All we at home have a basic network composed by our router and some that another device connected by cable LAN and, the majority by WIFI connection.
In the companies, when we have the necessity to optimize and to separate networks for different intentions, we must create what it is called, subnetworks.
In the image we can see a graph of how two independent subnetworks can be obtained, each with different jobs. We will see the basic concepts To calculate the subnetworks.
Because we created divisions of subnetworks?
We can summarize the reasons in:
1 It avoids unnecessary diffusions
The computers of a network, send can send information to any PC that is within its same network (to this diffusion is called to him). The diffusions must so much to programs that are being executed in the PC by requirement of the user (legitimate) or by which they have settled of causal form, as are the virus and malware.
If we have a small network, perhaps this is not gotten to notice, but the thing changes if we have a network composed by thousands of users. Then this diffusion can bring about a chaos in the network causing that slows down
It is necessary to consider that those diffusions are not sent beyond subred of a user, and therefore, to create smaller subnetworks, does of the problem, something much more bearable. Evidently, the subject of the virus and malware it would be necessary to solve it.
2 It increases the options of security
All network has sensible elements but and of special taken care of. If those elements are in a common network, from all the sites it is possible to be acceded and to attack.
To separate the vital parts in special subnetworks, allows to implement special safety measures, as fire-guards (firewalls).
The fire-guards are formed so that only the subnetworks authorized have access to the servers who contain those sensible parts of the system.
3 It simplifies the administration
In a company there are several departments with different requirements of access. If we want to do administrative changes are always better to do it on subred that the users of each department contain that to do put it to position
4 It controls the growth
The companies change and, the ideal, is that they grow throughout the time. That takes implicit to extend the different subnetworks that are needed in the future.
We put an example. The network 192.168.2.0, with a 255.255.255.0 mask, gives rise to have 256 nodes, that if we cleared the one of network and diffusion, we have left 254.
If by some reason, the company increases, can be created another one subred of the 192.168.3.0 type giving rise to other 254 nodes. If the network needs but computers, we will have to touch the mask of subred of the 255.255.0.0 form.
Creation of subnetworks within a network
In the image superior we have the objective of the subject. To create three subnetworks for our center so that, sharing a common infrastructure, each subred has different privileges. For example, if we have a servant in subred of professors with the examinations of the present course, it would have to be prot©g©s and accessible only from the network of professors. We will begin reviewing a little conversion of the binary system to decimal
1 Convierte a binary value to a value decimal
We are going to have values of type 11001111, that is octets of 0 and 1. It stops to express it in decimal we must look at the consideration of each position. We remember that this was made multiplying the lifted coefficient by 2 to the position that occupies the bit, that is to say, each position is a value that can be obtained from the following table
In the green row we down indicated the consideration of the bit and the value that it gives us. For example, the 11000000 would be:
2^7 + 2^6 + 0*2^5+0*2^4+0*2^3+0*2^2+0*2^1+0*2^0 = 128 + 64 = 192
Activity. To calculate the corresponding decimal of
2 Classes of IP
We already saw in the previous subject that it exists up to five classes of networks IP. We are going away to center in the three first to make the activities.
We remember that:
Class A = 0.x.x.x to 127.x.x.x (it begins in 0 until the 127 in the first octet)
Class B = from the 128 to the 191, that is - > 128.0.x.x to 191.255.x.x
Class C = From 192,0 to 223,255, that is - > 192.0.0.x to 223.255.255.x
Activity 1. It looks for some examples of sites where they use each one of the classes
Activity 2. To say to that class belongs the following networks
Activity 3. Given the IP, to say that it leaves from her it belongs to the network and who leaves to host, for example, for a 192.168.1.1, the 192.168.1 are the part of network and the 1 of the end is of host
2,1 Ways to indicate the IP and the mask
When we spoke of the parameters of connection of host to the network, we have a value of IP and a value of mask.
