Subnet Mask problem

I'm studying for a test and found myself in a "dead end" with a question about netmasks.

The question is:

Based on the next figure, once both sub-nets are configured, 
it's observed that hosts in a sub-net can't access hosts in the other sub-net. 
The IP's for each station and for the router are:

Station 01: 172.16.78.192
Station 02: 172.16.74.3
Station 03: 172.16.94.3
Station 04: 172.16.82.254

Router's port 01: 172.16.65.1
Router's port 02: 172.16.88.1

Figure:
[Station 01]-------------------------------[Station 02]
                            | 
                            | port 01
                         [Router]   
                            | port 02
                            |
[Station 03]--------------------------------[Station 04]  

This problem is caused because of the netmask that was chosen. 
Which of the following netmasks will allow all hosts to communicate
in a correct form?

a) 255.255.240.0    ---- **This is marked as the correct answer in the book**
b) 255.255.248.0
c) 255.255.252.0
d) 255.255.224.0    ---- **This is what I think is the correct answer**
e) 255.255.232.0

Why I think 255.255.224.0 is the correct one?

Router's port 01: 172.16.65.1
Router's port 02: 172.16.88.1

I know the netmask will end as 255.255.X.0, 
so transforming the ports IP's to binary:

Port 01: 0 1 0 0 0 0 0 1 . 0 0 0 0 0 0 0 0 = 65.0
Port 02: 0 1 0 1 1 0 0 0 . 0 0 0 0 0 0 0 0 = 88.0

For all the hosts to be able to communicate with each other, they must be in the same network, right?

So, if the mask is 255.255.224.0, we have the last 2 bytes as:

1 1 1 0 0 0 0 0 . 0 0 0 0 0 0 0 0 = 224. 0 

And doing an AND with the Router's port:

          NET  |             HOSTS
Port 01: 0 1 0 | 0 0 0 0 1 . 0 0 0 0 0 0 0 0 = 65 . 0
Port 02: 0 1 0 | 1 1 0 0 0 . 0 0 0 0 0 0 0 0 = 88 . 0
Netmask: 1 1 1 | 0 0 0 0 0 . 0 0 0 0 0 0 0 0 = 224 . 0

Resulting in: 0 1 0 0 0 0 0 0 . 0 0 0 0 0 0 0 0 = 64. 0

All hots will be in the network: 172.16.64.0, being able to communicate with each other.

Is that correct? Or the correct netmask would really need to be 255.255.240.0 and if so, why is that? I can't seem to understand that.

Thanks everyone!


Solution 1:

The hosts which are within the same broadcast domain need to communicate with each other and be in the same IP network based on the IP/netmask definition. The router is interconnecting two broadcast domains (i.e. two physical networks), thus to perform its function, the respective router IP interface needs to be able to communicate with each other host within the same broadcast domain. What you get is a situation where these three IP hosts

Station 01: 172.16.78.192
Station 02: 172.16.74.3
Router's port 01: 172.16.65.1

need to be in network 1 and these three IP hosts

Station 03: 172.16.94.3 
Station 04: 172.16.82.254 
Router's port 02: 172.16.88.1

need to be in network 2 - data between the two networks is going through the router. That's what you get with answer a). Answer d) just places all hosts within the same IP network, thus making the stations 01 and 02 assume that there is no router needed to communicate with stations 03 and 04 and obviously breaking interconnection.

but could you elaborate why netmask 255.255.240.0 is the correct one?

you pick a netmask which is valid with both of the following conditions:

  1. IP addresses 172.16.78.192, 172.16.74.3 and 172.16.65.1 are within one network
  2. IP addresses 172.16.94.3, 172.16.82.254 and 172.16.88.1 are not within the same network as the addresses in 1.

Some math first: The binary representation of 240 is 11110000 - leaving 4 bits (or 2^4 = 16 permutations) for your "host" part in the 3. octet of the address. Now you need to make an estimation: "16" would be roughly enough to incorporate 65, 74 and 78 within the same network as the span between 65 and 78 is just 78-65=13. To check if it really will work out, you need to find the highest multiple of 16 smaller or equal to 65 (your lowest address number) - that would be 16 * 4 = 64. Then add 16 to the result to see if your highest address number is still within the range: 64 + 16 = 80.

By following this calculation you see that the address range 172.16.64.0 - 172.16.80.255 would be within one network defined by the mask 255.255.240.0 (CIDR notation 172.16.64.0/20) and complies with both of the conditions above.