IP subnetting is one of the most fundamental skills in networking. Whether you're designing a corporate network, studying for certifications like CCNA or Network+, configuring firewalls, or troubleshooting connectivity issues, understanding how to divide IP networks into smaller subnets is essential. This guide covers everything from the basics of binary IP addressing to advanced Variable Length Subnet Masking (VLSM), with practical examples you can apply immediately.
Try Our Free Subnet Calculator →An IPv4 address is a 32-bit number represented in dotted-decimal notation as four octets (each ranging from 0 to 255). For example, 192.168.1.100 is actually the binary value:
Every IPv4 address has two components: the network portion (identifying the network) and the host portion (identifying the specific device on that network). The subnet mask determines where the boundary between these two portions falls.
A subnet mask is a 32-bit number that uses 1 bits to indicate the network portion and 0 bits for the host portion. Like IP addresses, it's written in dotted-decimal notation. Here are the most common subnet masks:
| CIDR | Subnet Mask | Binary | Total Addresses | Usable Hosts |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 11111111.00000000.00000000.00000000 | 16,777,216 | 16,777,214 |
| /16 | 255.255.0.0 | 11111111.11111111.00000000.00000000 | 65,536 | 65,534 |
| /24 | 255.255.255.0 | 11111111.11111111.11111111.00000000 | 256 | 254 |
| /25 | 255.255.255.128 | 11111111.11111111.11111111.10000000 | 128 | 126 |
| /26 | 255.255.255.192 | 11111111.11111111.11111111.11000000 | 64 | 62 |
| /27 | 255.255.255.224 | 11111111.11111111.11111111.11100000 | 32 | 30 |
| /28 | 255.255.255.240 | 11111111.11111111.11111111.11110000 | 16 | 14 |
| /29 | 255.255.255.248 | 11111111.11111111.11111111.11111000 | 8 | 6 |
| /30 | 255.255.255.252 | 11111111.11111111.11111111.11111100 | 4 | 2 |
| /32 | 255.255.255.255 | 11111111.11111111.11111111.11111111 | 1 | 1 |
CIDR (Classless Inter-Domain Routing) notation is the standard way to express network and subnet information. It's written as an IP address followed by a slash and the number of network bits. For example, 10.0.0.0/16 means the first 16 bits identify the network, leaving 16 bits for host addresses.
The formula for calculating hosts in a CIDR block is straightforward:
The two subtracted addresses are the network address (all host bits are 0) and the broadcast address (all host bits are 1). On point-to-point links using /31 subnets (per RFC 3021), both addresses can be used as hosts since there's no need for a broadcast address.
Given an IP address and a subnet mask, a subnet calculator determines several key values. Let's walk through an example with 192.168.10.50/26:
A subnet calculator performs all these steps instantly, eliminating the risk of binary arithmetic errors.
The wildcard mask is the inverse of the subnet mask — every bit is flipped. Wildcard masks are primarily used in Cisco access control lists (ACLs) and routing protocol configurations.
| Subnet Mask | Wildcard Mask | CIDR |
|---|---|---|
| 255.0.0.0 | 0.255.255.255 | /8 |
| 255.255.0.0 | 0.0.255.255 | /16 |
| 255.255.255.0 | 0.0.0.255 | /24 |
| 255.255.255.128 | 0.0.0.127 | /25 |
| 255.255.255.192 | 0.0.0.63 | /26 |
| 255.255.255.252 | 0.0.0.3 | /30 |
VLSM allows you to create subnets of different sizes within the same network, rather than using a single subnet mask everywhere. This dramatically improves IP address utilization.
Consider a company with the network 172.16.0.0/16 that needs to accommodate:
| Network Segment | Hosts Needed | Subnet | Allocated |
|---|---|---|---|
| Engineering LAN | 200 | /24 (254 hosts) | 172.16.1.0/24 |
| Sales LAN | 100 | /25 (126 hosts) | 172.16.2.0/25 |
| Guest Wi-Fi | 50 | /26 (62 hosts) | 172.16.2.128/26 |
| Point-to-Point Link 1 | 2 | /30 (2 hosts) | 172.16.2.192/30 |
| Point-to-Point Link 2 | 2 | /30 (2 hosts) | 172.16.2.196/30 |
Without VLSM, using a single /24 for everything would waste hundreds of addresses on the point-to-point links. VLSM matches each subnet to its actual requirement, preserving addresses for future growth.
