Creation of subnetworks


All we at home have a basic network composed by our router and some that another device connected by cable LAN and, the majority by WIFI connection.

In the companies, when we have the necessity to optimize and to separate networks for different intentions, we must create what it is called, subnetworks.

In the image we can see a graph of how two independent subnetworks can be obtained, each with different jobs. We will see the basic concepts To calculate the subnetworks.

 Because we created divisions of subnetworks? 

We can summarize the reasons in:

1 It avoids unnecessary diffusions

The computers of a network, send can send information to any PC that is within its same network (to this diffusion is called to him). The diffusions must so much to programs that are being executed in the PC by requirement of the user (legitimate) or by which they have settled of causal form, as are the virus and malware.

If we have a small network, perhaps this is not gotten to notice, but the thing changes if we have a network composed by thousands of users. Then this diffusion can bring about a chaos in the network causing that slows down

It is necessary to consider that those diffusions are not sent beyond subred of a user, and therefore, to create smaller subnetworks, does of the problem, something much more bearable. Evidently, the subject of the virus and malware it would be necessary to solve it.


2 It increases the options of security

All network has sensible elements but and of special taken care of. If those elements are in a common network, from all the sites it is possible to be acceded and to attack€.

To separate the vital parts in special subnetworks, allows to implement special safety measures, as fire-guards (firewalls).

The fire-guards are formed so that only the subnetworks authorized have access to the servers who contain those sensible parts of the system.

3 It simplifies the administration

In a company there are several departments with different requirements of access. If we want to do administrative changes are always better to do it on subred that the users of each department contain that to do put it to position

4 It controls the growth

The companies change and, the ideal, is that they grow throughout the time. That takes implicit to extend the different subnetworks that are needed in the future.

We put an example. The network, with a mask, gives rise to have 256 nodes, that if we cleared the one of network and diffusion, we have left 254.

If by some reason, the company increases, can be created another one subred of the type giving rise to other 254 nodes. If the network needs but computers, we will have to touch the mask of subred of the form.

Creation of subnetworks within a network

creation subnetworks

In the image superior we have the objective of the subject. To create three subnetworks for our center so that, sharing a common infrastructure, each subred has different privileges. For example, if we have a servant in subred of professors with the examinations of the present course, it would have to be prot©g©s and accessible only from the network of professors. We will begin reviewing a little conversion of the binary system to decimal

1 Convierte a binary value to a value decimal

We are going to have values of type 11001111, that is octets of 0 and 1. It stops to express it in decimal we must look at the consideration of each position. We remember that this was made multiplying the lifted coefficient by 2 to the position that occupies the bit, that is to say, each position is a value that can be obtained from the following table

2^0 2^1 2^2 2^3 2^4 2^5 2^6 2^7
1 2 4 8 16 32 64 128

In the green row we down indicated the consideration of the bit and the value that it gives us. For example, the 11000000 would be:

2^7 + 2^6 + 0*2^5+0*2^4+0*2^3+0*2^2+0*2^1+0*2^0 = 128 + 64 = 192

Activity. To calculate the corresponding decimal of

  1. 11001100
  2. 01010101
  3. 11100010
  4. 10001100

2 Classes of IP

We already saw in the previous subject that it exists up to five classes of networks IP. We are going away to center in the three first to make the activities.

We remember that:

Class A = 0.x.x.x to 127.x.x.x (it begins in 0 until the 127 in the first octet)
Class B = from the 128 to the 191, that is - > 128.0.x.x to 191.255.x.x
Class C = From 192,0 to 223,255, that is - > 192.0.0.x to 223.255.255.x

Activity 1. It looks for some examples of sites where they use each one of the classes

Activity 2. To say to that class belongs the following networks


Activity 3. Given the IP, to say that it leaves from her it belongs to the network and who leaves to host, for example, for a, the 192.168.1 are the part of network and the 1 of the end is of host


2,1 Ways to indicate the IP and the mask

When we spoke of the parameters of connection of host to the network, we have a value of IP and a value of mask.

It exists two forms common to indicate them, that we detailed

  • a) Extended form. In this case, binary form or decimal of form IP is indicated the 4 octets of each in - > mask
  • b) Reduced form. The IP is put and it is finished with a number that indicates about (1) that it contains the mask. The previous example is as

Activity 4. To express in reduced form the network with IP (has mask of Because? )

3 Creation of subnetworks

In order to begin, we will design two subnetworks.

We have, in the practices of router we put the data of IP and mask as

IP - >  

Mask - >

This says to us that we are going to be able to connect 254 computers within that network. All of them home by 192.168.1.X

That is thus because the mask marks the bit to us that can vary.

