subnet mask
Explanation 1
Author: Ji Yan
Link: https://www.zhihu.com/question/56895036/answer/447915532
Source: Zhihu
The copyright belongs to the author. For commercial reprint, please contact the author for authorization, for non-commercial reprint, please indicate the source.
Only ip4 First of all, the name of the subnet mask is very good, it is used to divide the network segment of the subnet and cover part of the IP address. To put it another way: it is used to divide which part of the IP address is the network number and which part is the machine number (this is written in the textbook). So, here comes the question: how to divide the subnet segment? Why mask IP addresses? What kind of cover-up? Now we have such an IP address: 192.168.1.129, we don't know its network number, and we don't know which part of the subnet it belongs to. We now need something to divide the subnet segment, this thing is called: subnet mask. Furthermore, we give the specific subnet mask: 255.255.255.0 Why should we give it like this? Because the length of the subnet mask is 32 bits the same as the IP address, each 8 bits is divided into a segment in advance. 255 in binary is 1111 1111. So we set the subnet mask to 255.255.255.193, okay? This depends on its binary, and the subnet mask needs to meet a condition before it can be used: 1 and 0 in its binary must be continuous. The binary of 255.255.255.193: 1111 1111.1111 1111.1111 1111.1100 0001 It can be seen that 1 is not continuous, so 255.255.255.193 cannot be used as a subnet mask. 255.255.255.0 fits the bill. How to use the subnet mask?
Answer: Use multiplication to mask the IP address. 1×1=1, 1×0=0, 0×0=0, 0×1=0 IP address: 192.168.1.129 Binary: 1100 0000.1010 1000.0000 0001.1000 0001 Subnet mask: 255.255.255.0 Binary: 1111 1111.1111 1111 .1111 1111.0000
0000
calculate:
1100 0000.1010 1000.0000 0001.1000 0001
1111 1111.1111 1111.1111 1111.0000 0000
———————————————————————————————————————
1100 0000.1010 1000.0000 0001.0000 0000
Compared with the original IP address, the calculated binary code has the last 8 bits covered with 0. Why cover up? Because we don't have to care whether the next 8 bits are 1 or 0. The subnet segment has been divided. The decimal system of 1100 0000.1010 1000.0000 0001.0000 0000: 192.168.1.0 That is to say, from 192.168.1.0 to 192.168.1.255 is the same subnet segment, and the numbers 0-255 in it can be assigned to different machines. Numbers 0-255 are all machine numbers, and the IP address shows number 129. 192.168.1.0 is the so-called network number, and it can also be written as 192.168.1 or 192.168.1.0\24 (24 refers to the 24 digits in the IP address that are not covered). The meaning of the IP address is very clear. The network segment (network number ) plus the machine number. The same IP address will be divided into different network numbers and machine numbers according to different subnet masks. ————————————————————————————————————————— But now there is a problem, my subnet mask The last 8 digits of the code are all 0, what if the last 8 digits are not all 0? What do you mean? Now we need to see that when the above subnet mask is 255.255.255.0, the machine number is from 0 to 255, so what if I want to divide another part from 0 to 255? Give the new IP address: 192.168.1.188 and give the new subnet mask: 255.255.255.224 Now the network number of the IP is not 192.168.1.0, it is no longer the network segment 192.168.1.0 to 192.168.1.255 1100 0000.1010 1000.0000 0001.1011 1100
1111 1111.1111 1111.1111 1111.1110 0000
—————————————————————
1100 0000.1010 1000.0000 0001.1010 0000 is no longer 24 bits unmasked, but 27 bits unmasked. For the last 5 bits that are masked, we no longer need to care whether it is 1 or 0. This means: no matter how the last 5 digits are changed, they are all in the same network segment. The change of the last 5 digits is between 1100 0000.1010 1000.0000 0001.1010 0000 to 1100 0000.1010 1000.0000 0001.1011 1111. Its decimal system: 192.168.1.160 to 192.168.1.191 is the subnet segment divided by the new subnet mask. We call 192.168.1.160\27 its network number, and its machine number is randomly allocated between 160 and 191. The previous IP address: 192.168.1.188 belongs to it. Summary: The subnet mask is a tool used to cover up the IP address and divide the network segment, and divide different network segments according to the number of bits covered.
