· 12 min read
IP subnetting is one of those networking concepts that seems intimidating at first but becomes second nature once you understand the fundamentals. Whether you're a network administrator managing enterprise infrastructure, a developer configuring cloud resources, or studying for your CCNA certification, mastering subnetting is essential.
This comprehensive guide breaks down everything you need to know about IP subnetting, CIDR notation, subnet masks, and how to calculate network ranges. We'll cover the theory, walk through practical examples, and show you how to apply these concepts in real-world scenarios.
Subnetting is the process of dividing a larger network into smaller, more manageable sub-networks (subnets). Think of it like dividing a large office building into separate floors and departments—each subnet operates as its own logical network segment while still being part of the larger network infrastructure.
The primary reasons network administrators use subnetting include:
Without subnetting, you'd be stuck with the default network classes, which are far too rigid for modern networking needs. A Class C network gives you 254 usable addresses—too many for a small office but not enough for a medium-sized company. Subnetting solves this inflexibility.
Before diving into subnetting mechanics, you need to understand how IP addresses work at the binary level. An IPv4 address consists of 32 bits divided into four octets (8-bit segments), typically written in dotted decimal notation like 192.168.1.100.
Each octet can represent values from 0 to 255 (2^8 = 256 possible values). Here's how the address 192.168.1.100 looks in binary:
192 .168 .1 .100
11000000 .10101000 .00000001 .01100100Every IP address has two components:
The subnet mask determines where the network portion ends and the host portion begins. This boundary is what subnetting manipulates to create smaller networks from larger ones.
Pro tip: You don't need to memorize binary conversions. Use our IP Subnet Calculator to instantly convert between decimal and binary, calculate subnet ranges, and visualize network boundaries.
A subnet mask is a 32-bit number that masks (hides) the host portion of an IP address, revealing only the network portion. It uses consecutive 1s for the network bits and consecutive 0s for the host bits.
For example, the subnet mask 255.255.255.0 in binary is:
11111111.11111111.11111111.00000000This mask indicates that the first 24 bits represent the network, and the last 8 bits represent the host. When you perform a bitwise AND operation between an IP address and its subnet mask, you get the network address.
Let's see this in action with IP 192.168.1.100 and mask 255.255.255.0:
IP Address: 11000000.10101000.00000001.01100100 (192.168.1.100)
Subnet Mask: 11111111.11111111.11111111.00000000 (255.255.255.0)
----------------------------------------
Network Addr: 11000000.10101000.00000001.00000000 (192.168.1.0)The subnet mask tells routers and devices which addresses are local (same subnet) and which require routing to reach. This is fundamental to how IP routing works across the internet and private networks.
The number of host bits determines how many devices can exist on a subnet. With 8 host bits (as in 255.255.255.0), you get 2^8 = 256 total addresses. However, two addresses are always reserved:
This means a /24 network actually provides 254 usable host addresses, not 256. This reservation applies to all subnet sizes—always subtract 2 from the total to get usable addresses.
Classless Inter-Domain Routing (CIDR) notation provides a compact way to represent IP addresses and their associated subnet masks. Instead of writing 192.168.1.0 255.255.255.0, you write 192.168.1.0/24.
The number after the slash (called the prefix length) indicates how many bits are set to 1 in the subnet mask. A /24 means the first 24 bits are network bits, leaving 8 bits for hosts.
CIDR was introduced in 1993 to replace the rigid class-based system and slow the exhaustion of IPv4 addresses. It allows for much more flexible and efficient address allocation.
/24 is much easier to read and communicate than 255.255.255.0Quick tip: Common CIDR prefixes to memorize: /24 = 254 hosts, /25 = 126 hosts, /26 = 62 hosts, /27 = 30 hosts, /28 = 14 hosts, /29 = 6 hosts, /30 = 2 hosts (point-to-point links).
Calculating subnets manually involves several steps, but once you understand the process, it becomes straightforward. Let's work through a complete example.
Suppose you have the network 172.16.0.0/16 and need to create subnets for 4 departments, each requiring about 4,000 hosts.
Step 1: Determine required host bits
You need 4,000 hosts per subnet. Find the smallest power of 2 that's greater than 4,000:
You need 12 host bits, which means 32 - 12 = 20 network bits, giving you a /20 subnet mask.
Step 2: Calculate the subnet mask
A /20 mask in binary is 20 ones followed by 12 zeros:
11111111.11111111.11110000.00000000 = 255.255.240.0Step 3: Determine the subnet increment
The increment is determined by the last non-zero octet in the subnet mask. For 255.255.240.0, that's 240 in the third octet. The increment is 256 - 240 = 16.
