If you spend your day troubleshooting networks, or are about to take an exam that deals with networking, you will often need to find out details about a network. What is its range? How many hosts are supported? What should the subnet mask be? In this post I’ll show how subnetting using the magic number can be used to quickly work these out.

In the real world most just use a calculator, but subnetting using the magic number can be very fast if the tables are to hand. In exams however calculators are rarely available. Writing binary is a great way to find yourself out of time!

I won’t cover why all of this matters (administrative responsibility, route summarisation, broadcast domain size management etc) and I will try to avoid the maths involved. Sometimes I think it is easier to remember how to do something if you’re not also having to think about why you’re doing it or how it works.

## The Magic Number Table

Magic number | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |

Prefix 1 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |

Prefix 2 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |

Prefix 3 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 |

Prefix 4 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 |

Mask (256-magic) |
128 | 192 | 224 | 240 | 248 | 252 | 254 | 255 |

Wildcard (255-mask) |
127 | 63 | 31 | 15 | 7 | 3 | 1 | 0 |

Looks a bit daunting but you only really need to remember a few things and the rest of the table can be created from those seeds.

## Which Network Is A Host On?

The first thing you should do when troubleshooting any fault is check the basics. It is amazing how many issue relate to misconfiguration, and IP details are very easy to set incorrectly. Always look at the numbers first and make sure they’re sane.

So how does subnetting using the magic number work? Let’s start with something you may be able to answer without the table…

**A host has an IP address of 192.168.177.58/24, what are the network and broadcast addresses?**

Firstly, find the column and row associated with the prefix (24 in this case).

That gives us a magic number of 1 and it is in the third prefix row.

This means we are only interested in the third octet which will increase by 1 for each network. If you’re wondering *why* at this point, it’s called a magic number for a reason!

So the following are the networks in our /24 scheme: 192.168.0.x, 192.168.1.x, 192.168.2.x…and so on.

Now that we have found out our networks, we can find out which network our host (192.168.177.58) belongs to. The nearest network boundary less than 192.168.177.58 is 192.168.177.0 so that is the network address.

The broadcast is always one less than the next network address so that will be 192.168.177.255. The reason for that does need a little binary to explain:

178.0 = 10110010 00000000 Subtract 1 = 10110001 11111111

Let’s try a different example.

**What are the subnet and broadcast addresses for a host with the address 10.100.3.191/13?**

Look for 13 in the prefixes. It’s on the second row and the magic number is 8, so our networks will increase by 8 in the second octet.

10.8.x.x, 10.16.x.x, 10.24.x.x … 10.96.x.x, 10.104.x.x …

Our host’s address has 100 in its second octet, so that means it is in the 10.96.0.0/13 network.

Now to work out the broadcast address. The next network is 10.104.0.0/13, subtracting 1 from that gives us 10.103.255.255.

Getting the hang of it? One more time.

**A host has an IP address of 85.42.84.148/255.254.0.0, what are the network and broadcast addresses?**

This time I won’t work it out for you.

I will give you a hint though. You can figure out the prefix to use by cross referencing the mask. In this case we have a mask of 255.254.0.0. If we look up 254 (from the second octet) in the mask row and we look at the second row of prefixes, we find our that this mask corresponds to a CIDR prefix of /15.

You should be able to do the rest from here on out. You should get the following:

Network: | 85.42.0.0 |

Broadcast: | 85.43.255.255 |

Hopefully you did.

## Calculating the number of hosts or networks

A table of binary values is useful here:

n | 2^{n} |
---|---|

1 | 2 |

2 | 4 |

3 | 8 |

4 | 16 |

5 | 32 |

6 | 64 |

7 | 128 |

8 | 256 |

9 | 512 |

10 | 1024 |

11 | 2048 |

And so on… |

**How many hosts are available on the 192.168.177.0/24 network?**

We’ve already got the number of bits used for the network, it’s 24. That means 8 bits are available (32 – 24) for the host however the network and broadcast addresses are not assignable so we need to subtract 2.

8 bits = 256

256 – 2 = 254 possible addresses

Working out the possible subnets in a range is the same, just count the number of bits. I’m sure you’re getting the hang of it by now so let’s bring it together.

**A Contrived Example**

Our regional office has been assigned an address block of 10.123.32.0/20 to use. We’d like to have have one VLAN for each of the departments, plus extra ranges for local servers, voice VLAN, management VLANs etc. At least 20 subnets are needed and all the subnets should be the same size. What subnet mask should we use and how many hosts per subnet will there be?

Looking in the bit value table, the first value equal to or greater than 20 is 32. This requires 5 bits. We need to “borrow” these from the host address. That means each subnet will be /25 and have 7 host bits. Although the brief is for 20 subnets, because we have borrowed 5 bits we can actually have up to and including 32.

Looking at the magic number table we can see a /25 network will increment the forth octet by 128 each time and the mask will be 255.255.255.128.

10.123.32.0/25, 10.123.32.128/25, 10.123.33.0/25, 10.123.33.128/25…

And each subnet will have 126 addressable hosts (7 bits = 128, less non-assignable network and broadcast addresses = 126).

## Subnet Zero

Just when it started to make sense we have one last issue to deal with.

The first and last subnets are called subnet zero and the all-ones subnet. In the past these were not used as it can be a bit confusing whether you are dealing with a subnet or a larger networks. However by not using them you are wasting address space. So since IOS 12.0, Cisco boxes will use these subnets by default. If you are running RIPv1 or IGRP, firstly why (!), secondly you will need to tell the routers to not use subnet zero:

no ip subnet-zero

You need to be careful when you run that command. Depending on your network design and requirements the consequences can be far reaching.

In the context of our previous example, if a change in requirements meant that we needed 32 subnets out of our /20 block (not the 20 as before) whether or not subnet-zero is enabled makes a big difference.

With subnet-zero, we can represent our subnets using 5 bits as before. 32 /25 subnets, each with 126 hosts. So everything is fine.

Without subnet-zero, the first and last networks cannot be used for assignment yet we still need 32 usable subnets. That means we need to accommodate a total of 34 subnets (32 + 2 non-addressable). 5 bits can only represent up to 32 possible values, so we now need to ‘borrow’ 6 bits from the host portion. With 6 bits we now have 62 (addressable) /26 subnets, but each subnet only has 62 hosts.

In the real world it would probably result in extensive reconfiguration across many systems e.g. static hosts and router interfaces may need readdressing, DHCP scopes reworked, ACLs and firewall rules rewritten, the list goes on. That would be bad.

Cisco’s document on Subnet Zero and the All-Ones Subnet has more information.