It exists two forms common to indicate them, that we detailed
- a) Extended form. In this case, binary form or decimal of form IP is indicated the 4 octets of each in - > 188.8.131.52 mask 255.255.255.0
- b) Reduced form. The IP is put and it is finished with a number that indicates about (1) that it contains the mask. The previous example is as 192.168.8.1/24(thepartinredindicatestheIPandgreenthemask)
Activity 4. To express in reduced form the network with IP 172.16.2.5 (has mask of 255.255.0.0. Because? )
3 Creation of subnetworks
In order to begin, we will design two subnetworks.
We have, in the practices of router we put the data of IP and mask as
IP - > 192.168.1.0
Mask - > 255.255.255.0
This says to us that we are going to be able to connect 254 computers within that network. All of them home by 192.168.1.X
That is thus because the mask marks the bit to us that can vary.
We are going to pass this to binary. We have the following thing
IP - > 11000000.10101000.00000001.00000000
Mask - > 11111111.11111111.11111111.00000000
We see that the 1 of the mask does not leave change the corresponding octet of the IP, and when he is 0 it only is when it can vary the bits of the octet.
What happens now if we changed the mask and we put a bit but to one. We have the following thing:
Mask - > 11111111.11111111.11111111.10000000 Implica that:
IP (1) - > 11000000.10101000.00000001.00000000
IP (2) - > 11000000.10101000.00000001.10000000
Result. The change to 1 of that bit (marked in green) causes that the corresponding bit can vary from 0 to 1 and, therefore, to create two subnetworks, one that begins by the 0 and the other that begins by the 1 (within the last octet)
We have obtained the two networks, that in form decimal would be:
192.168.1.0/ 25 and 192.168.1.128/25
To fix to you that the end we indicated the bit of the mask with the number of which it has. Before we had veinticuatros some and now 25.
We follow ahead .....
We will create 4 subnetworks
Before we have seen that:
If lame a bit but of the mask I have seen that I can create two subnetworks
If lame 2 bits, I can obtain 4 combinations of subnetworks given by 00, the 01, the 10 and the 11
I must take two bits but to the mask to obtain the 4 subnetworks.
The form that it must have the mask now is
11111111.11111111.11111111.11000000, that is to say, now I have 26 bits to 1 in the mask.
As the 0 indicates that it can vary the value of the bit of the IP, I have the following IP
When doing 4 subnetworks, I have 6 bits that can vary in the rank of the IP, that means 2^6 = 64 IP. If we cleared the two that is used for network and broadcasting, we have left 4 subnetworks to connect 62 computers in each.
We sent ourselves one but great one. For the network 192.168.1.0 with 255.255.255.0 mask, to obtain 8 subnetworks of 30 positions each.
It is possible.
How we have to put the mask?
First that we must do is to respect the IP of network and the one of broadcasting, and therefore, we must clear 2 * 8 = 16 IP
Of the 256 that has an octet (2^8 = 256 computers or IP), we it has left:
256 16 = 240 computers that can be connected
As we must have 8 networks and in each we want 30, it leaves to us just, since:
8 networks by 30 = 240 IP
But how we selected each subred. Then with the mask of subred, so, if we have 8 networks we are going to need we see
- If lame a bit but of the mask I have seen that I can create two subnetworks
- If lame 2 bits, I can obtain 4 combinations of subnetworks given by 00, the 01, the 10 and the 11
- If now volume 3 bits but of the mask, I have 2^3, that is to say, combinations 8 subnetworks. Then already it is, I must borrow other 3 bits but and to put them to 1 within the mask, that is going to stay to us as:
We have happened to have one
Mask origin: 11111111.11111111.11111111.00000000 (255.255.255.0)
Extended mask: 11111111.11111111.11111111.11100000 (255.255.255.224)
Important: As of this moment, we must use the mask extended for each one of the subnetworks.
