Subnetting Made Easy: CIDR, VLSM & IP Addressing Explained
Learn IP subnetting from scratch — CIDR notation, VLSM, subnet masks, network/broadcast addresses, and real-world examples. Includes cheat sheet and practice problems.
Why Subnetting Matters
Every device on a network needs an IP address. Subnetting lets you divide a large network into smaller, manageable segments. Without it, you'd have thousands of devices on one flat network — slow, insecure, and impossible to manage.
Real-world reasons to subnet:
- Separate departments (HR, Engineering, Finance) for security
- Reduce broadcast traffic (smaller subnet = fewer broadcasts)
- Efficient IP allocation (don't waste a /24 on a 5-device network)
- Meet compliance requirements (PCI-DSS, HIPAA require network segmentation)
Try our Subnet Calculator to instantly calculate network details for any CIDR notation.
IP Address Basics
An IPv4 address is 32 bits, written as four octets:
192.168.1.100
In binary:
11000000.10101000.00000001.01100100
Each octet is 8 bits (0-255). The address has two parts:
192.168.1 .100
[Network] [Host]
The subnet mask determines where the network part ends and the host part begins.
Subnet Masks
A subnet mask is a 32-bit number that "masks" the network portion:
IP Address: 192.168.1.100 = 11000000.10101000.00000001.01100100
Subnet Mask: 255.255.255.0 = 11111111.11111111.11111111.00000000
[----Network bits----][Host bits]
Network: 192.168.1.0 (AND the IP with the mask)
Common Subnet Masks
| Mask | CIDR | Binary | Hosts | |------|------|--------|-------| | 255.0.0.0 | /8 | 11111111.00000000.00000000.00000000 | 16,777,214 | | 255.255.0.0 | /16 | 11111111.11111111.00000000.00000000 | 65,534 | | 255.255.255.0 | /24 | 11111111.11111111.11111111.00000000 | 254 | | 255.255.255.128 | /25 | 11111111.11111111.11111111.10000000 | 126 | | 255.255.255.192 | /26 | 11111111.11111111.11111111.11000000 | 62 | | 255.255.255.224 | /27 | 11111111.11111111.11111111.11100000 | 30 | | 255.255.255.240 | /28 | 11111111.11111111.11111111.11110000 | 14 | | 255.255.255.248 | /29 | 11111111.11111111.11111111.11111000 | 6 | | 255.255.255.252 | /30 | 11111111.11111111.11111111.11111100 | 2 |
Formula: Usable hosts = 2^(host bits) - 2 (subtract network and broadcast addresses)
CIDR Notation
CIDR (Classless Inter-Domain Routing) replaced the old class-based system. Instead of saying "255.255.255.0", we write /24 — meaning 24 bits are the network portion.
192.168.1.0/24
/24 = 24 network bits, 8 host bits
= 2^8 - 2 = 254 usable hosts
= Subnet mask 255.255.255.0
Reading CIDR
10.0.0.0/8 → 10.x.x.x → 16 million hosts
172.16.0.0/16 → 172.16.x.x → 65,534 hosts
192.168.1.0/24 → 192.168.1.x → 254 hosts
192.168.1.0/26 → 192.168.1.0-63 → 62 hosts
192.168.1.0/30 → 192.168.1.0-3 → 2 hosts (point-to-point links)
How to Subnet: Step by Step
Problem: Subnet 192.168.1.0/24 into 4 equal subnets
Step 1: Determine how many bits to borrow.
Need 4 subnets → 2^n >= 4 → n = 2 bits
Step 2: Calculate the new prefix length.
Original: /24
Borrowed: 2 bits
New prefix: /24 + 2 = /26
Step 3: Calculate the block size.
Host bits remaining: 32 - 26 = 6
Block size: 2^6 = 64
Step 4: List the subnets.
| Subnet | Network Address | First Host | Last Host | Broadcast | Usable Hosts | |--------|----------------|------------|-----------|-----------|-------------| | 1 | 192.168.1.0/26 | 192.168.1.1 | 192.168.1.62 | 192.168.1.63 | 62 | | 2 | 192.168.1.64/26 | 192.168.1.65 | 192.168.1.126 | 192.168.1.127 | 62 | | 3 | 192.168.1.128/26 | 192.168.1.129 | 192.168.1.190 | 192.168.1.191 | 62 | | 4 | 192.168.1.192/26 | 192.168.1.193 | 192.168.1.254 | 192.168.1.255 | 62 |
The pattern: Each subnet starts at the previous subnet's broadcast + 1, and the block size (64) stays consistent.
