What is a subnet mask?

A subnet mask is a 32-bit number that divides an IP address into network and host portions. It uses consecutive 1-bits to mark the network part and 0-bits for the host part. For example, 255.255.255.0 (or /24) means the first 24 bits identify the network and the last 8 bits identify individual hosts.

What does CIDR notation mean?

CIDR (Classless Inter-Domain Routing) notation is a compact way to express an IP address and its subnet mask. It uses a slash followed by the number of network bits—for example, 192.168.1.0/24 means the first 24 bits are the network portion, equivalent to a subnet mask of 255.255.255.0.

How many usable hosts does a /24 subnet have?

A /24 subnet has 256 total addresses (2^8), but two are reserved: the network address (first) and the broadcast address (last). That leaves 254 usable host addresses. The formula is: usable hosts = 2^(32 - prefix length) - 2.

What is the difference between public and private IP addresses?

Public IP addresses are routable on the internet and assigned by your ISP. Private IP addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) are used within local networks and cannot be directly accessed from the internet. Routers use NAT to translate between private and public addresses.

Why would I need to subnet a network?

Subnetting improves network performance by reducing broadcast traffic, enhances security by isolating network segments, makes IP address allocation more efficient, and simplifies network management. For example, a company might subnet to separate departments or isolate IoT devices from workstations.

IP Subnetting Made Simple: A Visual Guide

March 31, 2026 · 12 min read

Table of Contents

What Is Subnetting?
IP Addresses: The Basics
Subnet Masks Explained
CIDR Notation
Network and Host Portions
Calculating Subnets Step-by-Step
Common Subnets Reference Table
Real-World Subnetting Examples
Subnetting Best Practices
Troubleshooting Common Subnetting Issues
Frequently Asked Questions
Related Articles

What Is Subnetting?

Subnetting is the practice of dividing a larger network into smaller, more manageable pieces called subnets. Think of it like splitting a large office building into separate floors, each with its own reception desk and directory. Every floor (subnet) operates independently while still being part of the same building (network).

Why bother? Without subnetting, every device on a network shares the same broadcast domain. When one device sends a broadcast message, every other device has to process it. In a network with thousands of devices, this creates enormous amounts of unnecessary traffic.

Subnetting provides several critical benefits:

Reduced broadcast traffic: Smaller broadcast domains mean fewer devices processing unnecessary messages
Improved security: Network segments can be isolated with firewalls and access controls
Better organization: Group devices logically by department, function, or location
Efficient IP address allocation: Assign appropriately-sized address blocks to different segments
Simplified troubleshooting: Isolate network issues to specific segments
Enhanced performance: Reduce congestion by limiting broadcast domains

Consider a company with 500 employees. Without subnetting, all 500 devices would be on one flat network. Every ARP request, DHCP broadcast, and network announcement would reach every single device. With subnetting, you might create separate networks for Sales, Engineering, HR, and Guest WiFi—each isolated and manageable.

Pro tip: Modern networks almost always use subnetting. Even home routers create a subnet (typically 192.168.1.0/24) to separate your local devices from the broader internet.

IP Addresses: The Basics

Before diving into subnetting, you need to understand IP addresses. An IPv4 address is a 32-bit number, typically written as four decimal numbers separated by dots—like 192.168.1.100. Each of those four numbers (called octets) ranges from 0 to 255, representing 8 bits.

In binary, that address looks like this:

192.168.1.100
= 11000000.10101000.00000001.01100100

Every IP address has two parts: the network portion (which identifies which network the device belongs to) and the host portion (which identifies the specific device on that network). The subnet mask determines where the boundary between these two parts falls.

IPv4 Address Classes (Historical Context)

Originally, IP addresses were divided into classes. While classful networking is largely obsolete, understanding these classes helps grasp subnetting fundamentals:

Class	First Octet Range	Default Mask	Network/Host Bits	Purpose
Class A	1-126	255.0.0.0	8/24	Large networks (16M hosts)
Class B	128-191	255.255.0.0	16/16	Medium networks (65K hosts)
Class C	192-223	255.255.255.0	24/8	Small networks (254 hosts)
Class D	224-239	N/A	N/A	Multicast
Class E	240-255	N/A	N/A	Experimental

Today, we use Classless Inter-Domain Routing (CIDR), which allows flexible subnet sizing regardless of address class. This eliminates the waste inherent in classful networking.

Special IP Address Ranges

Certain IP ranges are reserved for specific purposes:

10.0.0.0/8: Private network (Class A)
172.16.0.0/12: Private network (Class B)
192.168.0.0/16: Private network (Class C)
127.0.0.0/8: Loopback addresses (localhost)
169.254.0.0/16: Link-local addresses (APIPA)
0.0.0.0/8: Current network
255.255.255.255: Broadcast address

Private addresses can be used freely within your network but cannot be routed on the public internet. This allows organizations to use the same private ranges internally without conflicts.

Subnet Masks Explained

A subnet mask looks like an IP address but serves a completely different purpose. It's a 32-bit pattern of consecutive 1-bits followed by consecutive 0-bits. The 1-bits mark the network portion, and the 0-bits mark the host portion.

