Variable subnetting mask help

Posted on 2005-05-13
Last Modified: 2011-10-03
I have class b address of and one of the techicians came up with the following:

1st floor = - (max host/subnet 254). Additional subnets requiring a mask of = -

2nd floor = - (max host/subnet 126). Additional  subnets requiring a mask of = -

I know that he subnetted the orginal class B address using VSLM. However, what i don't understand is this. The 1st floor subnet mask should give me:

11111111.11111111.11111111.X and the third octet should allow me the following: 00000001 - 11111110 in subnets. So   the available subnets should be from to for the first floor. Why is it to .31 only?  

As for second floor, the subnet mask produces the following 11111111.11111111.11111111.10000000. How does he end up with a subnet begin .32?

Can someone explain this to me? I am confused


Question by:iamuser
    LVL 25

    Expert Comment

    it only goes to 31 b/c the address space thru is reserved for private IP addressing.  You could of course use 172.32.x.x but those addresses aren't reserved for private use (meaning they are "real" public IPs).  Bascially your technician messed up by using the 172.32.x.x range.  

    LVL 25

    Expert Comment

    FYI, the standard for this is defined by RFC 1918.
    LVL 25

    Expert Comment

    oops, i think i misunderstood your question after i re-read it.  I thought you were talking about private IPs but after i re-read it im not sure anymore.   But let me ask a few questions:

    1.  you start off by saying you have class B address range of  do you mean this was the range assigned to you by your ISP?  If so thats alot of addresses (over a million)

    2.  later you start talking about the address range which is a different range of addresses all together. are we dealing with 172.38.x.x pr 172.32.x.x????

    3.  you later say "So the available subnets should be from to for the first floor. Why is it to .31 only?"... where are you getting the 31 from?  i think he stopped at 31 b/c of the RFC 1918 i mentioned earlier, but that RFC only applies if you are using the private class B range of thru

    Author Comment

    My fault i wrote that wrong,

    I meant on the first floor, the subnet mask is
    11111111.11111111.11111111.X so the third octet should allow me the following: 00000001 - 11111110 in subnets. So the available subnets should be from to But instead the technican has this written down: Additional subnets requiring a mask of = - Is there any reason why he stoped at .31?

    Secondly, the second floor has a subnet mask of on the same class b address 172.38.0.X The technican ended up with starting subnet of

    And on the third floor he has the same subnet mask of but with the addressing of -

    but the subnet mask is -> 11111111.11111111.11111111.10000000, (borrowed 9 bits). How did he end up with a subnet starting at 172.38.32.X?

    So far It looks like the techican took one of the subnets and subnetted it again into two 126 host subnets. But i am not sure.

    LVL 25

    Expert Comment

    bascially it doesn't seem like he knew what he was doing. There is no reason to stop at 31 unless he was just confused about the RFC i mentioned earlier but that doesn't even apply here.  

    with a mask of the starting point of the subnet isn't  with a mask of you are subnetting the 4th octet, not the third anyway.  why he didn't go to 172.38.2.x i dont know. it would make much more sense than jumping to 32 from 1 wouldn't it?   it would make much more sense to have 172.38.1.x for the first floor and 172.38.2.x for the second floor and so on.  that way the third octet number would match the floor number which would be easier to keep track of.  

    him stopping at is totally incorrect. with a mask of on the range is thru  Again, he didn't what what he was doing.

    you might want to use a subnet caclulator to do the math for you.  here is an easy web-based one that i use:

    also, let me correct myself before someone else does... would give you 65534, not over a million like i said earlier,,, i was thinking about the thru block which has a /12 mask, not /16.

    Author Comment

    I rummaged around and I finally found some of his notes. (He's no longer here) according to his notes. He started with
    the original class b address of and subnetted it with which of course gives him available subnets from 172.38.1.X - 172.38.254.X.

    For whatever reason he decided to reserve the first 32 subnets for the first floor (can't read the reasoning behind it, smudged) which is .1-.31

    He took the 172.38.32 subnet. This is where he got his - and - ip from.

    Looks like he treated the 172.38.32.X subnet as if it was a class C address and resubnetting it by borrowing 1 bit from the 4th octet.

    Regardless if he was insane or not in his approach to dishing out ips was his subnetting technically correct?

    One more thing:

    I was told that both of these are on the same subnet.  / /

    How is this possible? If you borrowed 6 bits from the third octet shouldn't the last remaining 2 bits be added to the host instead of the subnet?. Why is it added to the subnet instead?

    X.011100 + 11.  = .115
    X.011100 + 10.  = .114

    If this is possible then I assume the very first subnet availabe on would be 160.149.4.X (X.000001 + 00.X) - 160.149.7.X (X.000001 + 11.X) right?


    LVL 27

    Accepted Solution

    Ok, let met start from the easiest first. (mask has 10 bits in the host portion and 22 bits in the network portion.  It's "naturally" a "class B" network (with 16 network bits) so, it's subnetted with 6 bits.  In other words, it's like this:
    NNNNNNNN.NNNNNNNN.SSSSSSHH.HHHHHHHH where N=network, S=Subnet, and H=Host.

