Subnetting – Concepts, Calculations & Step-by-Step Examples

1. What Is Subnetting?

Subnetting is the process of dividing a single IP network into smaller logical sub-networks called subnets. It works by borrowing bits from the host portion of an IP address and reassigning them as additional network bits, creating more (but smaller) networks from one original block.

Every time you borrow one bit, you double the number of subnets and halve the number of hosts per subnet. The tradeoff is always: more subnets = fewer hosts per subnet.

  • Improves organisation — different departments, floors, or functions get their own subnet
  • Enhances security — subnets are isolated; a firewall or ACL between them controls traffic
  • Reduces broadcast domains — broadcasts are confined within a subnet, improving performance
  • Conserves IP addresses — allocate only as many IPs as a segment actually needs
  • Simplifies routing — route summarisation (supernetting) condenses multiple subnets into one routing table entry

Related pages: IP Interface Brief | IPv6 | VLANs | NAT | Wildcard Masks | Default Routes | Static Routing Configuration | Private vs Public IP Addresses

2. IP Address Structure Refresher

An IPv4 address is 32 bits long, written as four 8-bit octets in dotted-decimal notation. Every IPv4 address has two logical parts: 

  IP address:   192     .   168    .    10    .    5
  Binary:    11000000 . 10101000 . 00001010 . 00000101
                                              --------
  Subnet mask:  255     .   255    .   255    .    0
  Binary:    11111111 . 11111111 . 11111111 . 00000000
             |<------------ Network (24 bits) ---------->| |<Host (8 bits)>|

  Network address:  192.168.10.0    (all host bits = 0)
  Broadcast address: 192.168.10.255 (all host bits = 1)
  Valid host range:  192.168.10.1 – 192.168.10.254

The subnet mask determines the boundary. Bits set to 1 in the mask are the network portion; bits set to 0 are the host portion.

3. Subnet Masks – Dotted Decimal, Binary, and CIDR

The same subnet mask can be written three ways. All three are equivalent and you need to be comfortable converting between them for the CCNA exam.

CIDR Prefix Dotted Decimal Binary (last octet) Host Bits Remaining Usable Hosts
/24 255.255.255.0 00000000 8 254
/25 255.255.255.128 10000000 7 126
/26 255.255.255.192 11000000 6 62
/27 255.255.255.224 11100000 5 30
/28 255.255.255.240 11110000 4 14
/29 255.255.255.248 11111000 3 6
/30 255.255.255.252 11111100 2 2
/32 255.255.255.255 11111111 0 1 (host route)

Default classful masks: Class A = /8 (255.0.0.0), Class B = /16 (255.255.0.0), Class C = /24 (255.255.255.0).

4. How Subnetting Works – Borrowing Bits

Subnetting works by moving the boundary between the network and host portions to the right — this is called borrowing host bits. Each bit borrowed:

  • Doubles the number of available subnets
  • Halves the number of hosts per subnet
  • Increases the CIDR prefix length by one (e.g., /24 → /25 → /26)
  Original /24 network: 192.168.10.0/24
  |<-- 24 network bits -->|<--- 8 host bits --->|

  Borrow 2 bits for subnetting:
  |<-- 24 network bits -->|nn|<--- 6 host bits --->|
                            ^ ^ borrowed subnet bits
  New prefix: /26   Subnets: 2² = 4   Hosts: 2&sup6; − 2 = 62
Bits Borrowed New Prefix (from /24) Subnets Created (2^n) Hosts per Subnet (2^h − 2) Block Size
1 /25 2 126 128
2 /26 4 62 64
3 /27 8 30 32
4 /28 16 14 16
5 /29 32 6 8
6 /30 64 2 4

5. The Two Key Formulas

What You Need Formula Variable Example
Number of subnets 2n n = bits borrowed from the host portion Borrow 3 bits: 2³ = 8 subnets
Usable hosts per subnet 2h − 2 h = host bits remaining after borrowing; subtract 2 for the network address (all host bits 0) and the broadcast address (all host bits 1) /27 leaves 5 host bits: 2&sup5; − 2 = 30 hosts
Block size / subnet increment 256 − last non-zero octet of mask Mask 255.255.255.192: 256 − 192 = 64 (subnets start at .0, .64, .128, .192)

Why subtract 2? Every subnet has two reserved addresses: the network address (all host bits set to 0 — identifies the subnet itself) and the broadcast address (all host bits set to 1 — used to reach all hosts in the subnet simultaneously). Neither can be assigned to a device.

