Lab nf-04 - IPv4 Subnetting with VLSM

Variable-Length Subnet Masking is the skill that turns a CCNA candidate into someone who can stand at a whiteboard with five rectangles and turn them into a working network. The math is not complex. The discipline is. This lab walks you through carving a single /16 parent block into four right-sized subnets, configuring them on a real router, and proving the result with show ip route.

You will work on R1 from the PingLabz CCNA Base Topology, using loopback interfaces so you can run the entire exercise on one router without disturbing the rest of the lab.

What you will learn

• How to translate "I need a subnet for N hosts" into "use a /X mask"
• How to carve a parent block (10.50.0.0/16 here) into multiple right-sized children without wasting addresses
• How to configure those subnets on a Cisco router and verify them with show ip route
• How to spot the canonical IOS clue that VLSM is happening ("variably subnetted, N subnets, M masks")
• The two common mistakes that trip up engineers - overlap and unintended summarization

What this lab does NOT cover

• Route summarization for redistribution between protocols (covered in IP Connectivity labs)
• IPv6 subnetting (covered in nf-05)
• Private vs. public address policy (covered in nf-03)

The scenario

You have one parent block: 10.50.0.0/16. That is 65,536 addresses to spend. You need to allocate four subnets:

Total addresses needed: 512 + 128 + 16 + 4 = 660. Well under the 65,536 the parent /16 gives you. The challenge is to allocate them efficiently and without overlap.

Step 1: The hosts-to-mask rule

For a subnet that needs N usable hosts, you need (N + 2) addresses minimum (network + broadcast are not usable). Round up to the next power of 2. The mask is whatever number of host bits gives you that power of 2.

500 hosts? Need at least 502 addresses. Closest power of 2 that fits is 512. That is 9 host bits, leaving 23 network bits. /23.

100 hosts? Need at least 102. Closest power of 2 is 128. That is 7 host bits, leaving 25 network bits. /25.

Step 2: Allocate from the parent block (biggest first)

The discipline that prevents overlap: allocate biggest first, contiguous from the parent block. If you start with the smallest and try to fit the biggest at the end, you waste space.

Starting at 10.50.0.0:

1. HQ-LAN (/23, 512 addresses). Starts at 10.50.0.0. Ends at 10.50.1.255. Next free address: 10.50.2.0.
2. Branch-LAN (/25, 128 addresses). Starts at 10.50.2.0. Ends at 10.50.2.127. Next free address: 10.50.2.128.
3. DMZ (/28, 16 addresses). Starts at 10.50.2.128. Ends at 10.50.2.143. Next free address: 10.50.2.144.
4. WAN-P2P (/30, 4 addresses). Starts at 10.50.2.144. Ends at 10.50.2.147. Next free address: 10.50.2.148.

Done. Plenty of /16 left over for future allocations.

Step 3: Configure the four subnets on R1

Console into R1 and configure four loopback interfaces, one per subnet, taking the first usable host address in each:

R1# configure terminal
R1(config)# interface Loopback1
R1(config-if)# description HQ-LAN (needs 500 hosts -> /23 = 510 usable)
R1(config-if)# ip address 10.50.0.1 255.255.254.0
R1(config-if)# no shutdown
R1(config-if)# interface Loopback2
R1(config-if)# description Branch-LAN (needs 100 hosts -> /25 = 126 usable)
R1(config-if)# ip address 10.50.2.1 255.255.255.128
R1(config-if)# no shutdown
R1(config-if)# interface Loopback3
R1(config-if)# description DMZ (needs 14 hosts -> /28 = 14 usable)
R1(config-if)# ip address 10.50.2.129 255.255.255.240
R1(config-if)# no shutdown
R1(config-if)# interface Loopback4
R1(config-if)# description WAN-P2P (needs 2 hosts -> /30 = 2 usable)
R1(config-if)# ip address 10.50.2.145 255.255.255.252
R1(config-if)# no shutdown
R1(config-if)# end

Each loopback gets the FIRST USABLE host in its subnet. That is the convention - the router itself takes .1 (or the lowest available), and remaining addresses go to hosts.

