Home > Articles > Certification > Cisco Certification > CCNA

  • Print
  • + Share This
This chapter is from the book

Foundation Topics

VLSM Concepts and Configuration

VLSM occurs when an internetwork uses more than one mask for different subnets of a single Class A, B, or C network. Figure 5-1 shows an example of VLSM used in Class A network

Figure 5-1

Figure 5-1 VLSM in Network Masks /24 and /30

Figure 5-1 shows a typical choice of using a /30 prefix (mask on point-to-point serial links, with mask /24 ( on the LAN subnets. All subnets are of Class A network, with two masks being used, therefore meeting the definition of VLSM.

Oddly enough, a common mistake occurs when people think that VLSM means “using more than one mask in some internetwork,” rather than “using more than one mask in a single classful network.” For example, if in one internetwork diagram, all subnets of network use a mask, and all subnets of network use a mask, the design uses two different masks. However, Class A network uses only one mask, and Class A network uses only one mask. In that case, the design does not use VLSM.

VLSM provides many benefits for real networks, mainly related to how you allocate and use your IP address space. Because a mask defines the size of the subnet (the number of host addresses in the subnet), VLSM allows engineers to better match the need for addresses with the size of the subnet. For example, for subnets that need fewer addresses, the engineer uses a mask with fewer host bits, so the subnet has fewer host IP addresses. This flexibility reduces the number of wasted IP addresses in each subnet. By wasting fewer addresses, more space remains to allocate more subnets.

VLSM can be helpful for both public and private IP addresses, but the benefits are more dramatic with public networks. With public networks, the address savings help engineers avoid having to obtain another registered IP network number from regional IP address assignment authorities. With private networks, as defined in RFC 1918, running out of addresses is not as big a negative, because you can always grab another private network from RFC 1918 if you run out.

Classless and Classful Routing Protocols

Before you can deploy a VLSM design created on paper, you must first use a routing protocol that supports VLSM. To support VLSM, the routing protocol must advertise the mask along with each subnet. Without mask information, the router receiving the update would be confused.

For instance, if a router learned a route for, but with no mask information, what does that mean? Is that subnet The dotted-decimal number happens to be a valid subnet number with a variety of masks, and because multiple masks may be used with VLSM, the router has no good way to make an educated guess. To effectively support VLSM, the routing protocol needs to advertise the correct mask along with each subnet, so the receiving router knows the exact subnet that is being advertised.

By definition, classless routing protocols advertise the mask with each advertised route, and classful routing protocols do not. The classless routing protocols, as noted in Table 5-2, are the newer, more advanced routing protocols. And not only do these more advanced classless routing protocols support VLSM, they also support manual route summarization, a feature discussed in Chapter 6, “Route Summarization.”


Table 5-2. Classless and Classful Interior IP Routing Protocols

Routing Protocol

Is It Classless?

Sends Mask in Updates

Supports VLSM

Supports Manual Route Summarization


























Beyond VLSM itself, the routing protocols do not have to be configured to support VLSM or to be classless. There is no command to enable or disable the fact that classless routing protocols include the mask with each route. The only configuration choice you must make is to use a classless routing protocol, which among the IGPs discussed for CCNA, are RIP-2, EIGRP, and OSPF.

VLSM Configuration and Verification

Cisco routers do not configure VLSM, enable or disable it, or need any configuration to use it. From a configuration perspective, VLSM is simply a side effect of the ip address interface subcommand. Routers collectively configure VLSM by virtue of having IP addresses in the same classful network but with different masks.