We are going to pass this to binary. We have the following thing

IP - > 11000000.10101000.00000001.00000000

Mask - > 11111111.11111111.11111111.00000000

We see that the 1 of the mask does not leave change the corresponding octet of the IP, and when he is 0 it only is when it can vary the bits of the octet.

What happens now if we changed the mask and we put a bit but to one. We have the following thing:

Mask - > 11111111.11111111.11111111.10000000 Implica that:

IP (1) - > 11000000.10101000.00000001.00000000   

 IP (2) - > 11000000.10101000.00000001.10000000 

Result. The change to 1 of that bit (marked in green) causes that the corresponding bit can vary from 0 to 1 and, therefore, to create two subnetworks, one that begins by the 0 and the other that begins by the 1 (within the last octet)

We have obtained the two networks, that in form decimal would be: 25 and

To fix to you that the end we indicated the bit of the mask with the number of which it has. Before we had veinticuatros some and now 25.

We follow ahead .....

We will create 4 subnetworks 

Before we have seen that:

If lame a bit but of the mask I have seen that I can create two subnetworks


If lame 2 bits, I can obtain 4 combinations of subnetworks given by 00, the 01, the 10 and the 11

I must take two bits but to the mask to obtain the 4 subnetworks.

The form that it must have the mask now is

11111111.11111111.11111111.11000000, that is to say, now I have 26 bits to 1 in the mask.

As the 0 indicates that it can vary the value of the bit of the IP, I have the following IP

When doing 4 subnetworks, I have 6 bits that can vary in the rank of the IP, that means 2^6 = 64 IP. If we cleared the two that is used for network and broadcasting, we have left 4 subnetworks to connect 62 computers in each.

We sent ourselves one but great one. For the network with mask, to obtain 8 subnetworks of 30 positions each.

It is possible.

How we have to put the mask?

First that we must do is to respect the IP of network and the one of broadcasting, and therefore, we must clear 2 * 8 = 16 IP

Of the 256 that has an octet (2^8 = 256 computers or IP), we it has left:

256 €“ 16 = 240 computers that can be connected

As we must have 8 networks and in each we want 30, it leaves to us just, since:

8 networks by 30 = 240 IP

But how we selected each subred. Then with the mask of subred, so, if we have 8 networks we are going to need we see

  • If lame a bit but of the mask I have seen that I can create two subnetworks
  • If lame 2 bits, I can obtain 4 combinations of subnetworks given by 00, the 01, the 10 and the 11
  • If now volume 3 bits but of the mask, I have 2^3, that is to say, combinations 8 subnetworks. Then already it is, I must borrow other 3 bits but and to put them to 1 within the mask, that is going to stay to us as:


We have happened to have one
Mask origin: 11111111.11111111.11111111.00000000 (

to one
Extended mask: 11111111.11111111.11111111.11100000 (

Important: As of this moment, we must use the mask extended for each one of the subnetworks.

We will see since it has been us the table of the 8 networks. We show how they are the 4 first subnetworks and the rank of domain of the IP in each of them:

table of 8 subnetworks

We explain a little. Network 0 has as first direction used for the network (device in charge that on watch to subred). Soon we have a rank found that goes from first until the last one The one of broadcasting is

Activity 5. Network 6 and 7 completes the table adding

Activity 6 Crear the 120 necessary subnetworks so that they contain host minimum, taking into account that   IP: with Mask: To calculate the IP of network, broadcast and rank of each subred

Example 2.  To create 8 Subredes of the network with IP and M¡scara: We want that each network has a minimum of 60 host

1 Vemos that the mask is going to allow to us what asks to us, thanks to the fact that has released a 1. I explain myself. We have

Mask = 11111111.11111111.11111110.00000000

That mask allows us to create 2^9 host = 512 host

And 60 positions by 8 networks = 480. Therefore it is possible

2 Vemos the bits for the subnetworks within the mask. We create the extended mask.

For 8 subnetworks 3 bits are needed, therefore the amplicada mask stays as


3 Veremos how they are the subnetworks

We are going to put in binary the IP of origin that in binary is


As the extended mask allows to vary 3 bits extra we have it first combination is to replace the three corresponding bits of the IP by 000

This gives rise a


or what is the same in decimal, we have the IP of network

The last direction will be the marked one by 10110100.00001010.00000000.00111111, or in decimal

We pass to 2 subred. In this case, 2 combination of those 3 bits that vary is the 001, therefore we now put it in the IP and we have left 2 subred as

10110100.00001010.00000000.01000000 that in decimal is

and last of that subred is 10110100.00001010.00000000.01111111 or in decimal 

4 If we followed this procedure, we have the following values stops


Network IP of network broadcast

Example 3. To design 100 subnetworks that a minimum of 130,000 contains host if we counted on an IP and M¡scara: To obtain the IP of network, rank and broadcast of number 0, 76 and the last one, the 99

1 130,000 is many, and we will have to know whichever bit we needed. In order to calculate we must them conduct the operation of 2^x = 130000, or major of that number.