For example, the subnet mask 255.255.255.0 in binary is:

11111111.11111111.11111111.00000000

This mask indicates that the first 24 bits represent the network, and the last 8 bits represent the host. When you perform a bitwise AND operation between an IP address and its subnet mask, you get the network address.

How Subnet Masks Work

Let's see this in action with IP address 192.168.1.100 and mask 255.255.255.0:

IP Address:    11000000.10101000.00000001.01100100 (192.168.1.100)
Subnet Mask:   11111111.11111111.11111111.00000000 (255.255.255.0)
               ---------------------------------------- (AND operation)
Network:       11000000.10101000.00000001.00000000 (192.168.1.0)

The result, 192.168.1.0, is the network address. All devices with IP addresses from 192.168.1.1 to 192.168.1.254 belong to this network.

Quick tip: Use our Subnet Calculator to instantly calculate network addresses, broadcast addresses, and usable host ranges without manual binary conversion.

Understanding Usable Hosts

Not all addresses in a subnet can be assigned to devices. Two addresses are always reserved:

Network address: The first address (all host bits set to 0) identifies the network itself
Broadcast address: The last address (all host bits set to 1) sends messages to all devices on the network

For a /24 network with 256 total addresses, you have 254 usable host addresses. The formula is: 2^{host bits} - 2

CIDR Notation

CIDR (Classless Inter-Domain Routing) notation provides a compact way to represent subnet masks. Instead of writing 255.255.255.0, you write /24—indicating that 24 bits are used for the network portion.

The notation format is: IP_address/prefix_length

Examples:

192.168.1.0/24 = subnet mask 255.255.255.0
10.0.0.0/8 = subnet mask 255.0.0.0
172.16.0.0/16 = subnet mask 255.255.0.0
192.168.1.128/25 = subnet mask 255.255.255.128

CIDR Conversion Table

Here's how CIDR prefixes map to subnet masks and host counts:

CIDR	Subnet Mask	Total Addresses	Usable Hosts	Binary Mask
/24	255.255.255.0	256	254	11111111.11111111.11111111.00000000
/25	255.255.255.128	128	126	11111111.11111111.11111111.10000000
/26	255.255.255.192	64	62	11111111.11111111.11111111.11000000
/27	255.255.255.224	32	30	11111111.11111111.11111111.11100000
/28	255.255.255.240	16	14	11111111.11111111.11111111.11110000
/29	255.255.255.248	8	6	11111111.11111111.11111111.11111000
/30	255.255.255.252	4	2	11111111.11111111.11111111.11111100

CIDR notation is now the standard in networking. It's more flexible than classful addressing and makes subnet calculations more intuitive once you understand the pattern.

Network and Host Portions

Understanding how IP addresses split into network and host portions is fundamental to subnetting. The subnet mask creates this division, and changing where that boundary falls is how we create subnets of different sizes.

Visualizing the Split

Consider the address 192.168.10.50/24:

IP Address:    192  .  168  .   10  .   50
Binary:        11000000.10101000.00001010.00110010
               |----Network (24 bits)---|--Host (8)--|
Subnet Mask:   11111111.11111111.11111111.00000000 (/24)

The first 24 bits (192.168.10) identify the network. The last 8 bits (50) identify the specific host on that network.

Borrowing Host Bits

When you subnet, you're "borrowing" bits from the host portion to create additional network bits. Each borrowed bit doubles the number of subnets but halves the number of hosts per subnet.

Starting with 192.168.10.0/24 (254 hosts), if we borrow 1 bit:

New mask: /25 (255.255.255.128)
Number of subnets: 2¹ = 2
Hosts per subnet: 2⁷ - 2 = 126

The two resulting subnets are:

192.168.10.0/25 (hosts: 192.168.10.1 - 192.168.10.126)
192.168.10.128/25 (hosts: 192.168.10.129 - 192.168.10.254)

If we borrow 2 bits (creating a /26 mask):

Number of subnets: 2² = 4
Hosts per subnet: 2⁶ - 2 = 62

The four subnets become:

192.168.10.0/26 (hosts: .1 - .62)
192.168.10.64/26 (hosts: .65 - .126)
192.168.10.128/26 (hosts: .129 - .190)
192.168.10.192/26 (hosts: .193 - .254)

Pro tip: The "magic number" method helps calculate subnets quickly. Subtract the subnet mask octet from 256 to find the increment between subnets. For /26 (mask 192), the magic number is 256 - 192 = 64, so subnets start at 0, 64, 128, 192.

Calculating Subnets Step-by-Step

Let's walk through a complete subnetting problem from start to finish. This methodical approach works for any subnetting scenario.

Example Problem

You've been assigned the network 172.16.0.0/16 and need to create 30 subnets for different departments. What subnet mask should you use, and what are the first three subnet ranges?

Step 1: Determine Required Subnet Bits

How many bits do we need to borrow to create 30 subnets?

2⁴ = 16 subnets (not enough)
2⁵ = 32 subnets (sufficient)

We need to borrow 5 bits from the host portion.