For instance, Example 5-1 shows a simple example with two of the interfaces from router Yosemite from Figure 5-1. The example shows the IP address assignments on two interfaces, one with a /24 mask and one with a /30 mask, both with IP addresses in Class A network

Example 5-28. Configuring Two Interfaces on Yosemite, Resulting in VLSM

Yosemite#configure terminal
Yosemite(config)#interface Fa0/0
Yosemite(config-if)#ip address
semite(config-if)#interface S0/1
Yosemite(config-if)#ip address

When a router detects VLSM being used in a network, IOS lists the mask per route in the output of the show ip route command, rather than simply listing the mask only in the header line for that network. Example 5-2 lists an example of the routing table on Albuquerque from Figure 5-1; Albuquerque uses two masks inside network, as noted in the highlighted line in the example.

Example 5-29. Albuquerque Routing Table with VLSM

Albuquerque#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set is variably subnetted, 11 subnets, 2 masks 
D[90/2172416] via, 00:00:34, Serial0/0
D [90/2172416] via, 00:00:34, Serial0/0
D [90/2172416] via, 00:00:34, Serial0/0
D [90/2172416] via, 00:00:34, Serial0/0
D [90/2172416] via, 00:00:56, Serial0/1
D [90/2172416] via, 00:00:56, Serial0/1
D [90/2172416] via, 00:00:56, Serial0/1
D [90/2172416] via, 00:00:56, Serial0/1
C is directly connected, Ethernet0/0
C directly connected, Serial0/1
C is directly connected, Serial0/0

So ends the discussion of VLSM as an end to itself. This chapter is devoted to VLSM, but it took a mere 3–4 pages to fully describe it. Why the whole VLSM chapter? Well, to work with VLSM, to find problems with it, to add subnets to an existing design, and to design using VLSM from scratch—in other words, to apply VLSM to real networks—takes skill and practice. To do these same tasks on the exam requires skill and practice. The rest of this chapter examines the skills to apply VLSM and provides some practice for these three key areas:

  • Finding VLSM overlaps
  • Adding new VLSM subnets without overlaps
  • Designing subnetting using VLSM

Finding VLSM Overlaps

Regardless of whether a design uses VLSM or not, the subnets used in any IP internetwork design should not overlap their address ranges. When subnets in different locations overlap their addresses, a router’s routing table entries overlap. As a result, hosts in different locations may be assigned the same IP address. Routers clearly cannot route packets correctly in these cases. In short, a design that uses overlapping subnets is considered to be an incorrect design and should not be used.

These address overlaps are easier to see when using SLSM than when using VLSM. With SLSM, overlapped subnets have identical subnet IDs, so to find overlaps, you just have to look at the subnet IDs. With VLSM, overlapped subnets may not have the same subnet ID. To find these overlaps, you have to look at the entire range of addresses in each subnet, from subnet ID to subnet broadcast address, and compare the range to the other subnets in the design.

An Example of Finding a VLSM Overlap

For example, imagine that a practice question for the CCNA exam shows Figure 5-2. It uses a single Class B network (, with VLSM, because it uses three different masks: /23, /24, and /30.

Figure 5-2

Figure 5-2 VLSM Design with Possible Overlap

Now imagine that the exam question shows you the figure, and either directly or indirectly asks whether overlapping subnets exist. This type of question might simply tell you that some hosts cannot ping each other, or it might not even mention that the root cause could be that some of the subnets overlap. To answer such a question, you could follow this simple but possibly laborious process:


Step 1 Calculate the subnet ID and subnet broadcast address of each subnet, which gives you the range of addresses in that subnet.

Step 2 List the subnet IDs in numeric order (along with their subnet broadcast addresses).

Step 3 Scan the list top to bottom, comparing each pair of adjacent entries, to see if their range of addresses overlaps.

For example, Table 5-3 completes the first two steps based on Figure 5-2, listing the subnet IDs and subnet broadcast addresses, in numeric order based on the subnet IDs.

Table 5-3. Subnet IDs and Broadcast Addresses, in Numeric Order, from Figure 5-2


Subnet Number

Broadcast Address




R1-R2 serial

R1-R3 serial

Step 3 states the somewhat obvious step of comparing the address ranges to see whether any overlaps occur. You could just scan the list overall, but if you order the list, you can also methodically scan the list looking at each adjacent pair.

