Routing and Network Segmentation

IP Addressing, Subnets, and VLANs

An exploration of how networks are logically divided for efficiency and security using IP addressing, subnet masks, and Virtual LANs (VLANs).
Author

Chuck Nelson

Published

November 13, 2025

1 Purpose

This document moves from the physical layer to the logical layer of networking. While switches can create a local network, true network management, security, and large-scale communication depend on logical segmentation. This reading introduces IP addressing, the foundational protocol of the internet, and the two primary methods used to divide and organize networks: subnetting and VLANs.

2 What You’ll Learn

By the end of this reading, you will be able to:

  • Describe the basic structure of an IPv4 address and the purpose of a subnet mask.
  • Differentiate between public and private IP addresses.
  • Explain how subnetting is used to divide a large network into smaller broadcast domains.
  • Define a Virtual LAN (VLAN) and explain how it can be used to logically group devices regardless of their physical location.

This reading maps to the following program and course learning outcomes:

  • Program Learning Outcomes (PLOs):
    • 3. Apply terminology and numeric or system concepts: This document introduces the fundamental concepts of IP addressing, subnetting, and VLANs, which are core to all modern networking.
  • Course Learning Outcomes (CLOs):
    • 4. Configure hardware and basic network components: Understanding logical addressing is a prerequisite for configuring any Layer 3 device, such as a router.

This exercise develops the following skills, which align with the O*NET SOC Code 15-1232.00 for Computer User Support Specialists.

Learning Objective O*NET KSAs Technologies Used
Explain the function of an IP address/subnet mask. Knowledge: Telecommunications, Computers & Electronics
Abilities: Information Ordering		 IPv4, Subnetting
Describe the purpose of VLANs. Knowledge: Telecommunications
Skills: Reading Comprehension, Systems Analysis		 VLANs, 802.1Q

3 The Language of the Internet: IP Addressing

While a MAC address identifies which device is which, an IP (Internet Protocol) address identifies where a device is on a network. It’s like the difference between your name (MAC address) and your street address (IP address). The dominant version in use today is IPv4.

An IPv4 address is a 32-bit number, typically written as four decimal numbers (octets) separated by periods, like 192.168.1.100.

3.1 The Subnet Mask: Network vs. Host

An IP address has two parts: 1. Network ID: Identifies the network the device is on. All devices on the same local network share the same network ID. 2. Host ID: Identifies the specific device on that network.

The subnet mask is a second 32-bit number that tells the computer which part of the IP address is the network ID and which part is the host ID. A typical subnet mask is 255.255.255.0. Where the subnet mask has a 255, that part of the IP address belongs to the network. Where it has a 0, that part belongs to the host.

  • IP Address: 192.168.1.100
  • Subnet Mask: 255.255.255.0
  • Result:
    • Network ID: 192.168.1
    • Host ID: 100

3.2 Public vs. Private IP Addresses

There is a distinction between the IP address your computer uses on your local LAN and the one it uses to talk to the internet.

  • Private IP Addresses: Certain ranges of IP addresses (like 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255) are reserved for use on private, internal networks. These addresses cannot be routed on the public internet. Your home or office computer has a private IP address.
  • Public IP Addresses: This is the single IP address assigned to your entire network by your ISP. When you browse a website, your router uses a process called NAT (Network Address Translation) to translate the private IP address of your computer into the single public IP address for communication with the outside world.

4 Segmentation Method 1: Subnetting

A broadcast domain is a logical division of a network in which all devices can reach each other by broadcast. In a simple flat network (one switch), all devices are in the same broadcast domain. As a network grows, this becomes inefficient and insecure, as broadcasts from one device interrupt all others.

Subnetting is the process of taking one large network and breaking it into multiple smaller networks, or subnets. This is done by adjusting the subnet mask. Each subnet is a separate broadcast domain.

