IP and Subnets for Dummies



  • Hi all

    Maybe a stupid question but thats why I'm here... I typically support small networks between 1-50 users and have always used the IP subnet range 192.168.x.x / 24

    I'm intrigued about using 10.0.x.x ranges or other subnets...Why would one use another range? I believe for security or bigger range but I'm clueless when it comes to subnetting and understanding the different net masks and getting my head around it hurts!!! So I guess the real question I'm asking is - can someone explain IP ranges and subnets in an dummy/idiot proof guide language and explain the benefits of using specific masks.

    Thanks in advance



  • A 10.x network offers nothing in the way of security over a 192.x subnet from an attackers point of view.

    An end-user sure, someone who wants to get on your network will have no issues at all with a specific IP range.



  • Basically masks are what define your range. If you have a 255.255.255.0 mask you're stating that the entire last octet is devoted to your subnet. To go further than this is not really possible in a post. You're going to have to do some reading about CIDR and learn binary (to an extent).



  • If you are curious, i'd recommend taking the CCNA (Cisco Certified Network Associat) courses. You'll learn more about subnetting and binary than you ever want to know, lol. If you do a lot of networking, it is extremely helpful to know and understand.



  • @Our-Tech-Team said:

    I'm intrigued about using 10.0.x.x ranges or other subnets...Why would one use another range?

    No specific reason. We generally avoid 192.168.0.0/24 and 192.168.1.0/24 because these overlap with so many consumer networks that there can be issues when you want to VPN or something. Other than that, IP addresses are all the same. 10.0.0.0/8 is the largest available range for use, but unless you are in need of thousands of subnets, it is overkill. No reason not to use it, no reason to use it either.



  • @Our-Tech-Team said:

    I believe for security or bigger range but I'm clueless when it comes to subnetting and understanding the different net masks and getting my head around it hurts!!!

    Definitely not for security, not at all. And not for bigger ranges as even 192.168.0.0/16 can go larger than anyone can use. It's for MORE ranges. That's all.



  • I'd love to do the CCNA but thats too expensive and time consuming...I'd just like to learn the basics and understand the theory behind it...I've done a lot of reading and watched videos on it but it can go over my head so was hoping peeps on here could break it down simply and skim the basics....I appreciate theres too much to cover in a small paragraph.



  • A better starting point, IMHO, is the CompTIA Network+. It covers all of this well and is cheap. No need to take the exam, the Exam Cram book is allthat you need.



  • You could also check out the CCNA courses over on Cybrary (http://cybrary.it). I've got an account there and have been checking them out when I have time.

    You are definitely right about it being time consuming!



  • Here's a quick breakdown: http://serverfault.com/questions/12854/cidr-for-dummies. I was going to try to explain most of that, but they're hitting the high points.



  • @scottalanmiller said:

    A better starting point, IMHO, is the CompTIA Network+. It covers all of this well and is cheap. No need to take the exam, the Exam Cram book is allthat you need.

    which book would you recommend?



  • @Kelly said:

    Here's a quick breakdown: http://serverfault.com/questions/12854/cidr-for-dummies. I was going to try to explain most of that, but they're hitting the high points.

    thanks i'll look at this URL in more detail tomorrow



  • That is the one certification I have, @scottalanmiller, the CompTia Net+. We coverdd binary and converting back and forth

    However, I can't say I spend a whole lot of time using it today.. but it still applies.



  • @Joel said:

    @scottalanmiller said:

    A better starting point, IMHO, is the CompTIA Network+. It covers all of this well and is cheap. No need to take the exam, the Exam Cram book is allthat you need.

    which book would you recommend?

    I used the Exam Cram back in the day, it was very good.



  • I finished the Network+ at the end of last September and the Security+ at the end of last December. Here are the resources I used for studying the Network+ material:

    I would suggest checking with your local library to see if they offer free access to Lynda.com. There is a lot of great content available for Network Basics, including Network+ and CCNA specific content. I'm not sure I would have shelled out the cash for access if I didn't already have it available to me through my school. Professor Messer and Exam Cram will probably be more than enough to help with the basics.





  • @Joel

    Everyone's pretty much covered that your IP ranges won't really have any effect for security or anything. But I guess to try to answer a little more of what you're asking, I'd say subnetting is really for situations where you'd walk in to set up a network given guidelines like "We need 20 subnets, with up to 600 addresses on each subnet", or "We need 5 subnets, with however many addresses on each".

    Subnetting's pretty much just the math that lets you take those guidelines and make sure you'll have them covered. Like others mentioned, it's based on binary.

    For example, it ends up on a basic level not really mattering whether you need 600 addresses or 700 per subnet, because everything is based on the pattern 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024...

    Once you need more than 512 addresses per subnet (actually 510 for other reasons), your subnetting results won't change up until the point where you'd need over 1024 (really 1022).

    Solving to make sure you have the number of subnets you need is also based on using that same number pattern to split up the addresses you have to work with.

    Other sites can explain binary counting a lot better than I could try to, but 8 bits of data can work together to represent values from 0 through 255 like we see in those network addresses (256 values total since we started at 0).

    Any address like 10.2.208.144 doesn't tell us much by itself about what's going on around it, but if you know what the mask is from /8 to /31 or so, it'll be enough to figure out the usable range of how many other addresses might be in its network, what the subnet's broadcast address is, where the next subnet starts, and how many other subnets you have to work with.

    I watched Jeremy Cioara's CBT Nuggets and thought he was great. He talked about how much trouble people can have with subnetting and its math, but to me he taught it really clearly. He joked being facetious once about starting to use 10.x.x.x ranges instead of 192 ranges because they're cooler and "more professional", but really there's not any hidden benefit before your guidelines require you to have more of a plan for your subnets, for reasons others have mentioned.

    In the past, the range of addresses was split up into different ranges or classes, but they don't really come into play any more. About right after I learned about the classes, I learned they come up more on certification tests than in other environments.


Log in to reply