Step 2: Calculate New Subnet Mask

Original mask: /16 (255.255.0.0)
Borrowed bits: 5
New mask: /21 (255.255.248.0)

In binary, the third octet becomes:

11111000 = 248

Step 3: Calculate Hosts Per Subnet

Remaining host bits: 32 - 21 = 11 bits
Hosts per subnet: 2¹¹ - 2 = 2046 usable hosts

Step 4: Find the Subnet Increment

Magic number: 256 - 248 = 8

Subnets increment by 8 in the third octet.

Step 5: List the Subnets

First three subnets:

172.16.0.0/21
- Network: 172.16.0.0
- First host: 172.16.0.1
- Last host: 172.16.7.254
- Broadcast: 172.16.7.255
172.16.8.0/21
- Network: 172.16.8.0
- First host: 172.16.8.1
- Last host: 172.16.15.254
- Broadcast: 172.16.15.255
172.16.16.0/21
- Network: 172.16.16.0
- First host: 172.16.16.1
- Last host: 172.16.23.254
- Broadcast: 172.16.23.255

This pattern continues through all 32 subnets, incrementing by 8 in the third octet each time.

Common Subnets Reference Table

This comprehensive reference table shows the most commonly used subnet masks. Bookmark this page for quick reference when designing networks.

CIDR	Subnet Mask	Wildcard Mask	Total IPs	Usable Hosts	Typical Use Case
/8	255.0.0.0	0.255.255.255	16,777,216	16,777,214	Large enterprise networks
/16	255.255.0.0	0.0.255.255	65,536	65,534	Large campus networks
/20	255.255.240.0	0.0.15.255	4,096	4,094	Large departments
/22	255.255.252.0	0.0.3.255	1,024	1,022	Medium departments
/24	255.255.255.0	0.0.0.255	256	254	Standard small networks
/25	255.255.255.128	0.0.0.127	128	126	Small office segments
/26	255.255.255.192	0.0.0.63	64	62	Small teams
/27	255.255.255.224	0.0.0.31	32	30	Very small segments
/28	255.255.255.240	0.0.0.15	16	14	Device clusters
/29	255.255.255.248	0.0.0.7	8	6	Tiny segments
/30	255.255.255.252	0.0.0.3	4	2	Point-to-point links
/31	255.255.255.254	0.0.0.1	2	2	Point-to-point (RFC 3021)
/32	255.255.255.255	0.0.0.0	1	1	Single host/loopback

Note that /31 subnets are special—they're used for point-to-point links where the traditional network and broadcast addresses aren't needed, allowing both addresses to be used for hosts.

Real-World Subnetting Examples

Let's apply subnetting concepts to realistic scenarios you'll encounter in actual network design and administration.

Example 1: Small Business Network

Scenario: A company with 80 employees needs separate networks for Staff, Guest WiFi, Printers, and Servers.

Solution: Start with 192.168.0.0/24 and create four subnets using a /26 mask:

Staff Network: 192.168.0.0/26 (62 hosts)
- Range: 192.168.0.1 - 192.168.0.62
- Use: Employee workstations and laptops
Guest WiFi: 192.168.0.64/26 (62 hosts)
- Range: 192.168.0.65 - 192.168.0.126
- Use: Visitor devices, isolated from internal network
Printers: 192.168.0.128/26 (62 hosts)
- Range: 192.168.0.129 - 192.168.0.190
- Use: Network printers and multifunction devices
Servers: 192.168.0.192/26 (62 hosts)
- Range: 192.168.0.193 - 192.168.0.254
- Use: File servers, database servers, domain controllers

This design provides security isolation, easier troubleshooting, and room for growth in each segment.

Example 2: Multi-Site Enterprise

Scenario: A company with headquarters and three branch offices needs a scalable addressing scheme. HQ has 500 users, and branches have 100, 75, and 50 users respectively.

Solution: Use 10.0.0.0/8 private space with location-based addressing:

Headquarters: 10.1.0.0/22 (1,022 hosts)
- Provides room for growth beyond current 500 users
- Can be further subnetted by department if needed
Branch Office 1: 10.2.0.0/24 (254 hosts)
- Accommodates 100 users with expansion capacity
Branch Office 2: 10.3.0.0/25 (126 hosts)
- Fits 75 users with some headroom
Branch Office 3: 10.4.0.0/26 (62 hosts)
- Suitable for 50 users with minimal waste

This hierarchical approach makes routing tables simpler and allows for easy addition of new sites using the 10.x.0.0 pattern.

Example 3: Data Center Segmentation

Scenario: A data center needs separate networks for web servers, application servers, database servers, and management interfaces.

Solution: Use 172.16.0.0/16 with security zones:

DMZ (Web Servers): 172.16.10.0/24
- Public-facing servers with restricted access
- Firewall rules allow only HTTP/HTTPS inbound
Application Tier: 172.16.20.0/24
- Middle-tier application servers
- Only accessible from DMZ and database tier
Database Tier: 172.16.30.0/24
- Backend databases with sensitive data
- Most restrictive access controls
Management Network: 172.16.100.0/24
- Out-of-band management interfaces
- Separate physical network for administration

This three-tier architecture with management separation is a security best practice for production environments.