  • How it Works: By extending the subnet mask (e.g., changing it from 255.255.255.0 to 255.255.255.128), you “borrow” bits from the host portion of the address and assign them to the network portion. This creates multiple smaller network IDs within the original single network.
  • Benefit: Traffic within a subnet stays within that subnet. Devices can only communicate with devices on a different subnet by going through a router. This reduces broadcast traffic and allows for the creation of security boundaries between different groups of users (e.g., separating the Accounting department’s network from the Sales department’s network).
Note🌐 Class C IP Subnetting Effects Table

This table illustrates the effects of borrowing host bits for subnetting a standard Class C network (base prefix /24 or 255.255.255.0).

CIDR Notation Borrowed Bits (\(s\)) Binary Subnet Mask (Last Octet) Dotted-Decimal Subnet Mask Total Subnets (\(2^s\)) Usable Hosts per Subnet (\(2^h - 2\))
/25 1 10000000 255.255.255.128 \(2^1 = \mathbf{2}\) \(2^7 - 2 = \mathbf{126}\)
/26 2 11000000 255.255.255.192 \(2^2 = \mathbf{4}\) \(2^6 - 2 = \mathbf{62}\)
/27 3 11100000 255.255.255.224 \(2^3 = \mathbf{8}\) \(2^5 - 2 = \mathbf{30}\)
/28 4 11110000 255.255.255.240 \(2^4 = \mathbf{16}\) \(2^4 - 2 = \mathbf{14}\)
/29 5 11111000 255.255.255.248 \(2^5 = \mathbf{32}\) \(2^3 - 2 = \mathbf{6}\)
/30 6 11111100 255.255.255.252 \(2^6 = \mathbf{64}\) \(2^2 - 2 = \mathbf{2}\)

💡 Key Subnetting Formulas

  • Class C Foundation: The base network is /24. Subnetting involves borrowing bits from the total 8 host bits in the last octet.
  • Total Subnets: The number of subnets created is determined by the number of borrowed bits (\(s\)): \[\text{Total Subnets} = \mathbf{2^s}\] (\(s\) is the number of ’1’s in the subnet mask’s last octet).
  • Usable Hosts: The number of usable host addresses in each subnet is determined by the number of remaining host bits (\(h\)): \[\text{Usable Hosts} = \mathbf{2^h - 2}\] (\(h\) is the number of ’0’s in the subnet mask’s last octet, and we subtract 2 for the Network and Broadcast addresses).

5 Segmentation Method 2: Virtual LANs (VLANs)

Subnetting physically and logically separates networks. But what if you have users from different departments all plugged into the same physical switch? This is where VLANs come in.

A VLAN (Virtual LAN) is a method of creating logically separate networks on the same physical network infrastructure.

  • How it Works: A VLAN-capable switch can be configured to assign each of its ports to a specific VLAN (e.g., VLAN 10 for Accounting, VLAN 20 for Sales). The switch then ensures that traffic from a device in VLAN 10 can only go to other devices in VLAN 10, even if they are all on the same switch. It’s like creating multiple, separate virtual switches inside of one physical switch.
  • VLAN Tagging (802.1Q): For traffic that needs to go between switches (e.g., when users on the same VLAN are on different floors), a process called VLAN tagging is used. The switch adds a small “tag” to the Ethernet frame that identifies which VLAN the traffic belongs to. Other switches can then read this tag and forward the frame to the correct VLAN on their end.
  • Benefit: VLANs provide segmentation and security with great flexibility. You can group users by department or function regardless of where they physically plug into the network. As with subnets, communication between different VLANs must be handled by a router.

6 Reflect and Review

ImportantReflection: 3-2-1

Now that you have reviewed this document, take a moment to reflect on your learning in your Microsoft Teams Student Notebook:

  • 3 parts of a full IP address configuration (IP, subnet mask, and gateway).
  • 2 reasons to segment a network.
  • 1 question you still have about the difference between a subnet and a VLAN.
TipCheck on Learning

Answer these questions in your notebook to solidify your understanding:

  1. An IP address is 172.16.30.5 and the subnet mask is 255.255.0.0. What is the Network ID portion of this address?
  2. What is the name of the process that allows multiple devices on a private network to share a single public IP address?
  3. You want to separate the network traffic of your company’s guest Wi-Fi from the internal corporate network for security. Would subnetting or VLANs be a good way to achieve this?
  4. What IEEE standard is associated with VLAN tagging?
Back to top