3.4 Subnet Logic, Host Ranges, and Gateways
Key Takeaways
- A normal IPv4 LAN subnet has a network address, a usable host range, and a broadcast address.
- Block size = 256 minus the interesting-octet mask value; it locates subnet boundaries quickly.
- Same-subnet hosts talk directly via ARP; different-subnet hosts route through the default gateway.
- The default gateway must be an address inside the host's own subnet, or remote traffic fails.
Deciding local versus remote
Subnetting is not abstract math — it tells a host whether to deliver a packet directly or hand it to a router. The sending host compares the destination IP against its own network. If the destination is in the same subnet, the host resolves the destination's MAC with ARP (Address Resolution Protocol) and sends an Ethernet frame straight to it. If the destination is in a different subnet, the host sends the frame to the default gateway's MAC; the IP packet still carries the remote destination IP, but the Layer 2 frame is addressed to the router interface.
Start with simple /24 logic. In 192.168.10.0/24:
- Network address:
192.168.10.0 - Usable hosts:
192.168.10.1–192.168.10.254 - Broadcast address:
192.168.10.255
Gateways are commonly the first or last usable address (.1 or .254), but that is a convention, not a rule. The non-negotiable requirement: the default gateway must be an IP on the same subnet as the host.
Block-size method for smaller subnets
For non-/24 masks, use block size = 256 − (mask value in the interesting octet):
| Mask | Prefix | Interesting-octet value | Block size | Subnet starts (last octet) |
|---|---|---|---|---|
| 255.255.255.192 | /26 | 192 | 64 | 0, 64, 128, 192 |
| 255.255.255.224 | /27 | 224 | 32 | 0, 32, 64, 96, ... |
| 255.255.255.240 | /28 | 240 | 16 | 0, 16, 32, 48, ... |
For 192.168.10.70/26, the /26 block size is 64, so subnets start at .0, .64, .128, .192. The address .70 falls in the .64 subnet: network 192.168.10.64, broadcast 192.168.10.127, usable 192.168.10.65–192.168.10.126. A gateway of 192.168.10.1 would be outside that subnet and would silently fail.
Boundary tests, gateways, and ticket evidence
Work another mask. A /28 (255.255.255.240) has block size 16. 192.168.5.33/28 falls in the 192.168.5.32 subnet: broadcast 192.168.5.47, usable .33–.46. So a printer statically set to 192.168.5.47/28 is sitting on the broadcast address and must be corrected; one set to 192.168.5.48/28 has slipped into the next subnet and cannot talk locally to the .32 hosts.
Use the gateway as a fast boundary test:
| Host config | Gateway | Valid? |
|---|---|---|
| 10.10.20.25/24 | 10.10.20.1 | Yes — same /24 |
| 10.10.20.25/24 | 10.10.21.1 | No — gateway outside /24 |
| 10.10.20.25/23 | 10.10.21.1 | Yes — /23 spans .20 and .21 |
The last row shows why the mask changes the answer: a /23 merges two adjacent /24 ranges (10.10.20.0–10.10.21.255), so a .21 gateway is legal.
Common gateway tickets
- Client reaches same-subnet peers but not the internet, remote VLANs, or external DNS → suspect the default gateway (missing, wrong, or unreachable).
- Client cannot reach even local peers → check link, Wi-Fi association, VLAN, IP/mask, duplicate IP, and host firewall before blaming routing.
- Only some remote networks fail → the gateway may be fine and the fault lies in routing beyond the first hop.
DHCP reduces manual error by handing out address, mask, gateway, and DNS together. Static configuration is still used for printers, cameras, servers, and infrastructure — but it must be documented, and you should avoid assigning static hosts from the middle of a DHCP scope unless exclusions or reservations exist; duplicate IPs cause intermittent, confusing failures.
When you log a ticket, record symptom plus scope: does same-subnet work, does a gateway ping succeed, does name resolution work, and what does a known-good comparison device show? A note like "client 192.168.30.55/24, gateway 192.168.30.1, can ARP gateway, external DNS unreachable" lets an engineer instantly localize the fault to host config, VLAN placement, DHCP, routing, or an upstream firewall — instead of the useless "network down."
A repeatable procedure for any subnet question
When the exam or a real ticket hands you an address with a non-/24 mask, run the same five steps every time. First, identify the interesting octet — the one where the mask is neither 255 nor 0. Second, compute the block size (256 minus the interesting-octet mask value). Third, list the subnet boundaries by counting up by the block size from zero. Fourth, find which boundary the host's address falls into; that is the network address. Fifth, the address just before the next boundary is the broadcast, and everything between network+1 and broadcast−1 is the usable host range.
Work 172.16.5.130/26 through the procedure: the interesting octet is the fourth, block size is 256 − 192 = 64, boundaries are .0, .64, .128, .192, the address .130 lands in the .128 subnet, the broadcast is .191, and usable hosts are .129 through .190. Confirm a proposed gateway of 172.16.5.129 is valid because it lies inside that range, while 172.16.5.65 would be in the wrong subnet. The procedure never changes — only the numbers do — which is why it is reliable under time pressure.
The same logic answers the most common real-world subnet failure: a static device that "used to work" stops reaching peers after a mask change. If an administrator tightens a subnet from /24 to /26, hosts that were happily on 192.168.10.200 suddenly compute a different network than hosts on 192.168.10.10, even though both still look like "the 192.168.10 network" at a glance. Recognizing that a mask change re-draws every boundary — and that the gateway must still sit inside each host's new, smaller subnet — is exactly the reasoning the CCST exam rewards, and it is why technicians document the mask, never just the address.
A host is configured as 192.168.10.70/26. What is its network address?
For subnet 192.168.5.32/28, which address is the directed broadcast?
A host at 10.10.20.25/24 is given a default gateway of 10.10.21.1. What is wrong?