Developer Tools 12 min read

Subnetting Explained: How to Calculate Subnets, CIDR, and Host Ranges

Learn how IPv4 subnetting works — from binary math to practical network design with worked examples.

The Quick Answer

Subnetting divides a large IP network into smaller segments. Each subnet has a network address (first IP), a broadcast address (last IP), and usable host addresses in between.

The core formula:

Usable hosts = 2^(32 − prefix length) − 2

A /24 subnet → 2^8 − 2 = 254 usable hosts. A /28 subnet → 2^4 − 2 = 14 usable hosts.

If you already know the basics and just need to calculate, use our subnet calculator to get instant results for any IP and mask.

What Is a Subnet?

A subnet (subnetwork) is a logical division of an IP network. Instead of one flat network where every device sees every other device's traffic, subnetting creates smaller, isolated groups.

Every subnet has three key addresses:

Address Position Purpose
Network address First IP in the range Identifies the subnet itself
Usable host range Everything in between Assigned to devices
Broadcast address Last IP in the range Sends packets to all hosts on the subnet

Example: In the subnet 192.168.1.0/24:

  • Network address: 192.168.1.0
  • Usable range: 192.168.1.1 – 192.168.1.254
  • Broadcast address: 192.168.1.255

Why Subnet?

Four practical reasons:

  1. Security — isolate sensitive systems (databases, IoT devices) from general traffic
  2. Performance — smaller subnets mean smaller broadcast domains, which reduces unnecessary network noise
  3. Organization — map subnets to floors, departments, or sites for easier management
  4. Efficient IP use — allocate only the addresses each group needs instead of wasting large blocks

How Subnet Masks Work

An IPv4 address is 32 bits long. A subnet mask splits those 32 bits into two parts:

  • Network portion (left side) — identifies which subnet the address belongs to
  • Host portion (right side) — identifies the specific device within that subnet

The subnet mask uses 1-bits for the network portion and 0-bits for the host portion.

Example: /24 mask

IP address:    192.168.1.50    → 11000000.10101000.00000001.00110010
Subnet mask:   255.255.255.0   → 11111111.11111111.11111111.00000000
                                  ├── network (24 bits) ──┤├ host ─┤

To find the network address, perform a bitwise AND between the IP and the mask:

IP:      11000000.10101000.00000001.00110010
Mask:    11111111.11111111.11111111.00000000
         ────────────────────────────────────
Network: 11000000.10101000.00000001.00000000 → 192.168.1.0

The host bits are zeroed out, giving you the network address.

Example: /28 mask (trickier)

IP address:    10.0.5.100      → 00001010.00000000.00000101.01100100
Subnet mask:   255.255.255.240 → 11111111.11111111.11111111.11110000
                                  ├──── network (28 bits) ────┤├h─┤

Bitwise AND:

IP:      00001010.00000000.00000101.01100100
Mask:    11111111.11111111.11111111.11110000
         ────────────────────────────────────
Network: 00001010.00000000.00000101.01100000 → 10.0.5.96

The network address is 10.0.5.96, not 10.0.5.0. This is where many beginners get confused — the subnet boundary doesn't always fall on a round number.

CIDR Notation

CIDR (Classless Inter-Domain Routing) notation is a shorthand for writing an IP address with its prefix length:

192.168.1.0/24

The number after the slash is the prefix length — how many leading bits are the network portion. It replaces the need to write out the full subnet mask.

CIDR Subnet Mask Network Bits Host Bits Usable Hosts
/8 255.0.0.0 8 24 16,777,214
/16 255.255.0.0 16 16 65,534
/24 255.255.255.0 24 8 254
/25 255.255.255.128 25 7 126
/26 255.255.255.192 26 6 62
/27 255.255.255.224 27 5 30
/28 255.255.255.240 28 4 14
/29 255.255.255.248 29 3 6
/30 255.255.255.252 30 2 2

CIDR replaced the old "classful" system (Class A, B, C) in the 1990s because classful addressing wasted enormous amounts of IP space.

Step-by-Step: How to Subnet

Here is the complete process for any IP address and prefix length.

Step 1 — Find the network address

Bitwise AND the IP with the subnet mask.

Step 2 — Find the broadcast address

Set all host bits to 1.