We will see since it has been us the table of the 8 networks. We show how they are the 4 first subnetworks and the rank of domain of the IP in each of them:
We explain a little. Network 0 has as first direction 192.168.1.0 used for the network (device in charge that on watch to subred). Soon we have a rank found that goes from first 192.168.1.1 until the last one 192.168.1.30. The one of broadcasting is 192.168.1.31
Activity 5. Network 6 and 7 completes the table adding
Activity 6 Crear the 120 necessary subnetworks so that they contain host minimum, taking into account that IP: 184.108.40.206 with Mask: 255.255.255.0. To calculate the IP of network, broadcast and rank of each subred
Example 2. To create 8 Subredes of the network with IP 220.127.116.11 and M¡scara: 255.255.254.0. We want that each network has a minimum of 60 host
1 Vemos that the mask is going to allow to us what asks to us, thanks to the fact that has released a 1. I explain myself. We have
Mask = 11111111.11111111.11111110.00000000
That mask allows us to create 2^9 host = 512 host
And 60 positions by 8 networks = 480. Therefore it is possible
2 Vemos the bits for the subnetworks within the mask. We create the extended mask.
For 8 subnetworks 3 bits are needed, therefore the amplicada mask stays as
3 Veremos how they are the subnetworks
We are going to put in binary the IP of 18.104.22.168 origin that in binary is
As the extended mask allows to vary 3 bits extra we have it first combination is to replace the three corresponding bits of the IP by 000
This gives rise a
or what is the same in decimal, we have the IP of network 22.214.171.124
The last direction will be the marked one by 10110100.00001010.00000000.00111111, or in decimal 126.96.36.199
We pass to 2 subred. In this case, 2 combination of those 3 bits that vary is the 001, therefore we now put it in the IP and we have left 2 subred as
10110100.00001010.00000000.01000000 that in decimal is 188.8.131.52
and last of that subred is 10110100.00001010.00000000.01111111 or in decimal 184.108.40.206
4 If we followed this procedure, we have the following values stops
|Network||IP of network||broadcast|
Example 3. To design 100 subnetworks that a minimum of 130,000 contains host if we counted on an IP 10.0.0.0 and M¡scara: 255.0.0.0. To obtain the IP of network, rank and broadcast of number 0, 76 and the last one, the 99
1 130,000 is many, and we will have to know whichever bit we needed. In order to calculate we must them conduct the operation of 2^x = 130000, or major of that number.
We already know that for 8 bits we have 256, each bit otherwise it means to multiply by 2 host, therefore
We already know that we needed 17 bits to create that subred
2 Veremos the extended mask.
We leave from the 255.0.0.0 mask. We need some bits to create the 100 networks and others for the rank of the IP.
For the 100 networks they are required to take 9 bits, that added to the 17 calculated before, we have 26 bits. We are going to indicate the new extended mask
With the new mask and for the first network, we have
- Network 0
- Direction of subred: 10.0.0.0
- Direction of subred in binary form: 00001010.0000000.00000000.00000000
- Direction of broadcast: 10.1.255.255
- Direction of broadcast in binary form: 00001010.00000001.11111111.11111111
We are going to see another one but.
We observe that the advance of positions of each IP is of 2 complete octets, therefore, the complete table would be as
We see the relation. To each value of network, the home is obtained multiplying by 2, therefore for 76 he would be (76 *2 = 152) - > 10.152.0.0 until the 10.153.255.255
4 Masks of subred of variable length (VLSM)
In the seen cases previously we have it creation of the subnetworks has supposed to have the same amount of directions of host available.
