Subnetting Guide: CIDR, Subnet Masks & Design
Learn subnetting from scratch. Covers CIDR notation, subnet masks, calculating host ranges, and practical network design examples for home, office, and data center.
Subnetting is the practice of dividing a single IP network into smaller, more manageable pieces. If you manage any kind of network — home, office, cloud, or data center — subnetting determines how IP addresses are organized, how traffic is segmented, and how security boundaries are drawn.
The concept can seem intimidating because it involves binary math and an unfamiliar notation system. But the underlying logic is simple once you get a few core principles down. This guide breaks subnetting down step by step, from the basics of IP addresses through CIDR notation to real-world network planning. Use the Subnet Calculator to follow along and verify every example.
What Is an IP Address, Really?
An IPv4 address like 192.168.1.100 is a 32-bit number. The dotted-decimal format is just a human-friendly way to write it. Each of the four numbers (called octets) represents 8 bits, and each octet ranges from 0 to 255.
In binary, 192.168.1.100 is:
11000000.10101000.00000001.01100100This 32-bit number is split into two parts: a network portion (identifying which network this address belongs to) and a host portion (identifying a specific device on that network). The dividing line between network and host bits is what subnetting controls.
What Is a Subnet Mask?
The subnet mask tells devices where the network portion ends and the host portion begins. It is also a 32-bit number, but it follows a strict pattern: all the network bits are set to 1, and all the host bits are set to 0.
For example, the subnet mask 255.255.255.0 in binary is:
11111111.11111111.11111111.00000000The first 24 bits are 1s (network), and the last 8 bits are 0s (host). Any two devices sharing the same network portion are on the same subnet and can communicate directly without a router.
CIDR Notation Explained
CIDR (Classless Inter-Domain Routing) notation is a compact way to express the subnet mask. Instead of writing 255.255.255.0, you write /24 — meaning the first 24 bits are the network portion. The slash and number are appended directly to the IP address:
192.168.1.0/24This tells you everything: the network starts at 192.168.1.0, the mask has 24 network bits, and the remaining 8 bits are for hosts.
Common CIDR prefixes and what they provide:
| CIDR | Subnet Mask | Total IPs | Usable Hosts | Typical Use |
|---|---|---|---|---|
| /30 | 255.255.255.252 | 4 | 2 | Point-to-point router links |
| /28 | 255.255.255.240 | 16 | 14 | Small office, DMZ |
| /24 | 255.255.255.0 | 256 | 254 | Standard LAN |
| /20 | 255.255.240.0 | 4,096 | 4,094 | Campus network |
| /16 | 255.255.0.0 | 65,536 | 65,534 | Large organization, AWS VPC |
| /8 | 255.0.0.0 | 16,777,216 | 16,777,214 | Class A block |
The usable host count is always two fewer than the total IP count because the first address is reserved as the network address and the last address is the broadcast address. Neither can be assigned to a device.
Calculating Subnets by Hand
Here is how to calculate the key details for any subnet, using 10.0.50.0/26 as an example.
Step 1: Determine the host bits. 32 total bits minus 26 network bits = 6 host bits.
Step 2: Calculate total addresses. 2^6 = 64 total IP addresses.
Step 3: Find the network address.
The network address has all host bits set to 0. Since /26 means the subnet changes every 64 addresses, the network boundaries within the third octet fall at 0, 64, 128, and 192. The address 10.0.50.0 falls in the 0-63 range, so the network address is 10.0.50.0.
Step 4: Find the broadcast address.
The broadcast address has all host bits set to 1. For the 0-63 block, the broadcast is 10.0.50.63.
Step 5: Determine the usable range.
First usable: 10.0.50.1 (network address + 1)
Last usable: 10.0.50.62 (broadcast address - 1)
Usable hosts: 64 - 2 = 62
Step 6: Write the subnet mask.
26 bits of 1s followed by 6 bits of 0s = 11111111.11111111.11111111.11000000 = 255.255.255.192
You can verify all of this instantly using the Subnet Calculator — enter 10.0.50.0 with a /26 prefix and compare.
Dividing a Network into Subnets
Suppose you have the network 172.16.0.0/16 and need to split it into 8 equal subnets for different departments.
To create 8 subnets, you need 3 additional bits (2^3 = 8). The original prefix was /16, so the new prefix is /16 + 3 = /19.
Each /19 subnet contains 2^(32-19) = 8,192 IP addresses (8,190 usable). The 8 subnets are:
| Subnet | Network Address | Usable Range | Broadcast |
|---|---|---|---|
| 1 | 172.16.0.0/19 | 172.16.0.1 - 172.16.31.254 | 172.16.31.255 |
| 2 | 172.16.32.0/19 | 172.16.32.1 - 172.16.63.254 | 172.16.63.255 |
| 3 | 172.16.64.0/19 | 172.16.64.1 - 172.16.95.254 | 172.16.95.255 |
| 4 | 172.16.96.0/19 | 172.16.96.1 - 172.16.127.254 | 172.16.127.255 |
| 5 | 172.16.128.0/19 | 172.16.128.1 - 172.16.159.254 | 172.16.159.255 |
| 6 | 172.16.160.0/19 | 172.16.160.1 - 172.16.191.254 | 172.16.191.255 |
| 7 | 172.16.192.0/19 | 172.16.192.1 - 172.16.223.254 | 172.16.223.255 |
| 8 | 172.16.224.0/19 | 172.16.224.1 - 172.16.255.254 | 172.16.255.255 |
Real-World Network Design Examples
Home Network
Most home routers use 192.168.1.0/24, which provides 254 usable addresses. For a household with phones, laptops, smart TVs, and IoT devices, this is usually plenty. The router itself takes one address (often .1), and DHCP assigns addresses from a pool like .100 through .200.
