Subnetting Basics: A Practical Guide to IP Subnetting
Published April 1, 2026
Article snapshot
Learn how IP subnetting works, including CIDR notation, subnet masks, and how to calculate network and host addresses.
- This article is structured as a practical step-by-step reference.
Subnetting is the process of dividing a larger IP network into smaller, more manageable networks. In real environments, that matters because you rarely want one flat broadcast domain for every device. A branch office, a server segment, a guest wireless network, and a management VLAN usually have different size and security requirements. Subnetting gives you a way to allocate addresses efficiently, reduce broadcast scope, and make routing decisions predictable.
At the IPv4 level, every address is 32 bits long. We usually write those 32 bits as four decimal octets, such as 192.168.10.34. Subnetting is about deciding which bits identify the network and which bits identify the host inside that network. The network portion tells routers where the packet belongs. The host portion identifies a specific interface within that subnet.
Take 192.168.10.34/24 as an example. The /24 means the first 24 bits are the network portion, leaving 8 bits for hosts. In dotted decimal, that subnet mask is 255.255.255.0. Because the last octet is the host portion, every address from 192.168.10.0 through 192.168.10.255 belongs to the same subnet. Within that range, 192.168.10.0 is the network address, 192.168.10.255 is the broadcast address, and the usable host range is 192.168.10.1 through 192.168.10.254.
CIDR notation in plain terms
CIDR stands for Classless Inter-Domain Routing. Instead of thinking in old classful boundaries like Class A, B, and C, CIDR lets you define the network boundary with a prefix length. That prefix length is the number after the slash.
/24means 24 network bits and 8 host bits/26means 26 network bits and 6 host bits/30means 30 network bits and 2 host bits
The more bits you allocate to the network, the fewer bits remain for hosts. That is the tradeoff at the core of subnetting. A /24 gives you more host capacity than a /28, but a /28 lets you carve many more small networks out of a larger block.
Try the subnet boundary live
Enter any IPv4 address and drag the prefix slider to move the boundary between network and host bits. The binary view updates immediately, so you can see exactly which bits stay fixed for the subnet and which bits remain available for hosts.
Subnet masks and what they tell you
A subnet mask is another way to express the same boundary. Binary 1 bits mark the network portion, and binary 0 bits mark the host portion. Here are a few common examples:
/24=255.255.255.0/25=255.255.255.128/26=255.255.255.192/27=255.255.255.224/28=255.255.255.240
You do not need to memorize every binary conversion to become functional, but you should recognize the common masks quickly. In practice, engineers often memorize the block sizes in the interesting octet:
128means blocks of 128192means blocks of 64224means blocks of 32240means blocks of 16248means blocks of 8252means blocks of 4254means blocks of 2
That block size helps you locate subnet boundaries. For example, with a /27 mask (255.255.255.224), the last-octet increment is 32. So the subnets are .0, .32, .64, .96, .128, .160, .192, and .224.
How to calculate the network, broadcast, and usable hosts
The basic workflow is consistent:
- Identify the prefix length.
- Convert it mentally to a mask or block size.
- Find which subnet block contains the IP.
- The first address in that block is the network address.
- The last address in that block is the broadcast address.
- The usable host range is everything between those two addresses, except for special cases like
/31and/32.
Use 192.168.10.77/26 as an example:
/26means mask255.255.255.192- The block size in the last octet is
64 - Subnet boundaries are
.0,.64,.128,.192 77falls inside the.64to.127block
That gives you:
- Network address:
192.168.10.64 - Broadcast address:
192.168.10.127 - Usable host range:
192.168.10.65to192.168.10.126
To find usable host count for a normal IPv4 subnet, use 2^(host bits) - 2. The minus two accounts for the network and broadcast addresses.
For /26, there are 6 host bits, so:
2^6 - 2 = 64 - 2 = 62 usable hosts
Common subnet sizes
The prefixes below come up constantly in routing, LAN design, point-to-point links, and ACL work:
| Prefix | Subnet Mask | Addresses per Subnet | Usable Hosts |
|---|---|---|---|
/8 | 255.0.0.0 | 16,777,216 | 16,777,214 |
/16 | 255.255.0.0 | 65,536 | 65,534 |
/24 | 255.255.255.0 | 256 | 254 |
/25 | 255.255.255.128 | 128 | 126 |
/26 | 255.255.255.192 | 64 | 62 |
/27 | 255.255.255.224 | 32 | 30 |
/28 | 255.255.255.240 | 16 | 14 |
/29 | 255.255.255.248 | 8 | 6 |
/30 | 255.255.255.252 | 4 | 2 |
/31 | 255.255.255.254 | 2 | 2 for point-to-point links |
/32 | 255.255.255.255 | 1 | 1 specific host |
/31 and /32 deserve special attention. A /31 is typically used on point-to-point links, where both addresses can be treated as usable under RFC 3021 because there is no need for a broadcast address on that link. A /32 identifies a single host route, often used in routing tables, loopbacks, or ACL entries.
Private and public IPv4 ranges
RFC 1918 defines three private IPv4 ranges. These addresses are not routed on the public internet and are used inside homes, offices, labs, and data centers:
10.0.0.0/8172.16.0.0/12192.168.0.0/16
Private addressing is usually paired with NAT when devices need internet access. Everything outside those RFC 1918 ranges is not automatically public and usable, but those three ranges are the ones you should immediately recognize as private in typical enterprise and home networks.
When planning subnets, engineers often choose one of those private ranges as the parent block and then carve it into VLANs or site allocations. For example, an organization might reserve 10.20.0.0/16 for a campus and split it into /24 user VLANs, /26 server segments, and /30 transit links.
A fast mental model for exam questions
For CCNA-style questions, speed matters. A practical shortcut is to memorize the host counts for /24 through /30:
/24= 254/25= 126/26= 62/27= 30/28= 14/29= 6/30= 2
If you also remember the block sizes 128, 64, 32, 16, 8, 4, you can solve most subnetting problems without writing out full binary. The typical mistake is forgetting that the first address is the network and the last is the broadcast, so always check whether the question is asking for total addresses or usable hosts.
How IPv6 subnetting differs
IPv6 still uses prefix lengths, but the mindset is different. Addresses are 128 bits, and subnets are usually much larger. A standard LAN is commonly a /64, which leaves a massive interface identifier space. You generally do not think in terms of conserving host addresses the way you do in IPv4. Instead, IPv6 subnetting is more about clean hierarchical allocation and route summarization.
Another difference is that IPv6 does not use broadcast addresses. It relies on multicast and other mechanisms instead. So while the notation looks familiar, the operational behavior is not a direct copy of IPv4 subnetting.
Final takeaway
Subnetting is easier once you stop treating it like a memorization contest. The real skill is understanding the boundary between network bits and host bits, then applying block sizes consistently. If you can identify the prefix, locate the subnet block, and calculate the first and last address in that block, you can solve most practical subnetting tasks with confidence.
For regular practice, work through a few addresses in each common prefix range and verify your answers with a calculator. Repetition is what turns subnetting from slow arithmetic into instinct.