Mental model
An IPv4 address is just a 32-bit number — about four billion possible values. We write it as four 8-bit chunks (octets) separated by dots, in decimal, because nobody wants to read 11000000.10101000.00001010.00000101 aloud.
192.168.10.5 ← human-readable
11000000.10101000.00001010.00000101 ← what the network actually sees
Every IPv4 address has two pieces glued together:
- Network portion — the part shared by everyone on the same LAN
- Host portion — the part unique to each device on that LAN
The subnet mask is what draws the line between them. /24 says “first 24 bits are network, last 8 are host.” Everything to the left of the line is shared; everything to the right is unique.
How to read a /N mask
| /N | Bits on | Hosts per subnet | Use case |
|---|---|---|---|
| /8 | 8 | 16,777,214 | Huge legacy block |
| /16 | 16 | 65,534 | Big enterprise LAN |
| /24 | 24 | 254 | Standard LAN segment |
| /30 | 30 | 2 | Point-to-point WAN link |
| /32 | 32 | 1 (just the host) | Loopbacks, host routes |
Mask is the inverse of “host bits” — /24 means 24 network bits, so 32−24 = 8 host bits = 2⁸ = 256 addresses minus 2 (network + broadcast) = 254 usable hosts.
Three private address ranges (RFC 1918)
These ranges never get routed on the public internet. Use them freely inside your own network:
| Range | Size | Typical use |
|---|---|---|
| 10.0.0.0/8 | 16.7M addresses | Enterprises that want lots of room |
| 172.16.0.0/12 (172.16–172.31) | 1M addresses | Mid-size enterprises |
| 192.168.0.0/16 | 65K addresses | Home routers, small offices |
If you see a packet on the public internet with a private source IP, it’s misconfigured or malicious — internet routers drop it.
Special addresses you need to know
| Address | What it is | Don’t use it for |
|---|---|---|
| 0.0.0.0 | Unspecified / “any” | Hosts (it means “I don’t have one yet”) |
| 127.0.0.0/8 | Loopback (commonly 127.0.0.1) | Anything other than localhost |
| 169.254.0.0/16 | APIPA (link-local) | Real hosts — means DHCP failed |
| 224.0.0.0/4 | Multicast | Unicast hosts (it’s for groups) |
| 255.255.255.255 | Local broadcast | Anything (it’s a destination only) |
| First IP of any subnet | Network address | Hosts |
| Last IP of any subnet | Broadcast address | Hosts |
If a user’s laptop has a 169.254.x.x IP, it didn’t get an answer from a DHCP server — the OS assigned itself a placeholder. Always check this when troubleshooting “no internet.”
Classful (legacy) vs Classless (modern)
Before 1993, IPv4 was split into classes based on the first few bits:
- Class A: 1.x – 126.x, default mask /8
- Class B: 128.x – 191.x, default mask /16
- Class C: 192.x – 223.x, default mask /24
- Class D: 224.x – 239.x, multicast
- Class E: 240.x – 255.x, reserved
CIDR (Classless Inter-Domain Routing) replaced this in 1993. Modern networking is classless — you use whatever prefix length fits. The terms “Class A network” or “Class C network” are only useful for talking about legacy protocol behaviour. Say /24, not “Class C.”
The CCNA exam still references the classes, so know them. But never design a network around them.
Commands
Assign an IPv4 address to a Cisco interface
R1(config)# interface GigabitEthernet0/0
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# no shutdown
View interface IP configuration
R1# show ip interface brief
R1# show ip interface GigabitEthernet0/0
R1# show running-config interface GigabitEthernet0/0
show ip interface brief is the bread-and-butter command — one-line summary of every interface and its IP.
Common mistakes
-
Confusing subnet mask with wildcard mask. Subnet mask =
255.255.255.0. Wildcard mask =0.0.0.255(inverse). Use the right one in the right context (ACLs and OSPF use wildcard; interface configs use subnet). -
Assigning the network or broadcast address to a host. The first IP of a subnet is the network, the last is the broadcast. Neither is usable.
.0and.255on a /24 are off-limits. -
Using private IPs and forgetting NAT. Hosts inside the network are 10.0.0.5; the public internet doesn’t route to that. Without NAT on the edge router, return traffic never arrives.
-
Assigning 169.254.x.x manually to a host. This is the APIPA range — reserved for failed DHCP. A real host with this address will get filtered or behave weirdly on most networks.
-
Treating /31 as unusable. Many engineers learned “you can’t use /31 because there’s only 2 addresses, both reserved.” RFC 3021 fixed this in 2000 — modern routers happily use /31 for point-to-point links, saving IPs. Use /31, not /30, on point-to-point WAN.
-
Picking the same private range as another network you’ll later merge with. Two acquired companies both using 192.168.1.0/24 → painful renumber. Plan large ranges (10.x) from day one.
Lab to try tonight
- On any router, configure
ip address 10.10.10.1 255.255.255.252on an interface. Calculate by hand: what’s the network, broadcast, and other usable IP? - Verify with
show ip interface brief. - On a PC, manually set an IP in the same /30 range. Ping the router. Confirm reachability.
- Now set the PC’s IP to the network address (10.10.10.0) — observe the failure.
- Change to a different private range entirely (172.16.0.1/24). Configure on a second router interface. Confirm independent operation.
- Bonus: enable a /31 on a point-to-point WAN link. Verify both ends can ping each other with only 2 addresses in the subnet.
Cheat strip
| Concept | Plain English |
|---|---|
| 32-bit address | Four octets, 0–255 each |
| Subnet mask | Tells you where network ends and host begins |
| Private ranges | 10/8 · 172.16/12 · 192.168/16. Internal only. |
| /30 vs /31 | Both for point-to-point. /31 (RFC 3021) saves 2 IPs. |
| 169.254.x.x (APIPA) | DHCP failed. Real hosts shouldn’t have this. |
| 127.0.0.1 | Loopback — “this same machine” |
| 0.0.0.0 | ”Any” — used in default routes and unspecified contexts |
| /N notation | Modern. Classful network classes (A/B/C) are exam-only legacy. |