VLSM: Variable Length Subnet Masking
Fixed subnetting wastes IP addresses. A department with 5 PCs doesn't need a /24 (254 addresses). VLSM lets you use different subnet sizes.
Problem: Allocate subnets for this office
| Department | Hosts Needed | |-----------|-------------| | Engineering | 50 | | Sales | 25 | | Management | 10 | | Server Room | 5 | | Point-to-point link | 2 |
Available network: 192.168.10.0/24
Step 1: Sort by size (largest first)
This ensures you don't fragment the address space.
Step 2: Allocate each subnet
Engineering (50 hosts):
Need 50 hosts → 2^n - 2 >= 50 → n = 6 → 2^6 - 2 = 62 hosts
Prefix: /26 (32 - 6 = 26)
Subnet: 192.168.10.0/26
Range: 192.168.10.1 – 192.168.10.62
Broadcast: 192.168.10.63
Sales (25 hosts):
Need 25 hosts → 2^n - 2 >= 25 → n = 5 → 2^5 - 2 = 30 hosts
Prefix: /27
Subnet: 192.168.10.64/27
Range: 192.168.10.65 – 192.168.10.94
Broadcast: 192.168.10.95
Management (10 hosts):
Need 10 hosts → 2^n - 2 >= 10 → n = 4 → 2^4 - 2 = 14 hosts
Prefix: /28
Subnet: 192.168.10.96/28
Range: 192.168.10.97 – 192.168.10.110
Broadcast: 192.168.10.111
Server Room (5 hosts):
Need 5 hosts → 2^n - 2 >= 5 → n = 3 → 2^3 - 2 = 6 hosts
Prefix: /29
Subnet: 192.168.10.112/29
Range: 192.168.10.113 – 192.168.10.118
Broadcast: 192.168.10.119
Point-to-point link (2 hosts):
Need 2 hosts → 2^n - 2 >= 2 → n = 2 → 2^2 - 2 = 2 hosts
Prefix: /30
Subnet: 192.168.10.120/30
Range: 192.168.10.121 – 192.168.10.122
Broadcast: 192.168.10.123
Summary
| Department | Subnet | Mask | Usable Range | Hosts | |-----------|--------|------|-------------|-------| | Engineering | 192.168.10.0/26 | 255.255.255.192 | .1 – .62 | 62 | | Sales | 192.168.10.64/27 | 255.255.255.224 | .65 – .94 | 30 | | Management | 192.168.10.96/28 | 255.255.255.240 | .97 – .110 | 14 | | Server Room | 192.168.10.112/29 | 255.255.255.248 | .113 – .118 | 6 | | P2P Link | 192.168.10.120/30 | 255.255.255.252 | .121 – .122 | 2 | | Remaining | 192.168.10.124/30 – .255 | — | — | 132 IPs free |
With fixed /24 subnets, you'd need 5 separate /24 blocks (1,270 addresses) for 92 devices. With VLSM, you used just 124 addresses from a single /24.
Private IP Ranges
These ranges are reserved for internal networks and are not routable on the internet:
| Range | CIDR | Class | Total Addresses | |-------|------|-------|----------------| | 10.0.0.0 – 10.255.255.255 | 10.0.0.0/8 | A | 16,777,216 | | 172.16.0.0 – 172.31.255.255 | 172.16.0.0/12 | B | 1,048,576 | | 192.168.0.0 – 192.168.255.255 | 192.168.0.0/16 | C | 65,536 |
Special Addresses
| Address | Purpose | |---------|---------| | 127.0.0.0/8 | Loopback (localhost) | | 169.254.0.0/16 | Link-local (APIPA — no DHCP server found) | | 0.0.0.0 | Default route / "any address" | | 255.255.255.255 | Limited broadcast |
Supernetting (Route Aggregation)
The opposite of subnetting — combining multiple smaller networks into one larger route. This reduces routing table size.
Example: Aggregate 4 Contiguous /24 Networks
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
These four /24s can be summarized as:
192.168.0.0/22
Why /22?
/24 = 256 addresses per network
4 networks = 1,024 addresses
2^10 = 1,024 → 10 host bits → /22 (32 - 10)
Instead of 4 routing table entries, the router only needs 1.
