I recently wrote a two-part series about the basics of Cisco IP subnetting ("Cisco IP subnetting 101: Five things you should know" and "Cisco IP subnetting 101: Five more things you should know"). In response, several TechRepublic members posted comments in the articles' discussions or contacted me with questions and requests for more advanced information about IP subnetting.
I've decided to highlight some of these requests over the next couple weeks and address these members' questions. So, let's get started: TechRepublic member Shumkh wanted to know more about the two special cases of all 1s and all 0s subnets.
"My understanding is [that] using all 0s as the subnet mask means putting the network interface into Promiscuous Mode. Can you expand more on the practical application of these two special subnet masks?"
First, let's review some IP addressing and subnetting basics. Every network interface has an IP address and a subnet mask. The subnet mask tells the interface which devices are on the local LAN and which devices are outside the LAN.
For the devices outside the LAN, the router sends that traffic to the default gateway. If a router is the device in question, it may have specific routes to those destinations, and it may or may not have a default gateway.
All 1s subnet masks
Administrators sometimes use an all 1s subnet mask to indicate that they're talking about a single IP address or a single host. For example, you could create an access control list entry that looked something like the following example:
Access-list 1 deny 126.96.36.199 0.0.0.0
0.0.0.0 is the wildcard mask for 255.255.255.255. This access list specifies that we only want to deny the 188.8.131.52 host—not a range of hosts or a network.
Another use for the all 1s subnet mask is on an interface that only has a single IP address with no other devices on that interface. What's the purpose of such an interface? One reason is a loopback interface. Here's an example:
Router(config)# interface loopback 1 Router(config-if)# ip address 184.108.40.206 255.255.255.255 Router(config)# interface loopback 2 Router(config-if)# ip address 220.127.116.11 255.255.255.255
These interfaces only have a single IP address, and there are no other hosts connected to these interfaces.
You could also use an all 1s subnet mask to create a route that looks something like the following example:
ip route 18.104.22.168 255.255.255.255 22.214.171.124
This tells the router to only route traffic bound for the single host 126.96.36.199 to the 188.8.131.52 network. Again, the subnet mask of 255.255.255.255 tells the router to only send traffic for the 184.108.40.206 single host to the 220.127.116.11 next hop.
All 1s IP address
The all 1s IP address—255.255.255.255 (as a destination IP address)—is a special IP address. This IP address is the "all hosts" broadcast address. Sending a packet to this IP address will send it to all hosts on the network.
All 0s IP address and
Zero/zero (0/0) is a special route in the routing table of a router or on a PC. The zero/zero route is the default. In other words, it means if you don't know where to send traffic, send it here. It looks like this:
IP 0.0.0.0 Subnet Mask 0.0.0.0 Destination x.x.x.x
All 0s subnet masks
If a PC is having trouble getting an IP address from a DHCP server, it will sometimes have an IP address of 0.0.0.0 and a subnet mask of 0.0.0.0. These addresses are not normal—and not useable.
A subnet mask that's all 0s (e.g., IP address: 192.168.1.1, subnet mask 0.0.0.0) is invalid, and it doesn't mean that a PC is in Promiscuous Mode. Promiscuous Mode has nothing to do with IP addressing, which is at Layer 3 (the network layer). Instead, Promiscuous Mode has everything to do with Layer 2 (the data-link layer).
Each packet that comes to a computer on an Ethernet network has a hardware (MAC) address. When a computer receives a particular packet, it checks the MAC address to see if the packet's address is for that computer. If not, the network card rejects the packet. When in Promiscuous Mode, the network card doesn't reject the packet—and, in fact, accepts and reads all packets.
Systems that are in Promiscuous Mode—and not because the administrator put them in this mode—are a security risk. There are ways to find systems in this mode. For more information, check out this PDF from SecurityFriday: "Detection of Promiscuous Nodes Using ARP Packets."
Stay tuned: Next time, I'll address another member's question about advanced IP subnetting.
Miss a column?
Check out the Cisco Routers and Switches Archive, and catch up on David Davis' most recent columns.
Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!
David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.