Step 3 — Find the usable range

  • First usable host = network address + 1
  • Last usable host = broadcast address − 1

Step 4 — Count usable hosts

Usable hosts = 2^(32 − prefix) − 2

You subtract 2 because the network address and broadcast address cannot be assigned to devices.

Worked Example: 172.16.50.200/22

Step 1 — Network address:

IP:   172.16.50.200  → 10101100.00010000.00110010.11001000
Mask: 255.255.252.0  → 11111111.11111111.11111100.00000000
AND:                    10101100.00010000.00110000.00000000 → 172.16.48.0

Step 2 — Broadcast address: Set all 10 host bits to 1:

Network: 10101100.00010000.00110000.00000000
Bcast:   10101100.00010000.00110011.11111111 → 172.16.51.255

Step 3 — Usable range: 172.16.48.1 – 172.16.51.254

Step 4 — Usable hosts: 2^10 − 2 = 1,022 hosts

Calculate Any Subnet

Subnet Calculator

Enter any IPv4 address and subnet mask or CIDR prefix to instantly see network address, broadcast, host range, wildcard mask, and binary breakdown.

Open Subnet Calculator

Wildcard Masks

A wildcard mask is the bitwise inverse of a subnet mask. Where the subnet mask has a 1, the wildcard has a 0 — and vice versa.

Subnet Mask Wildcard Mask Quick Conversion
255.255.255.0 0.0.0.255 255 − 0 = 255
255.255.255.240 0.0.0.15 255 − 240 = 15
255.255.252.0 0.0.3.255 255 − 252 = 3

To convert, subtract each octet of the subnet mask from 255.

Where wildcard masks are used:

  • Cisco ACLs (access control lists)
  • OSPF area definitions
  • Some firewall rules

Where subnet masks are used:

  • Operating system network configuration
  • Routing tables
  • DHCP settings

They encode the same information, just inverted.

VLSM — Variable Length Subnet Masking

In real networks, not every subnet needs the same number of addresses. VLSM lets you use different prefix lengths for different subnets within the same address block.

Example: Splitting 10.0.0.0/24

You need to serve three groups from a single /24 block (256 addresses):

Group Devices Needed Subnet Size Allocation
Office A 100 /25 (126 hosts) 10.0.0.0/25
Office B 50 /26 (62 hosts) 10.0.0.128/26
Router link 2 /30 (2 hosts) 10.0.0.192/30

Result: You used 192 addresses instead of 768 (if each group got its own /24). The remaining space (10.0.0.196 – 10.0.0.255) is available for future use.

VLSM planning tip: Always allocate the largest subnets first, then fill in smaller ones from the remaining space. This prevents fragmentation.

Private IP Address Ranges

RFC 1918 defines three address ranges reserved for internal use. These are not routable on the public internet:

Range CIDR Total Addresses Typical Use
10.0.0.0 – 10.255.255.255 10.0.0.0/8 16,777,216 Large enterprises, cloud VPCs
172.16.0.0 – 172.31.255.255 172.16.0.0/12 1,048,576 Medium organizations, Docker
192.168.0.0 – 192.168.255.255 192.168.0.0/16 65,536 Home networks, small offices

If you see an address in one of these ranges, it is a private address behind NAT (Network Address Translation) and does not appear on the public internet.

Common Subnetting Mistakes

1. Assuming subnets always start on .0

With a /28 mask, subnets start every 16 addresses: .0, .16, .32, .48, .64, and so on. The IP 10.0.0.100/28 belongs to the subnet starting at 10.0.0.96 — not 10.0.0.0.

2. Forgetting to subtract 2

A /24 has 256 total addresses but only 254 usable hosts. The network address (.0) and broadcast address (.255) are reserved. The exceptions are /31 (point-to-point links per RFC 3021) and /32 (single host route).

3. Oversizing subnets

Allocating a /24 (254 hosts) for a 10-person office wastes 244 addresses. Use a /28 (14 hosts) instead, and keep the remaining space for future growth.

4. Confusing subnet mask and wildcard mask

If a Cisco ACL config asks for a wildcard and you enter a subnet mask (or vice versa), the rule will match the wrong addresses. Always check which format the device expects.

