3.1 Public, Private, and Local Addressing

Public, private, and local address roles

Cisco lists comparing private and public addresses as a CCST Networking skill because many first-line network problems start with address context. A public IP address is unique and routable on the public internet. If a web server, VPN gateway, cloud load balancer, or home router outside interface must receive traffic from internet clients, it needs a public address or a public address assigned to an upstream service. Public address space is coordinated so different organizations do not intentionally use the same globally routed address.

Private IPv4 addresses are different. They are reserved for internal use and are not routed across the public internet. The three main private ranges are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Home networks commonly use addresses such as 192.168.1.10; enterprise and lab networks often use 10.x.x.x; some organizations use 172.16.0.0 through 172.31.255.255. A device with one of these addresses can communicate inside networks where routes exist, but an internet router will not forward packets directly to that private destination.

That is why network address translation, usually NAT or PAT, is common at the edge. A laptop may use 192.168.1.25 on the home LAN, but websites see the public address on the router or service provider edge. PAT, sometimes called NAT overload, lets many internal hosts share one public IPv4 address by tracking transport-layer ports. For CCST depth, focus on the effect: private clients can start outbound sessions to the internet, but unsolicited inbound access from the internet requires a deliberate rule such as port forwarding, static NAT, VPN, or a published service.

Some addresses are local or special purpose. 127.0.0.1 is the IPv4 loopback address used by a host to talk to itself. 169.254.0.0/16 is link-local IPv4, commonly seen when a client cannot get a DHCP address. If a Windows or macOS client has a 169.254.x.x address when it should be on 192.168.1.x or 10.x.x.x, investigate DHCP, cabling, Wi-Fi association, VLAN assignment, or the DHCP server. Do not treat a link-local address as a valid corporate address just because it has four decimal numbers.

IPv6 has similar concepts but different ranges. Global unicast IPv6 addresses are publicly routable and commonly begin with 2000::/3. Unique local addresses, usually shown as fc00::/7 with practical use under fd00::/8, are private-like internal IPv6 addresses. Link-local IPv6 addresses begin with fe80::/10 and exist on every IPv6-enabled interface for local segment communication, neighbor discovery, and router discovery.

A technician also needs to separate IP addresses from MAC addresses. A MAC address is a Layer 2 hardware address used on the local link, often written as six hexadecimal pairs such as 00:1A:2B:3C:4D:5E. An IP address is a Layer 3 logical address used for routing between networks. When a host sends to another host on the same LAN, it uses ARP for IPv4 or Neighbor Discovery for IPv6 to learn the destination MAC address. When the destination is remote, the host sends the frame to the default gateway MAC address, while the IP packet remains addressed to the remote IP.

This difference explains why replacing a NIC can change local switching behavior without changing the server IP, and why a wrong default gateway can break remote access even when the cable and MAC address are fine.

Study Checkpoint

• Topic: 3.1 Public, Private, and Local Addressing.
• Verify the official Cisco concept before memorizing a shortcut.
• Practice the technician action: observe, document, test, fix when supported, or escalate.