Complete IPv4 Subnetting & CIDR Guide
What is subnetting?
Subnetting is the practice of logically dividing a single IP network into multiple smaller networks called subnets. Rather than assigning all devices to one flat network, a network administrator segments the address space into groups — each with its own network address, broadcast address, and range of usable host addresses.
Subnetting serves three core purposes: efficient IP address utilization (avoiding waste), network performance (reducing broadcast domains), and security (isolating segments from each other with firewalls and ACLs).
Anatomy of an IPv4 address
An IPv4 address is a 32-bit number divided into four 8-bit groups called octets, separated by dots.
Each octet can range from 0 to 255. The address 192.168.10.5 represents four octets: 192, 168, 10, and 5.
Every IPv4 address has two logical components defined by a subnet mask:
- Network portion: bits that identify the network the host belongs to
- Host portion: bits that identify the specific device within that network
Binary representation
Subnetting makes the most sense when you think in binary. Each octet is 8 bits. The address 192.168.1.1 in binary is:
11000000 . 10101000 . 00000001 . 00000001
192 168 1 1
The subnet mask uses consecutive 1-bits for the network portion and 0-bits for the host portion. A mask of 255.255.255.0 in binary is 24 ones followed by 8 zeros:
11111111 . 11111111 . 11111111 . 00000000
255 255 255 0Wherever the mask has a 1, that bit belongs to the network. Wherever it has a 0, that bit belongs to the host.
Classful network addressing
Before CIDR, IPv4 addresses were divided into fixed classes. Understanding these classes is still useful for recognizing private address ranges and default behaviors in older documentation.
| Class | First Octet Range | Default Mask | CIDR | Hosts per Network |
|---|---|---|---|---|
| A | 1 – 126 | 255.0.0.0 | /8 | 16,777,214 |
| B | 128 – 191 | 255.255.0.0 | /16 | 65,534 |
| C | 192 – 223 | 255.255.255.0 | /24 | 254 |
| D | 224 – 239 | N/A (Multicast) | N/A | – |
| E | 240 – 255 | N/A (Reserved) | N/A | – |
Understanding subnet masks
A subnet mask is a 32-bit value that defines the network and host boundaries of an IP address. It always consists of a contiguous block of 1-bits followed by a contiguous block of 0-bits — no alternating patterns.
To find the network address of a host, perform a bitwise AND between the IP address and the subnet mask. For example:
IP Address: 192.168.5.130 → 11000000.10101000.00000101.10000010
Subnet Mask: 255.255.255.128 → 11111111.11111111.11111111.10000000
──────────────────────────────────────
Network Addr: 192.168.5.128 → 11000000.10101000.00000101.10000000CIDR notation explained
Classless Inter-Domain Routing (CIDR), introduced in 1993 (RFC 1519), replaced classful networking with a more flexible system. Instead of fixed class boundaries, CIDR allows any prefix length from /0 to /32.
CIDR notation appends the prefix length to an IP address with a slash: 10.0.0.0/8.
The prefix length is simply the number of consecutive 1-bits in the subnet mask.
/8= 255.0.0.0 — 8 network bits, 24 host bits/16= 255.255.0.0 — 16 network bits, 16 host bits/24= 255.255.255.0 — 24 network bits, 8 host bits/30= 255.255.255.252 — 30 network bits, 2 host bits (point-to-point links)
CIDR reference table
This table covers the most common subnet sizes from /16 through /30.