Explanation 2
Once upon a time, there was a landlord with 256 houses. The house number of the landlord’s house was “192.168.1”, so the house number of the first house in his house was 192.168.1.0, the second house was 192.168.1.1,… the 256th house The number is 192.168.1.255.
The landlord is old and needs to distribute 256 houses to his 4 sons, and distribute them equally. Each son can have 64 houses.
Invite a gentleman to uphold justice, and the gentleman operates like this:
192.168.1.0-192.168.1.63 for the eldest son
192.168.1.64-192.168.1.127 for the second son
192.168.1.128 -192.168.1.191 for the third son
192.168.1.192- 192.168.1.255 for the fourth son
How to describe the subnet segments of the four sons?
192.168.1.0/26
192.168.1.64/26
192.168.1.128/26
192.168.1.192/26
What the hell is /26?
What is 255.255.255.192 in binary? "11111111-11111111-11111111-11" How many 1s do you count? No need to count, there are 26 1s. In order to simplify the representation of the subnet mask, use /26 instead of 255.255.255.192.
Let's see how the eldest son's network segment 192.168.1.0/26 is obtained by bitwise AND operation?
Take the eldest son's room as an example:
192.168.1.0-192.168.1.63
Binary representation:
192.168.1.0
11000000.10101000.00000001.00000000
192.168.1.63
11000000.10101000.00000001.00111111
How many addresses are the same at the beginning and end?
11000000.10101000.00000001.00
How many digits are there in total? 26 bits! Then use this "192.168.1.0/26" to represent all the rooms of the eldest son.
Compared with the house number "192.168.1.199" of the room, it obviously belonged to the fourth son.
Q1: Can a host 192.168.1.199/26 communicate with a directly connected host 192.168.1.200/24?
Yes, because it is the fourth son's room.
Q2: Can a host 192.168.1.199/26 communicate with a directly connected host 192.168.1.1/24?
No, because one is the eldest son's room and the other is the fourth son's room, which cannot be directly connected to the communication!
In addition, it should be noted that when 172.16.0.0/22 is indicated, it usually means that this is a collection of network segment IPs, a collection of 1024 IPs. 172.16.0.1/22 usually means an individual IP. In other words, once the place not covered by the subnet mask is not 0, it represents an IP address.
I think 26 should be understood in this way, the mask is 32 digits, and the last 6 digits are left. According to the binary system, it is 32 16 8 4 2 1. The sum of these is 64. That is to say, 192.168.1.0/26 means from 192.168. Starting from 1.0, a total of 64 belong to the eldest son. Similarly, starting from 192.168.1.63, a total of 64 belong to the second son. So the following /26 means that 64 ips can be allocated.
If there are 8 people who share the room equally, and each person divides 256%8=32 rooms, then the mask should be 27, and the subnet of the first person should be 192.168.1.0/27, the second person's should be 192.168.1.31/27
, so you should be able to understand the meaning of the mask behind
I don't understand the last two examples, please give me some advice!
When you communicate with other computers, you probably don't know the mask of the other computer, right? Think about it carefully, so you need to use your own mask to calculate the IP of the other party, whether it is the same as your network number, if they are the same, the direct connection can communicate, otherwise it will not work.
24 can be understood as the upper network 26 can be understood as the lower network
The difference between a switch and a router
The switch is to connect multiple machines in series to form a LAN IP. The switch appeared much earlier than the router, so the router can be said to be an upgraded version of the switch. The two are related to a certain extent, and there are also certain differences.