First, look closely just at the subnet number column in Table 5-2. Note that, in this case, none of the subnet numbers are identical, but two entries (highlighted) do overlap.

Next, look closely at the R2 LAN and R3 LAN subnets. All the addresses in the subnet are also part of the subnet. In this case, the design is invalid because of the overlap, and one of these two subnets would need to be changed.

As far as the three-step process works, note that if two adjacent entries in the list overlap, compare three entries at the next step. The two subnets already marked as overlapped may overlap with the next subnet in the list. For example, imagine a case where you had the following three subnets in a list that you were examining for VLSM overlaps:

  • (subnet ID, broadcast
  • (subnet ID, broadcast
  • (subnet ID, broadcast

If you compare entries 1 and 2, clearly, an overlap occurs, because all the addresses in subnet sit inside subnet If you then compare only entries 2 and 3, those entries do not overlap. However, entries 1 and 3 do overlap. So what does this mean for the process? Any time you find an overlap, compare all of those overlapped subnets with the next line in the list of subnets until you find one that doesn’t overlap.

Practice Finding VLSM Overlaps

As typical of anything to with applying IP addressing and subnetting, practice helps. To that end, Table 5-4 lists three practice problems. Just start with the five IP addresses listed in a single column, and then follow the three-step process outlined in the previous section to find any VLSM overlaps. The answers can be found near the end of this chapter, in the section, “Answers to Earlier Practice Problems.”

Table 5-4. VLSM Overlap Practice Problems

Problem 1

Problem 2

Problem 3

Adding a New Subnet to an Existing VLSM Design

The task described in this section happens frequently in real networks: choosing new subnets to add to an existing design. In real life, you may use tools that help you choose a new subnet so that you do not cause an overlap. However, for both real life and for the CCNA exam, you need to be ready to do the mental process and math of choosing a subnet that both has the right number of host IP addresses and does not create an overlapped VLSM subnet condition. In other words, you need to pick a new subnet and not make a mistake!

For example, consider the internetwork in Figure 5-2, with classful network An exam question might suggest that a new subnet, with a /23 prefix length, needs to be added to the design. The question might also say, “Pick the numerically lowest subnet number that can be used for the new subnet.” In other words, if both and would work, use

So, you really have a couple of tasks: to find all the subnet IDs that could be used, rule out the ones that would cause an overlap, and then check to see if the question guides you to pick either the numerically lowest (or highest) subnet ID. This list outlines the specific steps:


Step 1 Pick the subnet mask (prefix length) for the new subnet, based on the design requirements (if not already listed as part of the question).

Step 2 Calculate all possible subnet numbers of the classful network using the mask from Step 1, along with the subnet broadcast addresses.

Step 3 Make a list of existing subnet IDs and matching subnet broadcast addresses.

Step 4 Rule out overlapping new subnets by comparing the lists from the previous two steps.

Step 5 Choose the new subnet ID from the remaining subnets identified at Step 4, paying attention to whether the question asks for the numerically lowest or numerically highest subnet ID.

An Example of Adding a New VLSM Subnet

For example, Figure 5-3 shows an existing internetwork that uses VLSM. In this case, you need to add a new subnet to support 300 hosts. Imagine that the question tells you to use the smallest subnet (least number of hosts) to meet that requirement. You use some math and logic you learned earlier in your study to choose mask /23, which gives you 9 host bits, for 29 – 2 = 510 hosts in the subnet.

Figure 5-3

Figure 5-3 Internetwork to Which You Need to Add a /23 Subnet, Network

At this point, just follow the steps listed before Figure 5-3. For Step 1, you have already been given the mask (/23). For Step 2, you need to list all the subnet numbers and broadcast addresses of assuming the /23 mask. You will not use all these subnets, but you need the list for comparison to the existing subnets. Table 5-5 shows the results, at least for the first five possible /23 subnets.

