policies. Before a device or user is granted access to a network, they must be authenticated and authorized. NAC systems use a variety of methods to verify the identity of devices and users, including digital certificates, biometric authentication, and two-factor authentication.

Once a device or user has been authenticated, the NAC system checks their compliance with security policies, such as antivirus software updates and patch management. If the device or user is compliant, they are granted access to the network. If not, they are denied access or placed in a quarantine zone until they can be brought into compliance.

Why is NAC Important for Organizations?

NAC is essential for organizations because it helps to ensure that only authorized users and devices can access their networks and systems. This is particularly important for organizations that handle sensitive data, such as healthcare providers, financial institutions, and government agencies.

NAC helps to prevent security breaches by ensuring that only trusted devices and users can access sensitive information. It also helps to enforce security policies and ensure that devices are up to date with the latest security patches and antivirus software updates.

Furthermore, NAC helps organizations to comply with regulatory requirements, such as HIPAA and PCI DSS. Compliance with these regulations is essential for organizations that handle sensitive data, and failure to comply can result in severe financial penalties and reputational damage.

Implementing NAC in Your Organization

If you’re considering implementing NAC in your organization, there are several factors to consider. First, you’ll need to assess your organization’s security needs and determine which NAC solution is best suited to your needs. There are several NAC solutions available, ranging from basic solutions to more advanced systems that integrate with other security technologies.

You’ll also need to consider your budget and the resources required to deploy and maintain your NAC solution. NAC solutions can be complex, and you’ll need to ensure that you have the necessary expertise and resources to manage your solution effectively.

In Conclusion

Network Access Control (NAC) is a critical component of modern-day network security that helps organizations to restrict access to their networks and systems to authorized users and devices. NAC helps to prevent security breaches, enforce security policies, and ensure compliance with regulatory requirements. Implementing NAC in your organization can be complex, but it’s essential for organizations that handle sensitive data and want to ensure that their networks and systems are secure.

Juniper has a very interesting article on the above subject.