- The types of networks to be connected are different for different purposes
. For example, the local area network is mainly connected by a switch, while the external network is connected by a router. Because the router appeared late and is more compatible, it can also be connected to the local area network. Generally, individual users do not have a large demand for routers, and they are generally used by families and companies. - Different functions
The router can connect multiple electronic devices in series and distribute IP, so that multiple hosts share one IP, but it shows only one IP address to the outside world.
The main function of the switch is to connect many hosts (or multiple LANs). Each of these hosts has its own IP display, forming a scenario where multiple ip addresses work together.
The router is actually a multi-functional device. The router can be used as a switch, and the functions of most routers are divided into three parts. The first part is the gateway, which controls the downlink network like a gate; the second part is the gateway. Part of it is to expand the wired network port. Taking home users as an example, most home routers will be equipped with more than 4 additional LAN ports; the third part is the WiFi network. Based on the popularity of 4G networks, the WiFi network function has become a must for home routers standard.
The switch is different. Except for some multi-level switches, the multi-port switches used in ordinary households only provide a purpose of "extending the wired network port". Although some switches have APs, they still function as switches. role.
To put it simply, the router acts as a network node and hub in the application scenario. This is like the main valve of the water pipe in the home. Once the first-level router is turned off, all the water pipes in the home will have no water, and the router’s downlink network will be unavailable. The switch is more like a water distribution pipe. - Different working levels
The difference between routers and switches is mainly reflected in the different levels of work. Switches work at the second layer, which is the data link layer of the OSI model. The router is at the third layer and works at the network layer of the OSI model. The main reason is that the principle of the switch is simpler than that of the router, so the router has a higher level and a wider range of functions. - The objects are different
. Simply put, the switch is used to share a network cable, and the router is used to share an IP. The objects on which their data is forwarded are different:
the switch uses the physical address or the MAC address to determine the destination address of the forwarded data. The router uses the ID numbers (that is, IP addresses) of different networks to determine the address for data forwarding. The IP address is implemented in software and describes the network where the device is located. Sometimes these third-layer addresses are also called protocol addresses or network addresses. The MAC address is usually provided by the hardware, assigned by the network card manufacturer, and has been solidified into the network card. Generally speaking, it cannot be changed. The IP address is usually automatically assigned by the network administrator or the system.
To put it simply, a router includes the function of a switch. For example, the devices in our home communicate with each other. This is a switch. The router can also connect the upper-layer network and the lower-layer network, which is the routing function. There is also a wireless connection function
WAN and LAN
Understanding WAN and LAN in Networking
WAN: Wide Area Network, wide area network. As the name suggests, WAN covers a wide area, wider than LAN and MAN, usually from tens of kilometers to thousands of kilometers, and can connect multiple cities and countries, providing long-distance communication across continents. The Internet is the largest wide area network in the world, and the wide area network is not the same as the Internet.
LAN: Local Area Network, local area network. A regional network formed by a local area is relatively small, and can be an office, a family, a company, or a network in a building. A LAN is a private network formed by all devices in a certain area, which can share resources and exchange information faster and more efficiently.
Common home network topologies at this stage, take fiber-to-the-home as an example. There is an upright cabinet-like box (light splitter box) next to the building of the unit building. When the door is opened, there are rows of connectors inside. This connector is actually the other end of the optical fiber in your weak current box. The upper end of this connector is connected to It is the operator's computer room.
Ok, let's get back to the topic, now fiber-to-the-home is available. The first thing to connect is a thing called a fiber optic cat. This thing also has a Chinese name called an optical modem (optical cat). Fiber optics are connected to this device to convert photoelectric signals. Connect a network cable from a network port of the optical modem to the WAN port of the router, and then connect a cable to our desktop through the LAN port of the router, thus realizing the network intercommunication of home devices, which is the most convenient way in the family. Simple network topology.
Therefore, we can simply understand that after fiber-to-the-home, the network comes in. After the optical fiber is connected to the optical modem, the network reaches the optical modem. After a certain network port of the optical modem is connected to the WAN port of the router, the network is connected to the router. After the LAN port of the router is connected to the computer device, the network is connected to the computer. The computer opens the browser, and we see what the network looks like.