6. Worked Example 1 – Subnetting a Class C Network into 4 Subnets

Given: 192.168.10.0/24 — divide into 4 equal subnets.

  1. How many bits to borrow? Need 4 subnets → 2² = 4, so borrow 2 bits.
  2. New prefix: /24 + 2 = /26 — mask 255.255.255.192
  3. Block size: 256 − 192 = 64
  4. Hosts per subnet: 2&sup6; − 2 = 62
Subnet Network Address First Host Last Host Broadcast
1 192.168.10.0/26 192.168.10.1 192.168.10.62 192.168.10.63
2 192.168.10.64/26 192.168.10.65 192.168.10.126 192.168.10.127
3 192.168.10.128/26 192.168.10.129 192.168.10.190 192.168.10.191
4 192.168.10.192/26 192.168.10.193 192.168.10.254 192.168.10.255

7. Worked Example 2 – Subnetting a Class C Network into 8 Subnets (/27)

Given: 192.168.10.0/24 — divide into 8 subnets.

  1. Bits to borrow: 2³ = 8 → borrow 3 bits
  2. New prefix: /24 + 3 = /27 — mask 255.255.255.224
  3. Block size: 256 − 224 = 32
  4. Hosts per subnet: 2&sup5; − 2 = 30
Subnet Network First Host Last Host Broadcast
1192.168.10.0/27.1.30.31
2192.168.10.32/27.33.62.63
3192.168.10.64/27.65.94.95
4192.168.10.96/27.97.126.127
5192.168.10.128/27.129.158.159
6192.168.10.160/27.161.190.191
7192.168.10.192/27.193.222.223
8192.168.10.224/27.225.254.255

8. Worked Example 3 – Subnetting a Class B Network (/20)

Given: 172.16.0.0/16 — borrow 4 bits from the host portion.

  1. New prefix: /16 + 4 = /20 — mask 255.255.240.0
  2. Subnets: 2&sup4; = 16
  3. Host bits remaining: 32 − 20 = 12
  4. Hosts per subnet: 212 − 2 = 4,094
  5. Block size in third octet: 256 − 240 = 16
Subnet Network Address First Host Last Host Broadcast
1172.16.0.0/20172.16.0.1172.16.15.254172.16.15.255
2172.16.16.0/20172.16.16.1172.16.31.254172.16.31.255
3172.16.32.0/20172.16.32.1172.16.47.254172.16.47.255
16172.16.240.0/20172.16.240.1172.16.255.254172.16.255.255

9. VLSM – Variable Length Subnet Masking

VLSM allows different subnets within the same network to use different prefix lengths, so each segment gets exactly the number of addresses it needs — no more, no less. This is in contrast to classful or fixed-length subnetting where every subnet is the same size.

VLSM design rule: always allocate the largest subnet first, then carve out smaller ones from the remaining address space.

Example: Design subnets for 192.168.1.0/24 with these requirements: Dept A needs 50 hosts, Dept B needs 20 hosts, Dept C needs 10 hosts, WAN link needs 2 hosts.

Segment Hosts Needed Prefix Subnet Assigned Usable Hosts
Dept A 50 /26 192.168.1.0/26 62
Dept B 20 /27 192.168.1.64/27 30
Dept C 10 /28 192.168.1.96/28 14
WAN link 2 /30 192.168.1.112/30 2

Total addresses used: 64 + 32 + 16 + 4 = 116 addresses out of 256. Remaining space: 192.168.1.116 onward, available for future subnets. A fixed /26 for every segment would have wasted the 30-address Dept B block, the 14-address Dept C block, and the 62-address WAN link.

10. CIDR and Route Aggregation (Supernetting)

CIDR (Classless Inter-Domain Routing) removes the rigid Class A/B/C boundaries and uses prefix length notation (e.g., /22) to represent any subnet size. CIDR also enables route aggregation (also called supernetting or route summarisation): multiple contiguous subnets are summarised into a single routing table entry, reducing router memory usage and speeding up routing. 