Table 5-5. First Five Possible /23 Subnets


Subnet Number

Subnet Broadcast Address

First (zero)





Next, at Step 3, list the existing subnet numbers and broadcast addresses, as seen earlier in Figure 5-3. To do so, do the usual math to take an IP address/mask to then find the subnet ID and subnet broadcast address. Table 5-6 summarizes that information, including the locations, subnet numbers, and subnet broadcast addresses.

Table 5-6. Existing Subnet IDs and Broadcast Addresses from Figure 5-3


Subnet Number

Subnet Broadcast Address




R1-R2 serial

R1-R3 serial

At this point, you have all the information you need to look for the overlap at Step 4. Simply compare the range of numbers for the subnets in the previous two tables. Which of the possible new /23 subnets (Table 5-5) overlap with the existing subnets (Table 5-6)? In this case, the second, third, and fifth subnets in Table 5-5 overlap, so rule those out as candidates to be used. (Table 5-5 denotes those subnets with gray highlights.)

Step 5 has more to do with the exam than with real network design, but it is still worth listing as a separate step. Multiple-choice questions sometimes need to force you into a single answer, and asking for the numerically lowest or highest subnet does that. This particular example asks for the numerically lowest subnet number, which in this case is

Practice Adding New VLSM Subnets

The practice problems in this section all begin with an existing design that uses the following subnets:

Treat each of the following five problems as an independent problem. That is, after you choose a subnet for Problem 1, ignore that subnet when solving Problem 2. For each problem: choose the numerically lowest subnet numbers for a new subnet in network that does not cause an overlap when using the following masks:

  1. /24
  2. /23
  3. /22
  4. /25
  5. /26

You can find the answers in the section, “Answers to Practice Problems.”

Designing a Subnetting Plan Using VLSM

CCENT/CCNA ICND1 Official Cert Guide explains several important subnetting design concepts and tasks, but they all assume a single subnet mask is used in each classful network. To perform the similar but more involved design work when using VLSM, you need to apply those same skills in new ways.

For instance, you should understand by now how to design or choose a subnet mask so that a subnet supports a stated number of host IP addresses. You should also know how to list all the subnets of a classful network, assuming one specific mask is used throughout that classful network.

This section discusses how to apply those same concepts when you allow the use of multiple masks.

For example, when assuming SLSM in the ICND1 book, a problem might use Class B network, and the design might call for ten subnets, with the largest subnet containing 200 hosts. Mask meets the requirements for that largest subnet, with 8 subnet bits and 8 host bits, supporting 256 subnets and 254 hosts per subnet. (Other masks also meet that requirement.) If using that one mask throughout the network, the subnet numbers would be,,, and so on, counting by one in the third octet.

To create a subnet plan with VLSM, you have to rethink the choice of subnet masks and the choice of allowed subnets. Additionally, you always have to avoid choosing subnets that overlap. This section walks through the VLSM subnet design process, beginning with mask design, and moving on to choosing subnets to use for a particular topology.

Choosing VLSM Masks

With SLSM design, you typically choose the one mask based on the needs of the largest subnet—in other words, the subnet that requires the largest number of host IP addresses. With VLSM design, you can instead choose to use many different masks. You could literally use every mask from /8 through /30 inside a single classful network.

Although using a dozen masks might let you save lots of addresses, it would also create extra complexity. So, the VLSM design choice for how many masks to use, and which ones, requires some compromise and tradeoffs between saving addresses while keeping things simple. Many companies settle on somewhere between two and four different masks as a compromise.

To choose the masks in real life, you need to look at the requirements for each subnet in the design. How many host IP addresses do you need in each case? How much growth do you expect? How many subnets do you need of each size?

In the more theoretical world of exam preparation, you can typically expect a cleaner view of the world, which makes the discussion in this book more objective. For instance, consider Figure 5-4, which lists requirements for two ultra-large data center subnets on the left, several branch office LAN subnets on the right, and a number of typical serial links.