Several networking methods of two routers
Method 1 Connect to optical modem
Same as the first router. It is also connected to the lan port of the optical modem, and some optical modems have 4 lan interfaces.
Method 2 Use the second router as a switch
This situation is actually more common. For example, we use a cat to connect to a desktop computer (a cat with multiple LANs is actually a small router), and a mobile phone to connect to a wireless router.
Plug one end of the network cable into the Lan port of the first router, and the other end into the Lan port of the second router. No need to do any settings, you can go online directly.
The cable from the LAN port of the first router is connected to the LAN port of the second router, and the other LAN port is connected to the computer. Generally, it can be used without setting, that is, the second router can be used as a fool switch.
Method 3 Secondary router
It is necessary to set
the Internet access mode of router A to select broadband dial-up mode, and then fill in the broadband account and password provided by the network operator.
Next, we will set up the second router. When setting up the second router, directly use a network cable, one end is plugged into the LAN port of router B, and the other end is plugged into the network card of the computer. However, when setting up Router B, the broadband dial-up mode can no longer be used in the Internet access mode. Router B is a subordinate router of Router A, that is, the so-called secondary router, and the upper mode can be selected as "obtain IP automatically".
At this point, the settings of the two routers have actually been completed, but if you connect the two routers now, it will not work properly, because the default gateways of the two routers are the same, and there will be conflicts if they are connected in series. Next, we need to modify the default gateway of router B (lan port, the IP address of the second router should not be the same as that of the first router, otherwise there will be conflicts.)
Directly click the "Advanced Settings" interface in the upper right corner of the router, then click Network Parameters, and then click LAN Port Settings. If the default gateway of Router A is 192.168.0.1, then the default gateway of Router B can be changed to 192.168.0.2.
Method 4 wireless bridge mode (non-mesh)
The second router is used as the WIFI signal amplifier of the first router.
Two routers are wirelessly bridged. The first step is to set up the main router. One network cable is connected to the WAN port of the main router and the optical modem, and then another network cable is inserted into the LAN port on the back of the main router, and the other end is connected to the computer. Then open the computer browser and enter the background address of the router, and enter the login password.
, After entering the setup wizard, you need to set the Internet information, pay attention to choose a channel of the wireless signal, do not choose automatic.
, You need to change the LAN Internet address to 192.168.2.1 (Xiaomi’s default is 192.168.31.1); click on the DHCP server, the default is to start, set the "DHCP address pool start address" to 192.168.2.100 and "Address pool end Address" is set to 192.168.2.149 to avoid intersection with the address pool of the second router. Save and restart the main router to access the Internet, so the main router is set up.
, The following starts the setting of the second secondary router. Enter the setting interface of the secondary router, click Network Parameters-LAN Port Settings, set the LAN address of the secondary router to 192.168.2.2 to prevent conflicts with the primary router, and also facilitate the management of the primary and secondary routers.
, Click Wireless Settings - Basic Settings, the SSID name should not be the same as the main router, the channel and the main router should be the same, check to enable WDS, click Scan on the pop-up interface, find the SSID of the main router after getting the AP list, and click the connect button next to it , it will return to the previous interface, select the same encryption method as the main router, fill in the wireless key of the main router for the key (keep it consistent with the main router), and save. Since the new WDS function is different from the old Bridge and is more advanced, it is only necessary to enable WDS on all secondary routers and fill in the information of the main route. If the main route has WDS or Bridge function enabled, please turn it off, otherwise the WDS function not available!
, After restarting, click the DHCP server on the left to enable the DHCP server. Change the start address of the address pool to: 192.168.2.150, and the default end address is 192.168.2.199 so that there will be no intersection with the main router and no conflict.
Conclusion: The biggest advantage of using two routers for bridging is that you can use old routers of different brands in your hands to achieve the purpose of expanding the signal and improve the problem of signal dead spots.
