CCNA Sunday Sessions Starting May 24th | 9:30 AM – 12:30 PM | Only $599 | Free First Demo Class! Register now

$200 OffCCNA, Security+, CompTIA A+ until May 30. View courses

CISNET
CoursesCertificationsSchedulePricingInstructorsAboutBlogContact
Get in Touch
Back to Blog
Networking

Subnetting Made Simple: A Practical Guide for Network Engineers

Invalid Date14 minBy Mani
Server room with rows of networking equipment and blue cable management

Subnetting is the single most important skill you need to master as a network engineer. It shows up on every networking certification exam, every technical interview, and every day on the job. Yet it's the topic that trips up more students than any other.

The problem isn't that subnetting is inherently difficult. The problem is that most guides teach it in a way that's overly academic — pages of binary math before you ever see a real network. This guide takes a different approach. We'll start with why subnetting exists, build your intuition with practical examples, and give you a fast method you can use in your head.

Why Subnetting Exists

Every device on a network needs an IP address. In the early days of the internet, IP addresses were assigned in fixed classes:

  • Class A: 10.0.0.0 to 10.255.255.255 — 16.7 million addresses per network
  • Class B: 172.16.0.0 to 172.31.255.255 — 65,536 addresses per network
  • Class C: 192.168.0.0 to 192.168.255.255 — 256 addresses per network

The problem is obvious: a company with 500 employees would waste 65,036 addresses if given a Class B network, but a Class C network wouldn't have enough addresses. Classful addressing was massively wasteful.

Subnetting solves this by letting you divide a large network into smaller, right-sized pieces. Instead of being locked into Class A, B, or C boundaries, you choose exactly how many bits to allocate to the network portion versus the host portion. This is called Classless Inter-Domain Routing (CIDR).

The Fundamentals You Actually Need

IP Addresses in Binary

An IPv4 address is 32 bits long, written as four octets separated by dots. Each octet is 8 bits, and each bit can be 0 or 1.

The decimal value of each bit position in an octet:

128 | 64 | 32 | 16 | 8 | 4 | 2 | 1

For example, 192.168.1.10 in binary:

  • 192 = 11000000
  • 168 = 10101000
  • 1 = 00000001
  • 10 = 00001010

You don't need to convert every address to binary on the fly. What you need to memorize is the powers of 2 from this table. These numbers will appear constantly in subnetting.

The Subnet Mask

A subnet mask tells a device which bits of an IP address represent the network and which represent the host. Ones in the mask mean "network," zeros mean "host."

Common subnet masks and their CIDR notation:

  • 255.0.0.0 = /8 (Class A default)
  • 255.255.0.0 = /16 (Class B default)
  • 255.255.255.0 = /24 (Class C default)
  • 255.255.255.128 = /25
  • 255.255.255.192 = /26
  • 255.255.255.224 = /27
  • 255.255.255.240 = /28
  • 255.255.255.248 = /29
  • 255.255.255.252 = /30

The /number is CIDR notation — it tells you how many bits are set to 1 in the mask. A /24 means 24 ones followed by 8 zeros: 11111111.11111111.11111111.00000000.

The Fast Subnetting Method

Forget doing full binary conversions. Here's the method that lets you subnet in your head.

Step 1: Find the Interesting Octet

The "interesting octet" is the one where the subnet mask changes from 255 to something else.

  • /24 = 255.255.255.0 — interesting octet is the 4th
  • /20 = 255.255.240.0 — interesting octet is the 3rd
  • /26 = 255.255.255.192 — interesting octet is the 4th

Step 2: Find the Block Size

The block size (also called the "magic number") tells you the size of each subnet. Calculate it as:

Block size = 256 - subnet mask value in the interesting octet

Examples:

  • /26 → mask is 255.255.255.192 → block size = 256 - 192 = **64**
  • /27 → mask is 255.255.255.224 → block size = 256 - 224 = **32**
  • /28 → mask is 255.255.255.240 → block size = 256 - 240 = **16**
  • /20 → mask is 255.255.240.0 → block size = 256 - 240 = **16** (in the 3rd octet)

Step 3: Find the Subnet Boundaries

Starting at 0 in the interesting octet, count up by the block size. Each number is a subnet boundary (network address).

For /26 (block size 64) on the 192.168.1.0 network:

  • 192.168.1.0 (Subnet 1)
  • 192.168.1.64 (Subnet 2)
  • 192.168.1.128 (Subnet 3)
  • 192.168.1.192 (Subnet 4)

Step 4: Determine Network, Broadcast, and Usable Range

For each subnet:

  • Network address: The subnet boundary (first address)
  • Broadcast address: One less than the next subnet boundary (last address)
  • First usable host: Network address + 1
  • Last usable host: Broadcast address - 1

For the 192.168.1.64/26 subnet:

  • Network: 192.168.1.64
  • Broadcast: 192.168.1.127 (one less than 192.168.1.128)
  • First usable: 192.168.1.65
  • Last usable: 192.168.1.126
  • Usable hosts: 62

The Formulas

  • Number of subnets = 2^(subnet bits borrowed)
  • Number of hosts per subnet = 2^(host bits) - 2

The "minus 2" accounts for the network address and broadcast address, which can't be assigned to hosts.

