1. IP Address

An IP address is a unique number assigned to each device on a network, serving as a digital home address. It ensures that data reaches the correct destination. Within a subnet, an IP address consists of two parts: the network portion, which identifies the subnet, and the host portion, which identifies the specific device. Devices sharing the same network portion are in the same subnet and can communicate directly without a router.

2. Subnet Mask (or Prefix Length)

A subnet mask defines the division between the network and host portions of an IP address. It helps the network identify which part of the address indicates the subnet and which part identifies individual devices. Subnet masks are typically shown in dotted decimal notation (e.g., 255.255.255.0) or CIDR prefix notation (e.g., /24). A longer prefix, such as /26 or /28, creates smaller subnets with fewer devices, while a shorter prefix, such as /16, results in larger subnets. Overall, the subnet mask determines the size and structure of the subnet.

3. Network Address

The network address uniquely identifies the entire subnet, representing all devices in that group rather than any individual device. It is the first address in the subnet range and cannot be assigned to a device. Routers and network systems use this address to recognise and route traffic to the correct subnet. Think of it like a neighbourhood name – it indicates the area but not a specific house.

4. Broadcast Address

Broadcast addresses send messages to all devices on a subnet at once. They are the last address in the subnet range, cannot be assigned to individual devices, and are often used for network discovery and system communications. This allows devices to quickly share information within the subnet without contacting each device separately.

5. Host Address Range

The host address range includes all usable IP addresses within a subnet, which can be assigned to devices such as computers, phones, servers, and printers. These addresses fall between the network and broadcast addresses and are the ones most users interact with directly. They also indicate the maximum number of devices a subnet can support. The subnet mask determines the size of the host range; smaller subnets have fewer addresses, while larger subnets support more.

6. Default Gateway

The default gateway, typically a router, connects a subnet to other networks. Its roles include directing traffic to other subnets or the internet, serving as the exit point for data leaving the local subnet, and enforcing routing and security policies. Without a default gateway, devices can communicate only within their subnet and cannot reach external networks.

7. Broadcast Domain

A broadcast domain consists of devices that exchange broadcast messages. Typically, each subnet forms its own broadcast domain. This is crucial because limiting broadcast traffic to the subnet reduces network congestion and improves performance as the network grows. Additionally, subnets help keep broadcast traffic under control and predictable.

8. Routing Rules and Boundaries

A subnet creates logical boundaries that routers use to determine where to forward data. Instead of blindly forwarding traffic, routers rely on subnet definitions to identify destinations. These boundaries help prevent unnecessary traffic from spreading, enhance security and access control, and enable policies to be enforced on a per-subnet basis.

1. Confusing the Subnet Mask With the IP Address

People sometimes confuse the subnet mask with an IP address, misunderstanding its role. This is a mistake because the subnet mask does not identify a device; instead, it marks the boundary between the network or subnet portion and the host or device portion. Misunderstanding this boundary can cause errors in calculating the network address, broadcast address, usable range, and the number of hosts. To prevent confusion, remember: an IP address identifies a device, while the subnet mask determines the size and boundaries of the subnet.

2. Using the Wrong Prefix Length (CIDR) for the Needed Size

A subnet that is too small may lack sufficient usable addresses, while an overly large subnet can waste address space and increase broadcast traffic. This issue is significant because a small subnet can block device address assignments, necessitating a redesign. Conversely, large subnets waste IP space and can generate unnecessary broadcast traffic. To prevent these problems, estimate your current and future IP needs, including headroom, before choosing a subnet size such as /24, /26, or /28. It's good practice to consider: current devices, anticipated devices (soon to be added), and infrastructure components such as routers, switches, access points, printers, and cameras.

3. Forgetting That Network and Broadcast Addresses Are Not Usable Hosts

Someone assigns either the first or last IP address in a subnet to a device and then wonders why issues occur. This problem arises because, in traditional IPv4 subnetting, the first address is the network address and the last is the broadcast address. Neither should be assigned to hosts. To prevent this, always exclude these addresses when determining usable ranges and use only the addresses in between for device assignment.

4. Creating Overlapping Subnets

Overlapping IP addresses between two subnets can be problematic because routers struggle to route traffic reliably. This can lead to inconsistent routing, connectivity issues, and unpredictable "it works sometimes" behaviour. To prevent this, document all subnets thoroughly and assign each a unique, non-overlapping IP range. For larger setups, maintain an IP plan, such as a simple spreadsheet, to track address allocations.

5. Incorrect Network Address Calculation

Someone might guess the network address instead of calculating it accurately. This can cause problems because an incorrect address affects all dependent elements, including the broadcast address, usable host range, routing entries, firewall rules, and DHCP scope. To prevent this, apply the subnet mask correctly to determine the network boundary. A reliable approach is to find the block size in the subnetting octet, locate the closest valid network "starting number," and verify with binary if needed.

6. Miscalculating Block Size in the "Interesting Octet."

People often find subnetting challenging in the second, third, or fourth octet, leading to errors such as counting by 32 instead of 64 for the increment. This matters because an incorrect block size produces incorrect subnet ranges, which can cause devices to be assigned to the wrong subnet or DHCP to distribute addresses that don't match the configured gateway and mask. To prevent this, it's important to understand block size increments. For example:

• 255.255.255.0 has an increment of 256 (full last octet)
• 255.255.255.192 has an increment of 64
• 255.255.255.224 has an increment of 32
• 255.255.255.240 has an increment of 16

Once you understand the increment, you can accurately determine subnet ranges.

7. Incorrect DHCP Scope Configuration

DHCP may assign IP addresses outside the subnet or include reserved addresses such as the gateway, causing connectivity issues. Devices may appear to have valid IPs but cannot communicate properly, resulting in no internet access, failure to reach the default gateway, or IP conflicts. To prevent this, configure the DHCP scope to match your subnet: specify only the valid host range, exclude reserved addresses such as gateways, servers, and printers, and verify that the subnet mask matches the network's actual mask.

8. Using Multiple Subnet Masks on the Same LAN Without a Plan

Devices on the same physical network with different subnet masks can cause issues. Even if they share the same IP range, different masks can cause miscommunication about which devices are local. This can result in problems such as one device reaching another but not vice versa, intermittent connections, routing loops, or ARP conflicts. To prevent this, use a consistent subnet mask and gateway within a single VLAN or LAN, unless you're intentionally setting up a more complex network.

9. Forgetting About VLAN Boundaries and Assuming Switching = Subnetting

Someone creates multiple subnets but does not properly configure VLANs or routing, expecting a switch to handle separation automatically. This is problematic because a basic Layer-2 switch cannot route between subnets. For multiple subnets, you generally need VLANs for segmentation, a router or Layer-3 switch for routing, and correct trunk and access port configurations. Remember: Subnetting operates at Layer 3 (IP layer), while VLANs function at Layer 2 (switch segmentation). Though they often work together, they are not the same.

10. Poor Documentation and "Tribal Knowledge" Networking

Subnet decisions are often made informally and without thorough planning, leading to network clutter. This can result in overlapping ranges, inconsistent naming, forgotten gateways, reserved ranges, and security rules that don't align with the actual network design. To prevent this, create a simple subnet plan that includes the subnet name, purpose, network address, prefix, gateway, DHCP range, reserved or static addresses, and VLAN ID if needed. Even a brief one-page document can save hours of troubleshooting.