Subnetting Shortcut: The "Magic Number"

For quick mental math when the prefix falls within the last octet (/25 through /30):

  1. Find the "interesting octet" — the one where the mask is not 255 or 0
  2. The magic number = 256 − mask value of that octet
  3. Subnets start at multiples of the magic number

Example: /26 → mask is 255.255.255.192

  • Interesting octet value: 192
  • Magic number: 256 − 192 = 64
  • Subnets start at: .0, .64, .128, .192

So IP 192.168.1.200/26 falls in the subnet starting at .192 (because 192 ≤ 200 < 256).

  • Network: 192.168.1.192
  • Broadcast: 192.168.1.255
  • Usable: 192.168.1.193 – 192.168.1.254
  • Hosts: 62

When to Use /30 and /31

Point-to-point links between two routers only need 2 IP addresses. Two common choices:

Prefix Total IPs Usable Trade-off
/30 4 2 Wastes 2 IPs (network + broadcast) but universally supported
/31 2 2 No waste (RFC 3021), but requires router support

Most modern routers and switches support /31 on point-to-point interfaces. For new deployments, /31 is generally preferred because it conserves one address per link — which adds up across hundreds of router links in large networks.

Frequently Asked Questions

What is subnetting?

Subnetting is the process of dividing an IP network into smaller segments called subnets. Each subnet has its own network address, broadcast address, and range of usable host addresses. Subnetting improves security, performance, and IP address efficiency.

What does /24 mean?

The /24 is a CIDR prefix length indicating that the first 24 of 32 bits in the IPv4 address identify the network. This leaves 8 bits for hosts, giving 256 total addresses (254 usable). The equivalent subnet mask is 255.255.255.0.

How many hosts are in a /24 subnet?

A /24 subnet has 254 usable host addresses. The formula is 2^(32 − 24) − 2 = 256 − 2 = 254. Two addresses are reserved: the network address (first) and broadcast address (last).

How many hosts are in a /28 subnet?

A /28 subnet has 14 usable host addresses: 2^(32 − 28) − 2 = 16 − 2 = 14.

What is the difference between a subnet mask and CIDR notation?

They express the same information differently. A subnet mask like 255.255.255.0 uses dotted decimal format. The equivalent CIDR notation is /24 — the count of leading 1-bits in the mask. CIDR notation is shorter and increasingly standard.

How do I find the network address from an IP and mask?

Perform a bitwise AND between the IP address and the subnet mask. This zeroes out the host bits and gives you the network address. For example, 192.168.1.50 AND 255.255.255.0 = 192.168.1.0.

What is VLSM and why does it matter?

VLSM (Variable Length Subnet Masking) allows different subnets in the same network to use different prefix lengths. Without VLSM, every subnet must be the same size, which wastes addresses. VLSM is standard in all modern networks.

What is the difference between public and private IP addresses?

Private IP addresses (defined by RFC 1918) are used within internal networks and are not routable on the internet. The three private ranges are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Public IP addresses are globally unique and reachable from the internet.

Can I use a /31 subnet?

Yes. RFC 3021 defines /31 subnets for point-to-point links. Both addresses are usable as host addresses — there is no network or broadcast address. Most modern routers support /31 on point-to-point interfaces.

Does the subnet calculator store my data?

No. All calculations run entirely in your browser using JavaScript. No IP addresses or network information is sent to any server.

What is a broadcast address?

The broadcast address is the last address in a subnet. A packet sent to the broadcast address is delivered to every host on that subnet. It cannot be assigned to a device. In 192.168.1.0/24, the broadcast address is 192.168.1.255.

How do I choose the right subnet size?

Count the number of devices that need IP addresses, then pick the smallest prefix that provides enough usable hosts with some room for growth. For 50 devices, a /26 (62 hosts) is better than a /24 (254 hosts) unless you expect significant expansion.

What is supernetting?

Supernetting (also called route aggregation or CIDR aggregation) is the opposite of subnetting — it combines multiple smaller networks into one larger block. For example, four consecutive /24 networks can be aggregated into a single /22. Supernetting reduces the size of routing tables.

Try It Yourself

Subnet Calculator

Enter any IP address and subnet mask to see the full breakdown — network address, broadcast, host range, wildcard mask, and binary representation.

Open Subnet Calculator

Related Topics

Related Tools

Subnet Calculator

Calculate subnet details from IP and mask

CIDR Calculator

Calculate CIDR notation and subnet information

IP Address Converter

Convert between IPv4 decimal and binary notation