Small Office (50 Employees)
A company with 50 employees, each with a laptop and phone, might need 120+ addresses (devices plus printers, access points, and servers). A /24 (254 usable) works, but a network-aware setup might use VLANs with separate subnets:
10.1.10.0/24— Employee workstations (254 hosts)10.1.20.0/25— VoIP phones (126 hosts)10.1.30.0/28— Servers and printers (14 hosts)10.1.40.0/28— Guest Wi-Fi (14 hosts)
Each VLAN gets its own subnet, isolating traffic types and improving security.
Cloud VPC (AWS / GCP)
AWS VPCs default to /16 (65,534 usable IPs). Within the VPC, you create smaller subnets across availability zones:
10.0.1.0/24— Public subnet, AZ-1 (web servers)10.0.2.0/24— Public subnet, AZ-2 (web servers)10.0.10.0/24— Private subnet, AZ-1 (app servers)10.0.20.0/24— Private subnet, AZ-2 (databases)
AWS reserves 5 addresses per subnet (network, broadcast, and three for internal services), so a /24 gives you 251 usable addresses instead of 254.
Data Center Spine-Leaf Architecture
Spine-leaf networks use /31 point-to-point links between switches. A /31 provides exactly 2 usable addresses with no broadcast overhead (per RFC 3021). With hundreds of inter-switch links, using /31 instead of /30 saves thousands of IP addresses compared to the traditional approach.
Private IP Address Ranges
RFC 1918 reserves three address blocks for private use. These addresses are not routable on the public internet and can be reused freely within any organization:
| Block | Range | CIDR | Total Addresses |
|---|---|---|---|
| Class A | 10.0.0.0 - 10.255.255.255 | 10.0.0.0/8 | 16,777,216 |
| Class B | 172.16.0.0 - 172.31.255.255 | 172.16.0.0/12 | 1,048,576 |
| Class C | 192.168.0.0 - 192.168.255.255 | 192.168.0.0/16 | 65,536 |
Home networks almost always use the 192.168.x.x range. Corporate networks favor the 10.x.x.x range because it offers the most address space. The 172.16.x.x range is less common but works well for medium-sized deployments.
Common Subnetting Mistakes
Sizing too tightly. If you need 30 hosts, a /27 gives you exactly 30 usable addresses. That leaves zero room for growth. A /26 (62 usable) gives comfortable headroom.
Forgetting the network and broadcast addresses. A /28 has 16 total addresses, but only 14 are assignable. Miscounting by 2 might seem minor, but it matters in tight allocations.
Overlapping subnets. When assigning multiple subnets from a larger block, make sure the ranges don’t overlap. Use the Subnet Calculator to confirm that the broadcast address of one subnet does not fall within the range of the next.
Ignoring future needs. Renumbering a network later is painful. Plan for twice the number of devices you have today, and pick your CIDR prefix accordingly.
Frequently Asked Questions
What is the difference between CIDR and the old classful system?
The old system (Class A, B, C) locked networks into fixed sizes: /8, /16, or /24. CIDR allows any prefix length from /0 to /32, giving much more flexibility. Classful addressing wasted enormous amounts of IP space. A company needing 500 addresses would get a Class B (/16) with 65,534 addresses. CIDR lets you assign a /23 (510 usable) instead.
Can I subnet an already-subnetted network?
Yes. You can always take a subnet and divide it further by increasing the prefix length. A /24 can become four /26 subnets, each with 62 usable addresses. This is called variable-length subnet masking (VLSM) and is standard practice in modern networking.
Do I need to understand binary to work with subnets?
Understanding binary helps, but you don’t need to do binary conversions by hand. Tools like the Subnet Calculator handle the math instantly. Knowing the concept (that the prefix length determines which bits are “network” and which are “host”) is enough for most practical work.
How does subnetting relate to VLANs?
VLANs (Virtual LANs) are a Layer 2 concept that segments switch ports into logical groups. Subnets are a Layer 3 concept that segments IP addresses into logical networks. In practice, each VLAN is typically assigned its own subnet, so the two concepts go hand in hand. A router or Layer 3 switch routes traffic between VLANs/subnets.
Related Calculators
Related Articles
- Color Theory Basics for Web Design
Master color theory for web design including the color wheel, complementary palettes, WCAG contrast requirements, and color psychology to create effective interfaces.
- How to Minify CSS for Faster Websites
Learn what CSS minification does, why it speeds up your website, what it removes from your stylesheets, and best practices for minifying CSS in production.
- Cron Job Examples for Common Tasks (Copy-Paste Ready)
Practical cron job examples with clear explanations. Copy-paste ready crontab schedules for backups, reports, cleanup, monitoring, and automation tasks.
- Common JSON Syntax Errors and How to Fix Them
Fix JSON syntax errors fast with this developer guide. Learn the top 5 JSON parsing errors, before/after examples, and debugging techniques to validate JSON instantly.
Share this article
Have suggestions for this article?