We already know that for 8 bits we have 256, each bit otherwise it means to multiply by 2 host, therefore


Bits Hosts
9 512
10 1024
11 2048
12 4096
13 8192
14 16384
15 32768
16 65536
17 131072

We already know that we needed 17 bits to create that subred

2 Veremos the extended mask.

We leave from the mask. We need some bits to create the 100 networks and others for the rank of the IP.

For the 100 networks they are required to take 9 bits, that added to the 17 calculated before, we have 26 bits. We are going to indicate the new extended mask

255.11111110 .00000000.00000000

With the new mask and for the first network, we have

  • Network 0
  • Direction of subred:
  • Direction of subred in binary form: 00001010.0000000.00000000.00000000
  • Direction of broadcast:
  • Direction of broadcast in binary form: 00001010.00000001.11111111.11111111

We are going to see another one but.

We observe that the advance of positions€ of each IP is of 2 complete octets, therefore, the complete table would be as

Network Home End

We see the relation. To each value of network, the home is obtained multiplying by 2, therefore for 76 he would be (76 *2 = 152) - > until the 

4 Masks of subred of variable length (VLSM)

In the seen cases previously we have it creation of the subnetworks has supposed to have the same amount of directions of host available.

Actually it does not happen that the necessity of each subred requires the affections number of host. In the example of the University, subred of students would have of being much greater than the one of professors. This waste of host is solved with the technique of the VLSM

We will see a VLSM example

We need to create a system of subnetworks that meets the following requirements:

  • Network To must contain 14 hosts
  • Network B must contain 28 hosts
  • Network C must contain 2 hosts
  • Network D must contain 7 hosts
  • Network D must contain 28 hosts

The first network needs 14 host. The number of bits that is needed is 2^4 = 16, therefore with 4 bits we covered them€. The mask will be to /28 (

For subred B it is come equal, but as hosts needs 28, the 5 bits are needed now last and, therefore, the mask we have left B /27 (

For the rest, the procedure is the same. We obtain:

  1. C /30 (
  2. D /28 (
  3. E/27 (

The ranks of the subnetworks, home by the major for greater facility, will be

to realise the allocation in this way:

network B: rank 1 to 30
network E: rank 33 to 62
network A: rank 65 to 78
network D: rank 81 to 94
network C: rank 97 to 98


Activity 7: We have a direction /24 and we want to have 3 subnetworks with a 50 minimum of hosts within each subred. To obtain the Mask of extended network, the amount of host that has each subred and the rank of each subred.

Activity 8. We have the direction Direction of Network of class B and want to create 1000 useful subnetworks with 60 hosts minimum. To calculate rank, hosts of each network, etc

Activity 9. To calculate if a device with IP and another one with B with IP is within the same network



In order to make subnetworks and to take into account the own configurations, we did not lower the program to tracer of Cisco and will make the activities that are indicated next

Practica 1. Practice totally tutored where we must mount swich next to several PC. We have it in the DRIVE

Practical 2. We will make two subnetworks with the following characteristics:

  • NETWORK 1 has IP of network, IP of diffusion and mask
  • it has IP of network, IP of diffusion and mask
  • Each subred has 4 PC
  • To add swich to each subred and to router to communicate the two subnetworks. To verify that communication between 1 PC of the NETWORK exists the 1 and last PC of network 2

Practice 3. 

a) To implement 3 networks (formed each by 4 PC and swicth) of the three private classes (To, B and C). To have well-taken care of with the configuration of IP and masks of network in each one of the networks.

b) To verify that they exist communication between each PC of each network

c) To connect to router to communicate class B and the C. To do ping from 1 computer of class B to the last one of class C.

IOS. Commandos of intarface for Cisco

A step but. Now we will put with greater depth in the programming of devices (terminal, routers, etc) so that they carry out specific tasks. A control of the network is going to us to grant better answer and domain of the same.

We put an example, that will serve as tutored practice (to follow the steps and will leave to you)

Within the instructions that IOS has, the access lists exist, that serve so that some are executed certain tasks. He is something as well as to tell him to the device that you want that it does with the traffic of the devices that there are in the network, that privileges that each has, etc.