  Four contiguous /24 networks:
    192.168.0.0/24
    192.168.1.0/24
    192.168.2.0/24
    192.168.3.0/24

  Summarised to one entry:
    192.168.0.0/22   (covers all four /24s)

  Binary check — the first 22 bits are identical:
    192.168.00000000.0  → 192.168.0.0
    192.168.00000001.0  → 192.168.1.0
    192.168.00000010.0  → 192.168.2.0
    192.168.00000011.0  → 192.168.3.0
               ^^^^^^ — bits 23–24 vary; all others match → /22 summary

Route aggregation is only possible when the subnets are contiguous and the summary address boundary aligns on the correct bit boundary.

11. Subnet Zero and All-Ones Subnet

In early subnetting (RFC 950), the first subnet (subnet zero — all subnet bits set to 0) and the last subnet (all-ones subnet — all subnet bits set to 1) were reserved and not usable. Modern IOS and all current practice treat both as fully usable, enabled by the Cisco IOS default command ip subnet-zero.

Subnet Subnet Bits Legacy Status Modern Status
Subnet zero All 0s Reserved (unusable) Usable — ip subnet-zero is on by default in IOS
All-ones subnet All 1s Reserved (unusable) Usable in all modern equipment

The worked examples in this guide already include both subnet zero (e.g., 192.168.10.0/27) and the all-ones subnet (e.g., 192.168.10.224/27) as valid usable subnets.

12. Private IP Address Subnetting

The three private IP ranges (RFC 1918) are the most commonly subnetted address spaces:

Range CIDR Class Total Addresses Common Use
10.0.0.0 – 10.255.255.255 10.0.0.0/8 A 16,777,216 Large enterprises, data centres; highly flexible for subnetting
172.16.0.0 – 172.31.255.255 172.16.0.0/12 B 1,048,576 Medium enterprises; 16 Class B blocks
192.168.0.0 – 192.168.255.255 192.168.0.0/16 C 65,536 Small offices and home networks; 256 Class C blocks

Private addresses are not routable on the public Internet. A NAT device translates them to a public IP for external connectivity. See: NAT.

13. Troubleshooting Subnetting Issues

Problem Symptom Cause Fix
Overlapping subnets Routing loops; packets delivered to wrong host; router may reject config Two subnets share address space (e.g., 192.168.1.0/24 and 192.168.1.0/25 assigned to different segments) Recalculate subnet ranges; use VLSM carefully ensuring no overlap; verify with a subnet calculator
Misconfigured subnet mask Devices on the same physical segment cannot communicate; host pings fail with “destination unreachable” Host configured with wrong mask (e.g., /24 instead of /26) so it places other hosts in a different subnet Check mask on each device with show ip interface brief or ipconfig /all; correct to match the subnet design
Using network or broadcast address as host Unpredictable behaviour; ARP issues; connectivity failures Administrator assigned the first (.0) or last (.255) address of a subnet to a device Reassign the device to a valid host address; remember: first = network, last = broadcast
Wrong default gateway Host can reach local subnet but not remote networks or the Internet Default gateway IP is on a different subnet than the host, or points to the wrong router interface Confirm the default gateway is an IP in the same subnet as the host and belongs to the router’s interface on that segment
VLSM overlap during design Some hosts unreachable; routing table entries conflict Subnets carved from the same block were not tracked carefully, causing two subnets to overlap Always work from largest to smallest subnet and track each allocated block; use a VLSM chart

14. Key Points & CCNA Exam Tips

  • Subnetting borrows bits from the host portion of an address, increasing the prefix length and creating more (smaller) subnets
  • Subnets formula: 2n where n = bits borrowed
  • Usable hosts formula: 2h − 2 where h = remaining host bits; the −2 removes the network address (all host bits 0) and broadcast address (all host bits 1)
  • Block size (subnet increment) = 256 − last non-zero value in the mask’s interesting octet; subnets start at 0, then increment by the block size
  • Memorise the eight key /24 subnets and their properties: /25 (126 hosts), /26 (62), /27 (30), /28 (14), /29 (6), /30 (2) — /30 is standard for point-to-point links
  • CIDR prefix notation counts the number of 1 bits in the subnet mask: 255.255.255.192 has 26 ones → /26
  • VLSM assigns different prefix lengths to different subnets within one network; always allocate the largest subnet first
  • Route aggregation (supernetting) combines contiguous subnets into a shorter prefix; check binary alignment before summarising
  • Subnet zero (all subnet bits 0) and the all-ones subnet are both usable in modern IOS (ip subnet-zero is on by default)
  • Private RFC 1918 ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 — not routable on the public Internet without NAT
  • The most common subnetting mistake on the CCNA exam is forgetting to subtract 2 for host calculations, or misidentifying the broadcast address as a valid host

