If you plan on taking the Security+ exam you should have a good understanding of subnetting and availability. I was recently asked a question on the Get Certified Get Ahead Facebook page that is related to this so I posted an excerpt from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide here.
Subnetting
Subnetting divides a single range of IP addresses into several smaller ranges of IP addresses. This is often done to isolate traffic and increase efficiency. You don’t need to know how to subnet for the CompTIA Security+ exam, but you should be familiar with the concept and how it can be used to isolate users onto different subnets. Additionally, you should be able to identify valid IP addresses for computers within a subnet.
As an example, you could have multiple users on a single Class C network. Some of the users may be running applications that stream audio and video across the network. A second group of users may regularly upload and download data via the Internet. A third group may upload and download files back and forth to servers on the network, and a fourth group could be users with just occasional access to the network. By subnetting a single Class C network into four smaller subnets, it isolates the traffic for each of these user groups.
Imagine that the original Class C network is 192.168.1.0 with a subnet mask of 255.255.255.0. It could hold 254 host addresses (192.168.1.1 through 192.168.1.254). You can subnet this into four smaller subnets with each one using a subnet mask of 255.255.255.192 as follows:
- Subnet 1. 192.168.1.1 through 192.168.1.62 use for streaming audio and video.
- Subnet 2. 192.168.1.65 through 192.168.1.126 use for upload and download of files on the Internet.
- Subnet 3. 192.168.1.129 through 192.168.1.190 use for upload and download of files to internal servers.
- Subnet 4. 192.168.1.193 through 192.168.1.254 use for regular users.
By dividing the network into the four subnets, you increase the efficiency by reducing collisions on each individual network. This effectively improves the performance of each subnet.
Subnetting and Availability
If a technician manually assigns a computer with an IP address outside of the subnet range, it loses availability. It will no longer be available on the network and it will lose availability to other resources on the network. While most computers aren’t assigned addresses manually, many servers are and misconfiguration of a server’s IP address has caused more than a few problems.
As an example, each host in Subnet 3 should have an IP address in the range of 192.168.1.129 through 192.168.1.190. If a technician assigns one of the servers in the subnet with an IP address of 192.168.1.10, it loses connectivity. This server will no longer be available to any users on the network. With this in mind, technicians should be able to look at an IP address and determine if it is valid for a subnet.
Take a look at the following four IP addresses, each with a subnet mask of 255.255.255.192. Are any of these on the same subnet?
- 192.168.1.50
- 192.168.1.100
- 192.168.1.165
- 192.168.1.189
Two IP addresses (192.168.1.165 and 192.168.1.189) are both on Subnet 3. You can determine this by looking at Subnet 3’s range, shown previously (192.168.1.129 through 192.168.1.190). If someone used all four of these addresses for servers on Subnet 3, the first two servers wouldn’t have network connectivity.
On the job, you may not always have a listing of IP address ranges handy. However, you will have a calculator. It’s useful to know how to use it. Similarly, if you need a calculator on the Security+ exam, it will be available.
Remember this
You should be able to identify the subnet of IP addresses and verify which IP addresses have the same subnet. If needed, you will have access to a calculator you can use to convert decimal to binary.
Calculating Subnet IP Addresses with a Calculator
Imagine that you have the same four IP addresses (192.168.1.50, 192.168.1.100, 192.168.1.165, 192.168.1.189) with a subnet mask of 255.255.255.192. The challenge is identifying which two are on the same subnet. You need to convert the subnet mask and IP addresses to binary, and this section shows how to do that with a calculator.
The first three decimals (192.168.1) are the same in each IP address. However, the fourth decimal is different in each one, so you can focus on this last decimal for each (50, 100, 165, 189). Also, you only need to focus on the last decimal in the subnet mask (192). You start by converting each to binary. The following figure shows the results.
The following two figures shows two instances of a basic calculator using the Programmer view. On some calculators this is called the scientific view. “Dec” (short for decimal) is selected for the calculator on the left and the number 192 is entered. Next, you’d select “Bin” (short for binary) as shown on the calculator on the right to display the decimal number 192 in binary. You can see it is 1100 0000.
![]() | ![]() |
If you do this for each of the relevant decimal numbers in the fourth decimal of the IPs, you get the results shown in the following table.
Note: When you convert decimal numbers to binary, it doesn’t add leading zeros. However, each decimal in an IPv4 address is represented by eight bits, so you need to add enough leading zeros to show eight bits. Once you add the leading zeroes, you can identify the bits representing the network ID in each IP address.
As a reminder, the subnet mask is 255.255.255.192, and we are only focused on the last decimal (192). The table shows that the first two bits are a 1 in 192, so only these bits are used in the subnet mask for each of the IP addresses. You can see that the first two bits in 165 and 189 are both 10, so only these two IP addresses (192.168.1.165 and 192.168.1.189) are on the same subnet.
Imagine that the subnet mask is 255.255.255.224. Which of the four IP addresses are on the same subnet?
If you convert 224 to binary, it is 1110 0000. You can see that the first three bits are a 1. If you look back at the table, you can see the first three bits of the numbers are:
- 50 (001)
- 100 (011)
- 165 (101)
- 189 (101).
Only 165 and 189 have the same first three bits (101), so only these two are on the same subnet.
Admittedly, there is a lot more to subnetting. However, subnetting is a skill needed for the Network+ exam, which is a recommended prerequisite for Security+. I didn’t attempt to teach it from scratch here, but instead showed a simple way to verify an IP address is accurate for a subnet.
The poster listed the following question. Based on the information in this blog, can you answer it?
Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO).
A. 10.4.4.125
B. 10.4.4.158
C. 10.4.4.165
D. 10.4.4.189
E. 10.4.4.199