| CIDR | Subnet Mask | Total Addresses | Usable Hosts | Wildcard Mask |
|---|---|---|---|---|
| /16 | 255.255.0.0 | 65,536 | 65,534 | 0.0.255.255 |
| /17 | 255.255.128.0 | 32,768 | 32,766 | 0.0.127.255 |
| /18 | 255.255.192.0 | 16,384 | 16,382 | 0.0.63.255 |
| /19 | 255.255.224.0 | 8,192 | 8,190 | 0.0.31.255 |
| /20 | 255.255.240.0 | 4,096 | 4,094 | 0.0.15.255 |
| /21 | 255.255.248.0 | 2,048 | 2,046 | 0.0.7.255 |
| /22 | 255.255.252.0 | 1,024 | 1,022 | 0.0.3.255 |
| /23 | 255.255.254.0 | 512 | 510 | 0.0.1.255 |
| /24 | 255.255.255.0 | 256 | 254 | 0.0.0.255 |
| /25 | 255.255.255.128 | 128 | 126 | 0.0.0.127 |
| /26 | 255.255.255.192 | 64 | 62 | 0.0.0.63 |
| /27 | 255.255.255.224 | 32 | 30 | 0.0.0.31 |
| /28 | 255.255.255.240 | 16 | 14 | 0.0.0.15 |
| /29 | 255.255.255.248 | 8 | 6 | 0.0.0.7 |
| /30 | 255.255.255.252 | 4 | 2 | 0.0.0.3 |
| /31 | 255.255.255.254 | 2 | 0 (P2P) | 0.0.0.1 |
| /32 | 255.255.255.255 | 1 | 0 (host route) | 0.0.0.0 |
Formula: Total addresses = 2(32 − prefix). Usable hosts = total addresses − 2.
How to subnet manually
While our calculator handles this instantly, understanding the manual process is essential for exams and interviews. The steps are: identify the requirements, choose an appropriate prefix, calculate the network address, find the broadcast address, and derive the host range.
Worked example: dividing 192.168.10.0/24 into four equal subnets
You have the network 192.168.10.0/24 and need to create 4 subnets of equal size.
- Determine bits needed: 4 subnets requires 2 bits (2² = 4). Borrow 2 bits from the host portion.
- New prefix: /24 + 2 = /26. Each subnet has 64 addresses, 62 usable.
- Subnet increment: 256 − 192 = 64. Each subnet starts 64 addresses after the previous.
Subnet 1: 192.168.10.0/26 hosts: .1 – .62 broadcast: .63
Subnet 2: 192.168.10.64/26 hosts: .65 – .126 broadcast: .127
Subnet 3: 192.168.10.128/26 hosts: .129 – .190 broadcast: .191
Subnet 4: 192.168.10.192/26 hosts: .193 – .254 broadcast: .255Verify your manual calculations
Use our calculator to instantly confirm any subnet result and catch errors before they reach production.
Open Subnet CalculatorPrivate IP address ranges
RFC 1918 defines three ranges of IP addresses reserved for private use. These addresses are not routable on the public internet and are used within homes, offices, and data centers.
| Range | CIDR Block | Class | Total Addresses |
|---|---|---|---|
| 10.0.0.0 – 10.255.255.255 | 10.0.0.0/8 | A | 16,777,216 |
| 172.16.0.0 – 172.31.255.255 | 172.16.0.0/12 | B | 1,048,576 |
| 192.168.0.0 – 192.168.255.255 | 192.168.0.0/16 | C | 65,536 |
Variable Length Subnet Masking (VLSM)
VLSM allows different subnets within the same network to have different sizes. Instead of carving equal-sized subnets, you allocate exactly as many addresses as each segment needs — reducing waste dramatically.
For example, a WAN link between two routers only needs 2 usable IPs — a /30 subnet is perfect. A department with 50 workstations needs at least a /26. VLSM lets you use both sizes within the same address block.
Wildcard masks
A wildcard mask is the bitwise inverse of a subnet mask. Where a subnet mask uses 1s to indicate the network portion, a wildcard mask uses 0s. Wildcard masks are used in Cisco ACLs and OSPF area statements.
To calculate a wildcard mask: subtract each octet of the subnet mask from 255.
Subnet mask: 255.255.255.0
Wildcard mask: 0.0.0.255 (255−255, 255−255, 255−255, 255−0)
In an ACL, permit 10.0.0.0 0.255.255.255 permits any address in the 10.0.0.0/8 range.
A wildcard of 0.0.0.0 means match exactly one host (equivalent to /32).
Common subnetting mistakes
- Using the network address as a host IP: The first address in a subnet (network address) cannot be assigned to a device.
- Using the broadcast address: The last address in a subnet is reserved for broadcast and cannot be assigned to a host.
- Off-by-one on host counts: A /24 has 256 addresses but only 254 usable hosts. Always subtract 2.
- Overlapping subnets: When using VLSM, carefully track your allocations to avoid overlapping ranges.
- Confusing wildcard with subnet masks: They are inverses of each other. Using the wrong one in an ACL will match the wrong hosts.
- Forgetting about the default gateway: The gateway also consumes one IP from the usable host range.