Actually it does not happen that the necessity of each subred requires the affections number of host. In the example of the University, subred of students would have of being much greater than the one of professors. This waste of host is solved with the technique of the VLSM
We will see a VLSM example
We need to create a system of subnetworks that meets the following requirements:
- Network To must contain 14 hosts
- Network B must contain 28 hosts
- Network C must contain 2 hosts
- Network D must contain 7 hosts
- Network D must contain 28 hosts
The first network needs 14 host. The number of bits that is needed is 2^4 = 16, therefore with 4 bits we covered them. The mask will be to /28 (255.255.255.240)
For subred B it is come equal, but as hosts needs 28, the 5 bits are needed now last and, therefore, the mask we have left B /27 (255.255.255.224)
For the rest, the procedure is the same. We obtain:
- C /30 (255.255.255.252)
- D /28 (255.255.255.240)
- E/27 (255.255.255.224)
The ranks of the subnetworks, home by the major for greater facility, will be
to realise the allocation in this way:
network B: 220.127.116.11/27 rank 1 to 30
network E: 18.104.22.168/27 rank 33 to 62
network A: 22.214.171.124/28 rank 65 to 78
network D: 126.96.36.199/28 rank 81 to 94
network C: 188.8.131.52/30 rank 97 to 98
Activity 7: We have a direction 192.168.7.0 /24 and we want to have 3 subnetworks with a 50 minimum of hosts within each subred. To obtain the Mask of extended network, the amount of host that has each subred and the rank of each subred.
Activity 8. We have the direction Direction of Network of class B 184.108.40.206 and want to create 1000 useful subnetworks with 60 hosts minimum. To calculate rank, hosts of each network, etc
Activity 9. To calculate if a device with IP 172.16.17.30/20 and another one with B with IP 172.16.28.15/20 is within the same network
In order to make subnetworks and to take into account the own configurations, we did not lower the program to tracer of Cisco and will make the activities that are indicated next
1 Practica 1. Practice totally tutored where we must mount swich next to several PC. We have it in the DRIVE
2 Practical 2. We will make two subnetworks with the following characteristics:
- NETWORK 1 has IP of network 192.168.10.0, IP of 192.168.10.127 diffusion and mask 255.255.255.128
- NETWORK 2
- it has IP of network 192.168.10.129, IP of 192.168.10.255 diffusion and mask 255.255.255.128
- Each subred has 4 PC
- To add swich to each subred and to router to communicate the two subnetworks. To verify that communication between 1 PC of the NETWORK exists the 1 and last PC of network 2
3 Practice 3.
a) To implement 3 networks (formed each by 4 PC and swicth) of the three private classes (To, B and C). To have well-taken care of with the configuration of IP and masks of network in each one of the networks.
b) To verify that they exist communication between each PC of each network
c) To connect to router to communicate class B and the C. To do ping from 1 computer of class B to the last one of class C.
IOS. Commandos of intarface for Cisco
A step but. Now we will put with greater depth in the programming of devices (terminal, routers, etc) so that they carry out specific tasks. A control of the network is going to us to grant better answer and domain of the same.
We put an example, that will serve as tutored practice (to follow the steps and will leave to you)
Within the instructions that IOS has, the access lists exist, that serve so that some are executed certain tasks. He is something as well as to tell him to the device that you want that it does with the traffic of the devices that there are in the network, that privileges that each has, etc.
Real situation. We have three networks (it is worth the practice of the previous exercise) and want to put in network C a printer. We put it and we connected to free an Ethernet port of swich, but I only want that the users of network C have access and I do not want that from B or that printer (Capito is seen? ). Then the practice comes here. to make the steps as I indicate
What we are going to do is to enter that console, to be able to publish it and to create a list where says that the printer does not have to leave network C.
4 Practical control of printer
- On the previous network, to mount a printer in network C. To verify that communication between the printer and any device of any network exists
- Creation of ACL. We go to the console of the Router and punctured in eyelash CLI. In order to be able to publish the list, first we must enter way edition. This makes happen of the Router> form to Router#. In order to obtain this, we put the word inable
- We already are in Router#. In order to be able to create the list we entered way configuration. For it we put forms terminal. Now we are going to have the line with an entrance as Router (config) #
- The printer is connected to swich and has a direction IP 220.127.116.11. In order to avoid that the rest of the PC that is not in network C enters the printer, we wrote the following thing: Access-list 1 deny 18.104.22.168 0.0.0.0
- Explaining a little the one of above, to say that Access-list 1 creates the list with I number 1 (it can be another one I number from the 1 to the 99). Soon deny, that it indicates to deny, soon the IP of the printer and soon the mask indicating that it is that IP and any more. If the mask were 0.0.0.255, it would indicate that it would be all the complete network.