When designing networks, you'll use private IP addresses defined in RFC 1918. These addresses are not routable on the public internet and are used for internal networks behind NAT:
Most home routers default to 192.168.1.0/24 or 192.168.0.0/24, providing 254 usable addresses. This is more than sufficient for a typical home with dozens of devices. If you're running a smart home with many IoT devices, a /24 still provides ample room.
A typical office might use VLANs with /24 subnets for each department: 10.10.1.0/24 for Engineering, 10.10.2.0/24 for Sales, 10.10.3.0/24 for Management, and so on. This keeps broadcast traffic isolated within each department while allowing inter-VLAN routing through a layer 3 switch or router.
AWS VPCs typically use /16 CIDR blocks (e.g., 10.0.0.0/16), with subnets divided into /24 blocks for different availability zones and tiers. Public subnets host load balancers and NAT gateways, while private subnets host application servers and databases. Proper subnetting in the cloud is critical for security and scalability.
Data centers use larger address blocks and more granular subnetting. A common pattern is to use the second octet for the data center location, the third for the rack or function, and the fourth for individual hosts. For example, 10.DC.RACK.HOST/24 allows systematic allocation across thousands of devices.
Memorize these common CIDR blocks — they cover the vast majority of real-world scenarios:
A subnet calculator takes an IP address and subnet mask (or CIDR prefix) and computes the network address, broadcast address, usable host range, total number of hosts, wildcard mask, and binary representation. It automates the binary arithmetic involved in subnetting, eliminating calculation errors and saving significant time, especially for non-standard prefix lengths like /22 or /27.
CIDR (Classless Inter-Domain Routing) notation expresses a subnet as an IP address followed by a slash and the number of network bits. For example, 192.168.1.0/24 means 24 bits identify the network and 8 bits identify hosts. CIDR replaced the old classful system (Class A/B/C) and allows flexible, efficient IP allocation. The prefix length can be any number from 0 to 32.
A /24 subnet has 256 total addresses (2^8) and 254 usable host addresses (256 minus 2). The first address is the network address and the last is the broadcast address — neither can be assigned to a host. For example, 192.168.1.0/24 has usable hosts from 192.168.1.1 through 192.168.1.254.
A subnet mask uses 1s for network bits and 0s for host bits. A wildcard mask is the exact inverse — 0s for network bits and 1s for host bits. For /24, the subnet mask is 255.255.255.0 and the wildcard mask is 0.0.0.255. Wildcard masks are primarily used in Cisco router ACLs and some routing protocols like OSPF.
VLSM (Variable Length Subnet Masking) allows a network to be divided into subnets of different sizes. Instead of using the same subnet mask everywhere, you assign smaller subnets to segments with fewer devices (like /30 for point-to-point links with 2 hosts) and larger subnets to segments with more devices (like /24 for LANs with up to 254 hosts). This prevents IP address waste and is standard practice in modern network design.
Subnetting provides four key benefits: (1) Reduced broadcast domains — smaller subnets mean less broadcast traffic, improving network performance. (2) Enhanced security — you can apply firewall rules and access controls between subnets. (3) Efficient address utilization — VLSM prevents wasting IP addresses. (4) Logical organization — subnets let you group devices by department, function, or location, simplifying management and troubleshooting.
Set the first N bits to 1 (where N is the CIDR prefix) and the remaining bits to 0. For /24: 11111111.11111111.11111111.00000000 = 255.255.255.0. For /26: the first 26 bits are 1s, giving 11111111.11111111.11111111.11000000 = 255.255.255.192. For non-octet boundaries, convert the partial octet: 11000000 binary = 128+64 = 192 decimal. A subnet calculator handles this instantly for any prefix length.