    Now we're working on the 3rd octet, as you said.  We're borrowing 2 bits from the host portion.  A quick and easy cheat is that 2^2 bits borrowed = your "network incrementer".  So, starting with 0, the networks are going to go like this:
    .0, .4, .8, .16, .20, ... .108, .112, .116.  Notice that last range.

    This means your subnet goes from through (.0 is network, and .255 is broadcast).  So, this means that and both /22 are on the same subnet, which is 1022 addresses in size.

    I'll seperate the other part into a different post.
    LVL 27

    Expert Comment

    Forget about it, it doesn't make sense to me.  It looks like he was trying to design for summarization, which is admirable, but there's chunks missing.

    On the first floor, What happened to the subnet?  Can't use it - no "subnet zero"?  That's fine.  Why did he leave 29 subnets with 254 hosts each left over?

    On the second floor, subnetting more, he puts in  Why the sudden drop in the number of hosts?  And then he forgets about the subnet he created.

    I'd like to know how many floors you have, how many hosts you have and what kind of growth room you need.
    LVL 25

    Expert Comment

    yes and are both on the same subnet.  if you use the subnet calculator that i posted a link to above you will see that.  If you want to do it the hard way by breaking everything down into binary you can, but there isn't a need for it unless you just really want to get into the nuts and bolts of it for your own understanding.  with a mask of has a begining address of and an ending address of so yes they are both on the same subnet.  thats just the way it is. 2+2=4, thats just the way it is.  I think you are misunderstadning how to manually calculate subnets and that is why you are getting confused.  

    what you are doing by adding things to the IP addresses isn't correct at all (or either you aren't doing that method correctly).   I've never heard of any method where you add anything.  you have to remember, its called a MASK for a reason. it means that you mask out that part of the address, meaining it is irrellevant.  I think you are confusing yourself when you are thinking in terms of borrowing IPs when you are calculating subnets.  

    for example: in binary is 10100000.10010101.01110011.00001000 in binary is 11111111.11111111.11111100.00000000
    so the last 10 digits are irrlevant since they are masked out as far as subnetting goes
    to figure out the network address you convert the host portion to 0s to end up with:
    10100000.10010101.01110000.00000000 as your network address

    to figure out the broadcast address you convert the host portion to 1s to end up with:
    10100000.10010101.01110011.11111111 as your broadcast address

    i put the masks right below the net and broadcast addreeses so you could see whats going on.

    all the numbers between the network address and broadcast address are useable IPs.  that is the nuts and bolts method and works for all masks regardless of which octed. subnetting the last octet is of course easy

    Author Comment

    I see where you are coming from, but i guess what i'm trying to say is this

    we all now that each bit represent a value. there are 8 bits to one octet, each bit representing one value
    1      1    1   1     1  1  1  1  = octet
    128  64   32  16   8  4  2  1  = value for each bit

    So something like this 10000000 would mean 128
    and something like this 10000010 would mean 130 because it's

     1      0    0   0  0   0  1   0  
    128   0    0   0   0   0  2  0  ---->  adding 128 and 2 gives you a number of 130


    10100000.10010101.01110011 = the first 6 bits together of the third octet (the subnet) has a numeric value of 112 not 115.  Beacuse it's 0 + 64 + 32 + 16 + 0 = 112.

    In order to be 115, it needs the remaining two bits which if you notice would have belonged to the host. By adding 112 + 3 (the last 2 remaining bits in the 3rd octet) You get 115 for the value of the third octet.  

    LVL 4

    Expert Comment


    yes, x.x.115.8 and x.x.114.66

    x.x.115.8    = x.x.011100 11.00001000
    x.x.114.66  = x.x.011100 10.01000010
    with mask
    y.y.252.0    = y.y.111111 00.00000000
    now count 011100 & 00 = 01110000 = 112 is a decimal number  of subnet
                         A        B
    here we don't care what is B (host part). To get next subnet we have to increase our subnet number (A) just on one

                    011101 & 00 = 01110100 = 116
                       A+1      ...
    So your 114 and 115 are on the same subnet:

    subnet address:
    valuable hosts: -
    subnet broadcast:

    Hope this is clear. To answer your main question about subnetting your LAN - as mentioned by pseudocyber it's needed more information about number of addresses per floor you need (not only users, don't forget about servers, printers, firewalls and etc.), number of floors, any plans for the future growth.

    LVL 25

    Expert Comment


    as i mentioned earlier this business you are doing with adding and subtracting digits is incorrect and that is what is causing you to come up with incorrect answers. has a third octet of 01110011 = 115 regardless of its subnet mask. The subnet mask NEVER EVER NEVER EVER changes the IP address.  If you think of it like you are doing you will never figure out the correct answer. The subnet mask is used to tell you which subnet the IP address is on.  It will tell you what the NETWORK address is and the BROADCAST address.  All the numbers between the net and broadcast addresses are your usable IPs. If you use the method i  posted above you will never go wrong (as long as you do it correctly).  Or you can just use a subnet calculator which is even easier.  

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    What is IRC? IRC (Internet Relay Chat) is a form of communication between multiple users. It is available freely to anyone with inernet access. IRC is a great way to communicate with others e.g. There is an IRC channel for Ubuntu Linux, which is fo…
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now