- As we want to leave traffic to the rest of the PC, we must indicate it of the form: Access-list 1 permit any
- Now we must say when router in that port must apply it. For it we wrote interface FastEthernet 2/0. Tenth 2/0 because it is the name of the Ethernet port that is connected to swich of the printer
- Finally, to put IP Access-group 1 in indicating that it is applied to the network
We can summarize all this in the following thing
Router# forms terminal
Router (config) # Access-list 1 deny 22.214.171.124 0.0.0.0
Router (config) # Access-list 1 permit any
Router (config) # interface FastEthernet 2/0
Router (config-if) #ip Access-group 1 in
I am going to see what I have formed. For it I have written
Router#show Access-list 10
And I have as answer the following thing
Standard IP Access list 10
deny host 126.96.36.199 (8 match (it is))
permit any (4 match (it is))
All good. It says me that 8 do not have access to the printer and 4 yes (those of my network C)
Once finalized, to verify that from another PC of the network To or B it is not possible to be acceded to the printer.
Extra practice. This task scores of extraordinary form and it only must become if time is had and an extra in the note is wanted. It looks for information on the internet on the system OSI of Cisco and the lists and creates a new network (two networks C for example) where they exist some PC with privileges on others.
For that task, it can come well these pages
- http://aprenderedes. com/2006/11/proceso-of-configuration-of-acl/
- https://www.cisco. com/c/es_mx/support/docs/ip/access-lists/26448-ACLsamples.html#anc6
5 Static routing (2 to router) Packet Tracer
This practice can be seen in the following connection:
Although in the video is a single PC by network, to add another one but by each network. We must make two networks of type C, with two swichs and two routers, that will be connected by serial interface. The steps to follow are:
1. - We created two subnetworks of class C. For example: 24 192.168.1.0/and 188.8.131.52/24 with 2 PC in each subred.
2. To connect 2 switch one for each subred.
3. To connect 2 both to router. That one does not forget to activate the doors of connections
4. To add the serial interface of router (WIC-2T). You do not forget to extinguish to router to add this interface.
5. To follow the procedure that is indicated in the video
6 Mirar the configuration and, to repeat the practice without making use of the commandos OSI
Solutions to the exercises
- host by subred = 62 host
- Rank Network 0: 192.168.7.0 > 192.168.7.63 62
- Rank Network 1: 192.168.7.64 > 192.168.7.127 62
- Rank Network 2: 192.168.7.128 > 192.168.7.191 62
- Rank Network 3: 192.168.7.192 >192.168.7.255
- The mask by defect is the 255.255.0.0
- As we needed 1000 networks, we needed given 10 bits (2^10 = 1024)
- The extended mask remains in 11111111.11111111.11111111.11000000
- The mask extended in decimal is 255.255.255.192
- Number of created subnetworks 1024 2 = 1022 (2 for the network take off)
- Number of host by subred = 2^6 2 = 64 2 = 62
- First network from 184.108.40.206 to 220.127.116.11
Activity 9. a = are 20 172.16.17.30/and B with IP = 172.16.28.15/20 within the same network?
- We determine subred to which the A belongs:. The IP in binary form is 10101100.00010000.00010001.00011110. The mask has 20 Some, that it gives us in binary the 11111111.11111111.11110000.00000000
- We multiply bit to bit (in the suitable order) the bit of the IP with the bit of the mask. We have the value = 10101100.00010000.00010000.00000000 that in its form decimal is 172.16.16.0. We already have subred of that IP.
- We are now going to calculate subred of device B. We do just like before and we have the 10101100.00010000.00010000.00000000 value 172.16.16.0, that is to say.
- We reach the conclusion that both devices are within the same subred