Real situation. We have three networks (it is worth the practice of the previous exercise) and want to put in network C a printer. We put it and we connected to free an Ethernet port of swich, but I only want that the users of network C have access and I do not want that from B or that printer (Capito is seen? ).  Then the practice comes here. to make the steps as I indicate

What we are going to do is to enter that console, to be able to publish it and to create a list where says that the printer does not have to leave network C.

4 Practical control of printer

  1. On the previous network, to mount a printer in network C. To verify that communication between the printer and any device of any network exists
  2. Creation of ACL. We go to the console of the Router and punctured in eyelash CLI.  In order to be able to publish the list, first we must enter way edition. This makes happen of the Router> form to Router#. In order to obtain this, we put the word inable
  3. We already are in Router#. In order to be able to create the list we entered way configuration. For it we put forms terminal.  Now we are going to have the line with an entrance as Router (config) #
  4. The printer is connected to swich and has a direction IP In order to avoid that the rest of the PC that is not in network C enters the printer, we wrote the following thing: Access-list 1 deny
  5. Explaining a little the one of above, to say that Access-list 1 creates the list with I number 1 (it can be another one I number from the 1 to the 99). Soon deny, that it indicates to deny, soon the IP of the printer and soon the mask indicating that it is that IP and any more. If the mask were, it would indicate that it would be all the complete network.
  6. As we want to leave traffic to the rest of the PC, we must indicate it of the form: Access-list 1 permit any
  7. Now we must say when router in that port must apply it. For it we wrote interface FastEthernet 2/0. Tenth 2/0 because it is the name of the Ethernet port that is connected to swich of the printer
  8. Finally, to put IP Access-group 1 in indicating that it is applied to the network

We can summarize all this in the following thing

Router inable

Router# forms terminal
Router (config) # Access-list 1 deny
Router (config) # Access-list 1 permit any
Router (config) # interface FastEthernet 2/0
Router (config-if) #ip Access-group 1 in

I am going to see what I have formed. For it I have written

Router#show Access-list 10

And I have as answer the following thing

Standard IP Access list 10
deny host (8 match (it is))
permit any (4 match (it is))

All good. It says me that 8 do not have access to the printer and 4 yes (those of my network C)

Once finalized, to verify that from another PC of the network To or B it is not possible to be acceded to the printer.

Extra practice. This task scores of extraordinary form and it only must become if time is had and an extra in the note is wanted.   It looks for information on the internet on the system OSI of Cisco and the lists and creates a new network (two networks C for example) where they exist some PC with privileges on others.

For that task, it can come well these pages

  •  http://aprenderedes. com/2006/11/proceso-of-configuration-of-acl/
  • com/c/es_mx/support/docs/ip/access-lists/26448-ACLsamples.html#anc6

Static routing (2 to router) Packet Tracer

This practice can be seen in the following connection:

Although in the video is a single PC by network, to add another one but by each network. We must make two networks of type C, with two swichs and two routers, that will be connected by serial interface. The steps to follow are:
1. - We created two subnetworks of class C. For example: 24 with 2 PC in each subred.

2. To connect 2 switch one for each subred.

3. To connect 2 both to router.  That one does not forget to activate the doors of connections

4. To add the serial interface of router (WIC-2T). You do not forget to extinguish to router to add this interface.

5. To follow the procedure that is indicated in the video

6 Mirar the configuration and, to repeat the practice without making use of the commandos OSI

Solutions to the exercises

Activity 3:

  •  host by subred = 62 host
  • Rank Network 0: €“ > 62
  • Rank Network 1:   €“ > 62
  • Rank Network 2: €“ > 62
  • Rank Network 3: €“ >

Activity 4

  • The mask by defect is the
  • As we needed 1000 networks, we needed given€ 10 bits (2^10 = 1024)
  • The extended mask remains in 11111111.11111111.11111111.11000000
  • The mask extended in decimal is
  • Number of created subnetworks 1024 €“ 2 = 1022 (2 for the network take off)
  • Number of host by subred = 2^6 €“ 2 = 64 €“ 2 = 62
  • First network from to


Activity 9.   a = are 20 B with IP = within the same network?

  • We determine subred to which the A belongs:. The IP in binary form is 10101100.00010000.00010001.00011110. The mask has 20 Some, that it gives us in binary the 11111111.11111111.11110000.00000000
  • We multiply bit to bit (in the suitable order) the bit of the IP with the bit of the mask. We have the value = 10101100.00010000.00010000.00000000 that in its form decimal is We already have subred of that IP.
  • We are now going to calculate subred of device B. We do just like before and we have the 10101100.00010000.00010000.00000000 value, that is to say.
  • We reach the conclusion that both devices are within the same subred