Step 4: List the subnet ranges
Starting from 172.16.0.0, add the increment (16) to the third octet:
172.16.0.0/20 (172.16.0.1 - 172.16.15.254)172.16.16.0/20 (172.16.16.1 - 172.16.31.254)172.16.32.0/20 (172.16.32.1 - 172.16.47.254)172.16.48.0/20 (172.16.48.1 - 172.16.63.254)Each subnet provides 4,094 usable host addresses (4,096 - 2 reserved addresses).
Network engineers often use the "magic number" shortcut for quick calculations. The magic number is 256 minus the subnet mask octet value.
For 255.255.255.192 (a /26 mask):
This method works for any octet and makes mental math much faster when you're working with subnets in the field.
While CIDR has largely replaced the class-based system, understanding IP address classes is still important for historical context and certain networking scenarios.
| Class | Range | Default Mask | Networks | Hosts per Network |
|---|---|---|---|---|
| Class A | 1.0.0.0 - 126.255.255.255 | 255.0.0.0 (/8) | 126 | 16,777,214 |
| Class B | 128.0.0.0 - 191.255.255.255 | 255.255.0.0 (/16) | 16,384 | 65,534 |
| Class C | 192.0.0.0 - 223.255.255.255 | 255.255.255.0 (/24) | 2,097,152 | 254 |
| Class D | 224.0.0.0 - 239.255.255.255 | N/A (Multicast) | N/A | N/A |
| Class E | 240.0.0.0 - 255.255.255.255 | N/A (Reserved) | N/A | N/A |
RFC 1918 defines three private IP address ranges that are not routable on the public internet. These are used for internal networks and must be translated via NAT (Network Address Translation) to access the internet.
You'll also encounter special-purpose addresses like 127.0.0.0/8 (loopback), 169.254.0.0/16 (link-local/APIPA), and 0.0.0.0/8 (default route).
Let's work through real-world scenarios you might encounter when designing or troubleshooting networks.
You're setting up a small office with 50 employees. You want separate subnets for employees, guests, and IoT devices.
Requirements:
Solution:
Start with 192.168.1.0/24. You need 3 subnets, so borrow 2 bits from the host portion (2^2 = 4 subnets). This gives you a /26 mask (255.255.255.192), providing 62 usable hosts per subnet.
192.168.1.0/26 (192.168.1.1 - 192.168.1.62)192.168.1.64/26 (192.168.1.65 - 192.168.1.126)192.168.1.128/26 (192.168.1.129 - 192.168.1.190)192.168.1.192/26 (for future expansion)This design provides room for growth and maintains logical separation between network segments for security and management purposes.
A company has 5 branch offices that need to connect to headquarters. Each branch has different size requirements.
Requirements:
Solution using VLSM:
Start with 10.0.0.0/8 and allocate appropriately sized subnets:
10.0.0.0/23 (510 hosts) - 10.0.0.1 to 10.0.1.25410.0.2.0/24 (254 hosts) - 10.0.2.1 to 10.0.2.25410.0.3.0/25 (126 hosts) - 10.0.3.1 to 10.0.3.12610.0.3.128/26 (62 hosts) - 10.0.3.129 to 10.0.3.19010.0.3.192/26 (62 hosts) - 10.0.3.193 to 10.0.3.25410.0.4.0/27 (30 hosts) - 10.0.4.1 to 10.0.4.30This VLSM approach minimizes wasted IP addresses while providing each location with appropriate capacity.
Pro tip: Always allocate subnets from largest to smallest when using VLSM. This prevents fragmentation and makes it easier to summarize routes for efficient routing table management.
When connecting routers directly, you only need 2 usable IP addresses. A /30 subnet (255.255.255.252) provides exactly this.
For the link between Router A and Router B using 10.1.1.0/30:
This is the most efficient allocation for point-to-point connections. Some engineers use /31 subnets (RFC 3021) for even greater efficiency, though not all equipment supports this.
This reference table shows the most commonly used subnet masks, their CIDR notation, and the number of usable hosts they provide.
| CIDR | Subnet Mask | Usable Hosts | Common Use Case |
|---|---|---|---|
/30 |
255.255.255.252 | 2 | Point-to-point links |
/29 |
255.255.255.248 | 6 | Very small networks |
/28 |
255.255.255.240 | 14 | Small server clusters |
/27 |
255.255.255.224 | 30 | Small office departments |
/26 |
255.255.255.192 | 62 | Medium office segments |
/25 |
255.255.255.128 | 126 | Large office segments |
/24 |
255.255.255.0 | 254 | Standard small network |
/23 |
255.255.254.0 | 510 | Medium enterprise segment |
/22 |
255.255.252.0 | 1,022 | Large enterprise segment |
/21 |
255.255.248.0 | 2,046 | Very large segments |
/20 |
255.255.240.0 | 4,094 | © 2026 NetTool1.com — Free Online Network Tools |