Subnetting Cheat Sheet
/24 and Below (Most Common)
| CIDR | Mask | Block Size | Usable Hosts | Subnets from /24 | |------|------|-----------|-------------|-----------------| | /24 | 255.255.255.0 | 256 | 254 | 1 | | /25 | 255.255.255.128 | 128 | 126 | 2 | | /26 | 255.255.255.192 | 64 | 62 | 4 | | /27 | 255.255.255.224 | 32 | 30 | 8 | | /28 | 255.255.255.240 | 16 | 14 | 16 | | /29 | 255.255.255.248 | 8 | 6 | 32 | | /30 | 255.255.255.252 | 4 | 2 | 64 | | /31 | 255.255.255.254 | 2 | 2* | 128 | | /32 | 255.255.255.255 | 1 | 1** | 256 |
/31 — used for point-to-point links (RFC 3021), no broadcast address needed.
/32 — single host route, used in routing tables and loopback interfaces.
Quick Mental Math
"What subnet is 192.168.1.200/27 in?"
/27 = block size 32
200 ÷ 32 = 6.25
Floor(6.25) × 32 = 192
Answer: 192.168.1.192/27
Network: 192.168.1.192
Broadcast: 192.168.1.223 (192 + 32 - 1)
Usable: 192.168.1.193 – 192.168.1.222
"What subnet is 10.1.50.130/25 in?"
/25 = block size 128
130 ÷ 128 = 1.01
Floor(1.01) × 128 = 128
Answer: 10.1.50.128/25
Network: 10.1.50.128
Broadcast: 10.1.50.255 (128 + 128 - 1)
Usable: 10.1.50.129 – 10.1.50.254
Real-World Subnetting Examples
Small Office (50 employees)
Main network: 192.168.1.0/24
Subnets:
Employees: 192.168.1.0/26 (62 hosts)
Wi-Fi/Guest: 192.168.1.64/26 (62 hosts)
Servers: 192.168.1.128/27 (30 hosts)
Printers/IoT: 192.168.1.160/27 (30 hosts)
Management: 192.168.1.192/28 (14 hosts)
Free: 192.168.1.208/28 (reserved for growth)
Enterprise Campus
Main network: 10.0.0.0/8
Building A: 10.1.0.0/16
Floor 1: 10.1.1.0/24
Floor 2: 10.1.2.0/24
Servers: 10.1.100.0/24
Building B: 10.2.0.0/16
Floor 1: 10.2.1.0/24
Floor 2: 10.2.2.0/24
DMZ: 10.100.0.0/24
Management: 10.200.0.0/24
Data Center with VLANs
Network: 172.16.0.0/16
VLAN 10 (Web): 172.16.10.0/24
VLAN 20 (App): 172.16.20.0/24
VLAN 30 (Database): 172.16.30.0/24
VLAN 40 (Storage): 172.16.40.0/24
VLAN 99 (Mgmt): 172.16.99.0/24
Practice Problems
Test your understanding:
1. How many usable hosts in a /21 network?
2. What is the network address for 10.45.67.89/20?
3. You need 100 hosts per subnet. What is the smallest prefix length?
4. Subnet 172.16.0.0/22 into 8 equal subnets. List the first 3.
5. Can 192.168.5.130/26 and 192.168.5.200/26 communicate without a router?
Answers
1. /21 = 11 host bits → 2^11 - 2 = 2,046 hosts
2. /20 = block size 4,096 (in third octet: block size 16). 67 ÷ 16 = 4.18 → floor(4) × 16 = 64. Network: 10.45.64.0/20
3. 2^n - 2 >= 100 → n = 7 → prefix = 32 - 7 = /25
4. /22 + 3 bits = /25 (2^3 = 8 subnets). Block size = 128.
- 172.16.0.0/25
- 172.16.0.128/25
- 172.16.1.0/25
5. 130 is in 192.168.5.128/26 (range .128-.191). 200 is in 192.168.5.192/26 (range .192-.255). Different subnets — they need a router.
Tools for Subnetting
- Our Subnet Calculator — instantly calculate network details for any CIDR
- ipcalc — command-line subnet calculator (
sudo apt install ipcalc) - sipcalc — advanced calculator with IPv6 support
Output:
Address: 192.168.1.0
Netmask: 255.255.255.192 = 26
Wildcard: 0.0.0.63
Network: 192.168.1.0/26
HostMin: 192.168.1.1
HostMax: 192.168.1.62
Broadcast: 192.168.1.63
Hosts/Net: 62