The “ip subnet-zero” Command

For those who haven’t worked with IOS versions prior to 12.0, the ip subnet-zero command might be quite mysterious.  It is actually straightforward and easy to grasp.  First though, a little background must be discussed.  Most importantly to understanding this command is the definition of a zero subnet.  To understand this, let’s review what a subnet actually is.

In RFC791, when the Internet Protocol was introduced, there was no mention of subnet mask.  Although each IP address had a network component and a host component, these were determined by the class (A, B, C, D, and E).  The class of address was assumed based on the first few bits of the address.  The following list shows the address ranges that are used in classes A, B, and C (the ones used for unicast). – — Class A – — Class B – — Class C

* not all addresses in each range are useable

Class A addresses have one octet of network bits and three octets of host bits.
Class B addresses have two octets of network bits and two octets of host bits.
Class C addresses have three octets of network bits and one octet of host bits.



A–10 | 0 . 0 . 0

B–172 . 16 | 0 . 0

C–192 . 168 . 0 | 0

Here, the “|” (vertical bar) is used to show the boundary between the network bits and the host bits.  Although the position varies based on the address class, it is fixed within each class.

Subnet masks add flexibility to this otherwise fixed boundary.  With subnet masks, we locate the bits that are ones and the bits that are zero.  The point at which the ones meet the zeros is where we will place the vertical bar.  For example– would define that the first three octets are part of the network and the last octet represents the host portion of the address.

In application, the subnet mask allows flexibility for address assignment.  Additionally, it allows large networks to be broken into smaller “subnets”.

For example we can make a class A network behave like several class C networks.

10 | 0 . 0 . 0 — Class A
255.255.255| 0 — Subnet mask

In the first line above, the vertical bar represents the classful boundary.  In the second line, the vertical bar represents how we intend to further subdivide the network.  This gives us the ability to have many subnets, or smaller networks.  Using the subnet mask of would produce the following subnetworks.
…(omitted for brevity)
…(omitted for brevity)
…(omitted for brevity)


The bits (or in this case octets or groups of eight bits) between the classful boundary and the subnetted boundary is called the subnet.

RFC950 States

“In certain contexts, it is useful to have fixed addresses with functional significance rather than as identifiers of specific hosts.  When such usage is called for, the address zero is to be interpreted as meaning “this”, as in “this network”.  The all-ones address is to be interpreted as meaning “all”, as in “all hosts”.  For example, the address could be interpreted as meaning all hosts on the network 128.9.  Or, the address could be interpreted as meaning host 37 on this network.”

It is useful to preserve and extend the interpretation of these special addresses in subnetted networks.  This means the values of all zeros and all ones in the subnet field should not be assigned to actual (physical) subnets.

Back to the example.

10 | 0 . 0 . 0 — Class A
255.255.255| 0 — Subnet mask

In this case, the second and third octets are the subnets.  The subnet zero would be  The all-ones subnet would be (11111111 = 255).  So the two subnet addresses that RFC950 discourages in this case are:

The is the zero subnet

If we fast forward a little bit, RFC1878 basically obsoletes this reservation of these two special case addresses.

For the sake of completeness within this memo, tables 2-1 and 2-2 illustrate some options for subnet/host portions within selected block sizes using calculations which exclude all-zeros and all-ones subnets [2].  Many vendors only support subnetting based upon this premise.  This practice is obsolete!  Modern software will be able to utilize all definable networks.

The “ip subnet-zero” IOS command deals with subnet-zero.  Some claims have been made that it affects the all-ones subnet as well.  From testing various versions, it seems to only have an effect on the zero subnet.  Prior to version 12, the zero subnet was not allowed by default.  This is synonymous with “no ip subnet-zero”.  Starting with IOS 12, the default was “ip subnet-zero”.  This allows for the use of the zero subnet, ( in our example.


Below is a demonstration of how “ip subnet-zero” affects a router.

//disable subnet-zero
//default is “ip subnet-zero”
MyRtr(config)#no ip subnet-zero

//see what it breaks (zero subnet)
MyRtr(config)#int loopback 1
MyRtr(config-if)#ip address
Bad mask /24 for address

//typical subnet (not zero or all-ones)
MyRtr(config-if)#int loopback 2
MyRtr(config-if)#ip address

//all-ones subnet
MyRtr(config-if)#int loopback 3
MyRtr(config-if)#ip address

MyRtr(config-if)#do show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Loopback1                  unassigned      YES manual up                    up
Loopback2                YES manual up                    up
Loopback3            YES manual up                    up

//reenable subnet zero
MyRtr(config-if)#ip subnet-zero
MyRtr(config)#int loopback1
MyRtr(config-if)#ip address
MyRtr(config-if)#do show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Loopback1                YES manual up                    up
Loopback2                YES manual up                    up
Loopback3            YES manual up                    up

The “ip subnet-zero” command allows previously discoureged addresses to be used.  The current CCNA materials do not address subnet-zero.  When taking an exam, candidates should assume and calculate subnets assuming that the zero and all-ones subnet can be used.  However, this does not completely eliminate the history of the protocol and the existence of the command.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Career. Bookmark the permalink.

6 Responses to The “ip subnet-zero” Command

  1. Bibelo says:

    Thank you for the examples.

    Contrary to what is explained in many other forum, it seems the last subnet is absolutely not concerned by the ip subnet-zero command. Whether it’s activated or not, the last subnet can be used on the interface. Can you confirm?

    Thank you.

    • That is my experience as well. My guess is there may be differences in some IOS versions. I see plenty of people claiming ip subnet-zero affects the all 1’s and all 0’s subnet. But I typically see it affecting the all 0’s subnet–and that is what the name implies as well.

  2. Pingback: ip subnet-zero « Brain Knowledge

  3. Amanda says:

    If we are to assume and calculate, in the exam, that the zero and all-ones subnet can be used, what happens when the question statement has a phrase such as “ip subnet zero is not configured” (the material I am using has one such question) since you said that starting with IOS 12, the default was “ip subnet-zero”.

    I am talking about the phrasing in the question. If subnet zero is not to be used, shouldn’t the question be phrased “no ip subnet-zero” is configured”?

    • Paul Stewart says:

      Wow, the phrasing you indicated is very ambiguous. I know Cisco exams aren’t perfect, but I really wouldn’t expect that level of ambiguity on the real exam. Your point is well taken. If “ip subnet-zero” is not configured, it could be considered the default [unconfigured=”ip subnet-zero” or that it subnet-zero is not configured [meaning not allowed or “no ip subnet-zero”]. That would be an evil play on words.

  4. Pingback: Am I studying with old books? *confused*

Comments are closed.