How to Intercommunicate Between Different Network Segments
Method 1 Layer 3 switch
First configure the IP address of PC1 to 192.168.1.100; then configure the IP address of PC2 to 192.168.2.100; the subnet mask is 255.255.0.0, and then
configure the IP addresses of vlan10 and vlan20 of the switch to 192.168.1.1 and 192.168.2.1 ( Gateway address)
Step 3: Configure the vlan of the interface: G0/0/1 belongs to vlan10; G0/0/2 belongs to vlan20
and then you can pin through
Method 2 fool switch
This kind of incomprehension... See https://www.sdtpy.cn/class/127564.html for details
Method 2 Intercommunication between ordinary routers
Of course, it is better to divide the VLAN configuration through the three-layer switch. Here we mainly talk about the intercommunication between ordinary routers.
One router is connected to another router, and the two routers are connected to different network segments. If you want the two network segments to communicate, you must configure a route, which is a static route.
Case 1: Communication between different network segments
For example:
A route wanport 192.168.0.1 255.255.255.0, lan port192.168.1.1 255.255.255.0
B route wanport 192.168.1.2 255.255.255.0, lan port192.168.2.1 255.255.255.0
The wan port of A route can be understood as the address of the superior device
Router B is connected to the lan port under Router A.
If route A wants to access the computer on the lan port under route B, that is, to access the ip segment of 192.168.2.0, you need to add a static route
| Destination address | subnet mask | The other party's routing gateway (next hop) |
|---|---|---|
| 192.168.2.0 | 255.255.255.0 | 192.168.1.2 |
Gateway y can't just be understood as the next hop, it needs professional function realization. So the gateway e is not the next hop.
Gateway (Gateway) is also called Internet connector and protocol converter. The gateway is on the transport layer to realize network interconnection. It is the most complex network interconnection device and is only used for the interconnection of two networks with different high-level protocols. Gateways can be used for both WAN interconnection and LAN interconnection. A gateway is a computer system or device that acts as a switch. A gateway is a translator between two systems that use different communication protocols, data formats or languages, or even completely different architectures. Unlike bridges, which simply convey information, gateways repackage received information to suit the needs of the destination system. At the same time, the gateway can also provide filtering and security functions. Most gateways run on top of the OSI 7-layer protocol – the application layer.
It may not be very clear, let's take a look at a more specific example
The enterprise accesses the Internet through a router R1, a local area network LAN1. Due to business needs, a router R2 is expanded and a new LAN segment LAN2 is added.
To achieve mutual communication between pc1 and pc2, the following settings can be made:
1. The gateway of pc1 points to R1 LAN 192.168.0.1
2. The gateway of pc2 points to the LAN port 192.168.1.1 of R2
3. R2's WAN port gateway 192.168.0.100 points to R1's LAN port 192.168.0.1
4. Designate a static route on R1, so that the IP with the destination IP in the 192.168.1.x network segment is forwarded to R2.
Here, the R1 static route configuration is explained separately: a static route generally consists of three parts,
Destination IP address, subnet mask, next hop (gateway) address, the information contained in creating a new static route should have the following content, and the IP packets sent to the destination address 192.168.1.0 network segment (subnet mask is 255.255 .255.0) the next hop address is 192.168.0.100.
Specific configuration location:
- If it is in a router, take TP-Link as an example, in the router configuration interface, there is a static routing table configuration to add
- If it is on the server, you can configure static routes through the command line, including adding, deleting and modifying
When setting static routing, the gateway IP must belong to the same network segment as the LAN port IP of this router.
If the destination IP address is the IP address of a host, the subnet mask must be 255.255.255.255
Case 2 The upper layer can directly access the lower layer by default
For example, the following two network segments.
PC A: 192.168.0.165 255.255.255.0
PC B:192.168.19.100 255.255.255.0
R1(192.168.0.1) ----- PC A(192.168.0.165)
|
|
R2(192.168.0.148) ------ PC B(192.168.19.100)
R2's wan is connected to R1's lan
A and B belong to different network segments. In this case, B can ping A successfully, but A cannot ping B.