Figure 5-4

Figure 5-4 Requirements that Feed into a VLSM Design

Figure 5-4 shows requirements for the number of host IP addresses; all you have to do then is pick a mask to meet the requirements for each size subnet as a separate problem, and note the number of subnets you need to create for each size. For the exam, the question might give some guidance that leads you to a single answer, like asking you to choose a mask that meets the goal and uses the lest least host bits. With Figure 5-4, using the least host bits, you would choose these three masks:

/18: 14 host bits, 214 – 2 = 16,382 hosts/subnet

/24: 8 host bits, 28 – 2 = 254 hosts/subnet

/30: 2 host bits, 22 – 2 = 2 hosts/subnet

In summary, to choose the masks to use in VLSM, analyze the requirements. Find subnets with requirements for similar numbers of hosts, like the three sizes of subnets in Figure 5-4. The, choose a small number of masks to use for those different sizes of subnets, as summarized in the list for this particular example.

Assigning the Largest Subnet IDs First

VLSM subnet assignment first occurs on paper, when the network engineer looks at a list of subnet IDs and chooses which subnet ID to use for which need in the network topology. For example, Figure 5-4 shows the need for two subnets with a /18 mask, three subnets with a /24 mask, and three subnets with a /30 mask. What specific subnets did the engineer choose? Which subnets could the engineer have chosen? This section explores how to answer these questions and how to go about choosing subnets.


When assigning subnets, follow this strategy: Choose the largest subnets first.

To show you why, we continue the example based in part on Figure 5-4. In that company, the LAN team will assign the subnets for the /18 and /24 subnets, and the WAN team will assign all the /30 subnets. The WAN team has already deployed some WAN links, and they have the political power and are unwilling to change. The WAN team has already used subnets,,, and

Although the four WAN subnets have consumed a mere 16 addresses, unfortunately, those subnets have already busted the VLSM design. The four small subnet assignments have created an overlap with all four possible /18 subnets of network Figure 5-5 shows the idea, with the four possible /18 subnets at the top and the overlapping WAN subnets at the bottom.

Figure 5-5

Figure 5-5 Overlaps Caused by Unfortunate Assignments of Smaller Subnets

When using mask /18, with Class B network, only four possible subnets exist:,,, and The four small /30 WAN subnets each overlap with one of these four, as shown in Figure 5-5. How can you avoid making such mistakes? Either assign the smaller subnets from a much tighter range or assign the larger subnet IDs first, as suggested in this chapter. In this case, the LAN team could have allocated the first two /18 subnets first, and made the WAN team avoid using IP addresses from the first half of class B network

Admittedly, the WAN team could not have been any more shortsighted in this contrived example. Regardless, it shows how a small subnet assignment can prevent you from having a larger subnet available. You should always strive to keep large holes open in your address space in anticipation of assigning large subnets in the future.

An Example of VLSM Subnet Design

Other than a general strategy to assign the larger subnets first, what specific steps should you take? Rather than start with a formal process, this section shows an example. In short, the process finds and allocates the largest subnets. Then it takes one of those unused subnets and further subdivides it—sub-subnets it if you prefer—to make the next smaller size of subnets.

This example uses the following requirements; they are the same requirements shown earlier in Figure 5-4.

2 subnets with mask /18

3 subnets with /24

3 subnets with /30

To begin, calculate all possible subnets of network using a /18 mask (the largest subnets). Then, pick two subnets, because the requirements say that you need two. Figure 5-6 shows a representation of these four subnets and the fact that two are allocated for use.