Subnetting Quiz

1. What is subnetting?

Correct answer is B. Subnetting divides one IP network into smaller subnets by borrowing bits from the host portion of the address. Each subnet gets its own network address, broadcast address, and range of usable host addresses. Benefits include reduced broadcast domains, improved security, and more efficient IP address utilisation.

2. How many usable hosts per subnet does a /26 mask provide?

Correct answer is D. A /26 mask leaves 6 host bits (32 − 26 = 6). Applying the formula: 2&sup6; − 2 = 64 − 2 = 62 usable hosts. The −2 accounts for the network address (e.g., .0) and the broadcast address (e.g., .63), which cannot be assigned to any device. Option A (64) forgets the −2; option C (30) is correct for /27.

3. Which formula calculates the number of subnets created by borrowing n bits?

Correct answer is A. The number of subnets = 2n where n is the number of bits borrowed from the host portion. For example, borrowing 3 bits creates 2³ = 8 subnets. Option B (2h − 2) is the formula for usable hosts per subnet, not subnets.

4. In the subnet 192.168.10.0/27, what is the range of valid host addresses?

Correct answer is C. For 192.168.10.0/27: the network address is 192.168.10.0 (all 5 host bits = 0) and the broadcast address is 192.168.10.31 (all 5 host bits = 1). Neither can be assigned to a device. Valid host addresses are therefore 192.168.10.1 through 192.168.10.30 — 30 addresses total (2&sup5; − 2 = 30).

5. What is Variable Length Subnet Masking (VLSM)?

Correct answer is B. VLSM allows each subnet to use a prefix length appropriate to its size. A segment needing 50 hosts gets a /26 (62 usable), while a point-to-point WAN link only needs a /30 (2 usable), minimising wasted addresses. VLSM is essential in real-world network design and is a core CCNA topic.

6. Borrowing 4 bits from a Class B /16 network creates how many subnets and hosts?

Correct answer is A. Borrowing 4 bits from a /16 creates 2&sup4; = 16 subnets and a new prefix of /20. Host bits remaining: 32 − 20 = 12. Usable hosts: 212 − 2 = 4,096 − 2 = 4,094 hosts per subnet. Option C is the result for a /26 (borrowing 2 from a /24), not a /20.

7. What is the CIDR prefix notation for a subnet mask of 255.255.255.192?

Correct answer is D. Count the 1-bits in 255.255.255.192: the first three octets (255.255.255) contribute 24 ones; the last octet 192 = 11000000 in binary, which contributes 2 more ones. Total: 24 + 2 = /26. This mask results from borrowing 2 bits from a /24 network and creates 4 subnets of 62 usable hosts each.

8. What are subnet zero and the all-ones subnet?

Correct answer is B. Historically (RFC 950) both were reserved, but modern IOS enables ip subnet-zero by default, making both the first subnet (all subnet bits = 0) and the last subnet (all subnet bits = 1) fully usable. The worked examples in this guide include both — e.g., for /27 subnets of 192.168.10.0/24, both 192.168.10.0/27 and 192.168.10.224/27 are valid.

9. Which of these is NOT a typical benefit of subnetting?

Correct answer is C. Subnetting does not change the length of IPv4 addresses — they are always 32 bits. Extending the IP address length from 32 to 128 bits is what IPv6 does. Subnetting works entirely within the existing 32-bit address space by redistributing bits between the network and host portions.

10. Why is subnetting important in network design?

Correct answer is A. Subnetting serves multiple important purposes simultaneously: it segments the network for security and management (different departments or security zones on different subnets); it reduces the size of broadcast domains (broadcasts stay within a subnet); it conserves IP addresses by allocating only what each segment needs (especially with VLSM); and it enables route summarisation to keep routing tables compact.

← Back to Home