Because the IP of B passes through the router net (network address translation), the external display is 192.168.0.148.
When B goes to look for A, it always jumps to R2 to look for it, and R2 jumps to R1 to look for it, so it can be found.
And A does not know the existence of B, because A goes to B, it will jump to R1, and R1 only knows the existence of R2, it will not jump the request to R2, but jump to its own upper layer after finding B
So how can A ping B?
If you want A to be able to ping B, you need to tell computer A how to route, and add a static route to computer A:
Enter the following command under dos:
route -p add destination address mask subnet mask gateway address
It means that if you want to find the "destination address", you must find it through the "gateway address". -p means permanent effect.
Therefore, corresponding to the above example, the instruction should be written as follows:
route -p add 192.168.19.0 mask 255.255.255.0 192.168.0.148。
Among them, 192.168.19.0 means that it is valid for all IPs under the 192.168.19 network segment, so that A can ping B through.
After adding, you can use route print to check whether the addition is successful. (Note that you must run dos as an administrator under win10 to add)
Why does 192.168 start with
The LAN IP usually starts with 192.168, which is the router manufacturer's fault.
People who configure routers often use the default IP address of the router as the gateway, and switching to other IP addresses is both brain-intensive and labor-intensive. Don't believe it, people who often do network maintenance set the IP address, and the input of "192.168" is sneaky. But that's not the root cause.
The early broadband access methods generally used coaxial cables. The earliest NAT gateway equipment (the gateway is like the door of the home, and the IP address is the house number). The default IP address is 192.168.0.1, so the gateway can only Use 192.168.1.1.
In order to facilitate maintenance and after-sales service, router manufacturers set 192.168.1.1 by default in the router, thus avoiding the network segment 192.168.0.X. Setting the IP address to start with 1 is just to avoid wasting IP addresses.
Question: I have two or three routers. Some routers can use 192.168.1.1 to log in to the management page, and some can use 192.168.0.1.
What is the difference between these two IPs?
Answer: 192.168.1.1 and 192.168.0.1 are used by many manufacturers For the login address of the router management page, 192.168.1.1 is widely used. It is not only used for routers, but also used for optical modem login management, printers and other network devices.
In order to avoid the conflict between the default IP address and the optical modem login management address, some router manufacturers will change the default IP address to something else. For example, the default login IP address of Tenda router and 360 router is: 192.168. ) The default login IP address of the router is 92.168.31.1, and the default login IP address of the Huawei (Glory) router is: 192.168.3.1
Not organized yet
The method of LAN intercommunication of multiple network segments is as follows:
1. First, right-click My Network Places and select Properties. 2. Click Local Area Connection. 3. Click the "Properties" button in the local area connection status. 4. Select the "TCP/IPv4" protocol, and click "Properties" below. 5. Select the "Advanced" button. 6. Click the "Add" button in the advanced TCP/IP settings. 7. Enter the IP address of the 17 network segment (take the 17 network segment as an example), and then click "Add". 8. Check whether the IP address of network segment 17 is added successfully, and click "OK". 9. Select "Close". 10. To verify whether it communicates with the 192.168.17.12 host, enter ping192.168.17.12 in the dos command window. Reprint must keep this article address: http://www.yuexw.com/a/630374/
Why can't the wan port and the lan port be in the same network segment?
A router has one of the most basic functions, which is to connect two different network segments and realize the communication between these two network segments. Therefore, the IP address of the WAN port in the router cannot be in the same subnet as the IP address of the LAN port.
instance my
The subnet mask is 255.255.255.0
A cat gateway address 192.168.1.1.
The wan of the router is 192.168.1.2. The lan port is 192.168.0.1 (the lan port is different from lan1 and lan2. The lan port is the router’s own address and lan1 is assigned...) The lan1 of the
pc connected to the cat is 192.168. 1.3 The lan1 connected to the router is 192.168.0.2
Because the router can create a new subnet and the PC is the end user, the router can create a new subnet segment but the PC cannot.