Figure 5-6

Figure 5-6 Four /18 Subnets Listed, with Two Allocated for Use

The allocation of the first two of these large subnets removes a large set of IP addresses from the pool. When choosing subnets for the next smaller size subnet, you have to avoid the range of addresses in these subnets. In this case, these two subnets consume half the Class B network: addresses – The numerically lowest subnet ID that could possibly be used for the next to-be-allocated subnet, and not overlap, is

For the next step, you take one of the currently free subnets from the list of large subnets and further subdivide it (or “sub-subnet it”) to create the smaller sized subnet. For instance, in this case, the next large subnet ID in sequence is You take this range of addresses, and you find all subnets in this range using the next smaller subnet size, which in this example are the subnets that use the /24 mask. You can find all subnets of Class B network using the /24 mask, but you really only have to start at Figure 5-7 shows the idea of what subnets exist in this range, using /24 masks.

Figure 5-7

Figure 5-7 Subdividing into 64 Subnets Using /24 Mask

Figure 5-7 shows a representation of the fact that the subnets,,, and so on, through, all fit inside the range of addresses of the subdivided larger subnet. Although the figure does not show all 64 of these /24 subnets because of space constraints, it shows enough to see the pattern.

To summarize what actions we took so far in choosing and assigning subnets on paper in this example, we

  • Calculated the four possible subnets of Class B network using mask /18
  • Allocated the first two subnets for use in the internetwork
  • Marked the third of four /18 subnets ( to be sub-subnetted into smaller subnets
  • Listed all subnets using mask /24 that could exist inside

To continue the exercise, the requirements asked for three /24 subnets, so you need to pick three subnets from the list in Figure 5-7. Using the first three makes sense:,, and

The process continues until you go through every different mask. In this example, only one other mask was chosen (/30). To proceed, pick one of the currently free /24 subnets, mark it as one to be sub-subnetted, and proceed to subnet it into /30 subnets. Figure 5-8 updates the idea, showing the three allocated /24 subnets, and the next /24 subnet in sequence ( marked as the one to subnet further to create the /30 subnets.

Figure 5-8

Figure 5-8 The Three Allocated /24 Subnets and the Next Subnet to Divide Further

The process continues with the same logic as before, subnetting the address range implied by using a /30 mask. That is, finding these possible /30 subnets within this range:


And so on, up through

If you again pick the first three subnets (you pick three because the requirements stated that you needed three subnets with a /30 mask), you would mark the first three in this list as allocated or used. At this point, the process is complete, other than picking exactly where to use each subnet.

Summary of the Formal VLSM Subnet Design Process

The process seems long because it takes time to work through each step. However, you essentially repeat the same process you would use to find and allocate subnets when using a single mask, just repeating the process for each successively longer mask (in other words, from the largest subnets to smallest subnets). For completeness, the following list summarizes the steps:


Step 1 Analyze the requirements for the number of hosts and subnets, choose the masks to use, and list the number of subnets needed using each mask.

Step 2 For the shortest prefix mask (largest subnets):

  1. Calculate, on paper, all possible subnets, using that one mask.
  2. Mark some subnets as allocated for use, per the requirements from step 1.
  3. Pick an unallocated subnet to be further subdivided by the next step (step 3).

Step 3 Repeat Step 2 for each mask, moving to the next longer mask (next smaller sized subnet) each time.

Practice Designing VLSM Subnets

The biggest hurdle in designing with VLSM subnets is to get through the process of finding all the subnets using each mask, particularly after the first step, when you really only care about a more limited range of subnet numbers. The following practice problems help with that process.

Table 5-7 lists the problems. To answer these problems, choose subnet IDs, lowest to highest, first allocating subnets for the largest subnets, then for the next largest subnets, and so on. Always choose the numerically lowest subnet IDs if you want your answer to match what is listed at the end of this chapter.

Table 5-7. VLSM Subnet Design Practice Problems


Classful Network

First Requirement

Second Requirement

Third Requirement


3 subnets, /22

3 subnets, /25

3 subnets, /30


3 subnets, /27

3 subnets, /28

3 subnets, /30

  • + Share This
  • 🔖 Save To Your Account