Step 4: Verify with show ip interface brief

Real capture from the lab after running the config above:

R1# show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Ethernet0/0            10.20.0.1       YES TFTP   up                    up
Ethernet0/1            unassigned      YES unset  administratively down down
Ethernet0/2            unassigned      YES unset  administratively down down
Ethernet0/3            unassigned      YES unset  administratively down down
Loopback0              10.255.0.1      YES TFTP   up                    up
Loopback1              10.50.0.1       YES manual up                    up
Loopback2              10.50.2.1       YES manual up                    up
Loopback3              10.50.2.129     YES manual up                    up
Loopback4              10.50.2.145     YES manual up                    up

Five loopbacks total now - Loopback0 is the base topology's router-ID, Loopback1-4 are the VLSM allocations we just made. The Method column distinguishes them: TFTP for the configs loaded from the CML startup-config, manual for the changes you just typed.

Step 5: The "variably subnetted" line is the proof

This is the signature line that tells you VLSM is happening. Run show ip route connected on R1:

R1# show ip route connected
<...routing protocol codes legend omitted...>
Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 11 subnets, 6 masks
C        10.20.0.0/24 is directly connected, Ethernet0/0
L        10.20.0.1/32 is directly connected, Ethernet0/0
C        10.50.0.0/23 is directly connected, Loopback1
L        10.50.0.1/32 is directly connected, Loopback1
C        10.50.2.0/25 is directly connected, Loopback2
L        10.50.2.1/32 is directly connected, Loopback2
C        10.50.2.128/28 is directly connected, Loopback3
L        10.50.2.129/32 is directly connected, Loopback3
C        10.50.2.144/30 is directly connected, Loopback4
L        10.50.2.145/32 is directly connected, Loopback4
C        10.255.0.1/32 is directly connected, Loopback0

Read it carefully:

• "10.0.0.0/8 is variably subnetted, 11 subnets, 6 masks". This is the giveaway. IOS prints this line whenever a single parent network has subnets of different mask lengths inside it. The "11 subnets" counts every connected route under 10/8 (5 C entries plus 6 L entries because IOS also shows each interface's /32 local route). The "6 masks" counts the unique prefix lengths: /8 (the parent), /23 (HQ-LAN), /24 (LAN), /25 (Branch-LAN), /28 (DMZ), /30 (WAN-P2P), /32 (the local routes and the loopback). VLSM in action.
• Connected vs. local routes. Each interface with an IP creates two routing-table entries: a C for the subnet ("everything in 10.50.0.0/23 is reachable via Loopback1") and an L for the interface address itself as a /32 ("10.50.0.1 specifically is me"). The L entries are why a /23 subnet shows up as two route entries.

Step 6: Common mistakes

Verification

• You can take "I need 50 hosts" and immediately reach for /26.
• You allocate biggest first, contiguous, from the parent block.
• show ip interface brief on R1 lists Loopback1-4 with the four /23, /25, /28, /30 addresses, all up.
• show ip route connected shows "10.0.0.0/8 is variably subnetted, 11 subnets, 6 masks" followed by the C and L entries for every interface.

Troubleshooting matrix

Engineer's note: production reality

Real address plans live in spreadsheets, IPAM tools (Infoblox, BlueCat, NetBox), or YAML files in version control. You do not usually do VLSM math at a whiteboard - you do it once, capture it in IPAM, and the rest of the team consumes the plan.

The skill the math teaches you is what to do when IPAM is wrong, when someone's documentation lies, or when you have to absorb a new acquisition's address space into your own. The math is fast once the discipline is muscle memory: hosts -> bits -> mask, biggest first, biggest first, biggest first.

Modern best practice for new designs: use /16 or larger per site, leave room to grow, document hierarchically (region.site.purpose), and never let two subnets touch even when they could be carved into one. The address space is cheap; the cognitive overhead of overlap is expensive.

Related reading on PingLabz

• Lab nf-03: IPv4 addressing essentials - the foundation this lab builds on
• Lab nf-07: Static routes - next-hop vs exit-interface - use these subnets in routing decisions
• CCNA Labs: IP Connectivity - where the routing happens

Key takeaways

• For N hosts, find the smallest power of 2 that is greater than or equal to (N + 2). That tells you the host bits. Subtract from 32 to get the prefix length.
• Allocate biggest first, contiguous from the parent block. This is the single discipline that prevents waste and overlap.
• show ip route prints "variably subnetted, N subnets, M masks" whenever you have VLSM in a single parent network. That line is the proof.
• Each interface creates two routing-table entries: a C (the subnet) and an L (the /32 for the interface itself).
• The two common mistakes are smallest-first allocation and overlapping subnets. Biggest-first contiguous allocation prevents both.

Up next

Lab nf-05: IPv6 addressing and EUI-64 takes the same address-and-mask logic into the 128-bit world. Same math, more bits, slightly different conventions.