For a /26:

  • 26 - 24 = 2 bits borrowed → 2^2 = 4 subnets
  • 32 - 26 = 6 host bits → 2^6 - 2 = 62 usable hosts per subnet

Worked Examples

Example 1: Design Subnets for a Small Office

Scenario: You have the network 10.0.1.0/24 and need to create subnets for 4 departments with up to 50 devices each.

Solution:

You need at least 50 hosts per subnet → 2^6 - 2 = 62 hosts → 6 host bits

32 - 6 = /26 mask

Block size: 256 - 192 = 64

Subnets:

  • Engineering: 10.0.1.0/26 (hosts .1 to .62)
  • Sales: 10.0.1.64/26 (hosts .65 to .126)
  • Marketing: 10.0.1.128/26 (hosts .129 to .190)
  • Finance: 10.0.1.192/26 (hosts .193 to .254)

Each department gets 62 usable addresses — enough for 50 devices with room for growth.

Example 2: Point-to-Point WAN Links

Scenario: You need to assign IP addresses to a point-to-point link between two routers. How small can you make the subnet?

Solution:

A point-to-point link needs exactly 2 hosts

2^2 - 2 = 2 → 2 host bits → /30 mask

Block size: 256 - 252 = 4

Using 172.16.0.0/30:

  • Network: 172.16.0.0
  • Router A: 172.16.0.1
  • Router B: 172.16.0.2
  • Broadcast: 172.16.0.3

A /31 (2 addresses, no broadcast) is also valid for point-to-point links per RFC 3021, and it's what you'll see in many modern networks. But the CCNA exam expects you to know /30 as the standard answer.

Example 3: Which Subnet Does This Host Belong To?

Question: What subnet does 192.168.10.147/27 belong to?

Solution using the fast method:

/27 → mask 255.255.255.224 → block size = 256 - 224 = 32

Count by 32 in the 4th octet: 0, 32, 64, 96, 128, 160...

147 falls between 128 and 160

Answer: 192.168.10.128/27

This is the type of question you'll see on the CCNA exam. With the block size method, you can answer it in under 10 seconds.

Variable Length Subnet Masking (VLSM)

In the real world, not every department needs the same number of addresses. VLSM lets you use different subnet sizes within the same network — allocating addresses efficiently instead of wasting them.

Scenario: You have 192.168.5.0/24 and need:

Server VLAN: 100 hosts

Engineering: 50 hosts

Sales: 25 hosts

Management: 10 hosts

2 point-to-point router links: 2 hosts each

VLSM rule: Always start with the largest subnet and work down.

  • Server VLAN (100 hosts): 2^7 - 2 = 126 → /25 → 192.168.5.0/25 (hosts .1 to .126)
  • Engineering (50 hosts): 2^6 - 2 = 62 → /26 → 192.168.5.128/26 (hosts .129 to .190)
  • Sales (25 hosts): 2^5 - 2 = 30 → /27 → 192.168.5.192/27 (hosts .193 to .222)
  • Management (10 hosts): 2^4 - 2 = 14 → /28 → 192.168.5.224/28 (hosts .225 to .238)
  • Router link 1: /30 → 192.168.5.240/30 (hosts .241 to .242)
  • Router link 2: /30 → 192.168.5.244/30 (hosts .245 to .246)

Total addresses used: 128 + 64 + 32 + 16 + 4 + 4 = 248 out of 256. Efficient.

If you'd used a flat /25 for everything, you'd only have 2 subnets and would waste half the addresses on the management team's 10 devices. VLSM is how real networks are designed.

Subnetting in the Third Octet

Everything above used examples in the fourth octet, but subnetting works identically in any octet. The math is the same — you just apply it to a different position.

Example: Subnet 10.0.0.0/20

  • /20 → mask 255.255.240.0 → interesting octet is the 3rd
  • Block size: 256 - 240 = 16 (in the 3rd octet)
  • Subnets: 10.0.0.0/20, 10.0.16.0/20, 10.0.32.0/20, 10.0.48.0/20...
  • Each subnet has 2^12 - 2 = 4,094 usable hosts
  • 10.0.0.0/20 range: 10.0.0.1 to 10.0.15.254 (broadcast: 10.0.15.255)

The key insight: when the block size is in the 3rd octet, the 4th octet runs its full 0-255 range within each subnet.

IPv6 Subnetting

IPv6 subnetting is conceptually simpler because addresses are so abundant that efficiency isn't a concern. The standard approach:

  • ISPs assign a /48 to each customer
  • Customers use a /64 for each subnet (the standard)
  • That gives you 2^16 = 65,536 subnets, each with 2^64 hosts

The /64 boundary is fixed by convention — you don't do VLSM in IPv6. The 64-bit host portion is used for SLAAC (Stateless Address Autoconfiguration), which requires exactly 64 host bits.

Example: Given 2001:db8:acad::/48, create subnets:

Subnet 1: 2001:db8:acad:0001::/64

Subnet 2: 2001:db8:acad:0002::/64

Subnet 100: 2001:db8:acad:0064::/64

The 16 bits between the /48 and /64 (the "subnet ID") are yours to organize however you want. Most engineers use them to map to VLANs, floors, or departments.

Subnetting on the CCNA Exam

Subnetting questions appear across multiple CCNA exam domains, not just "Network Fundamentals." You'll need subnetting to answer questions about:

  • OSPF route summarization — knowing which routes can be summarized into a single advertisement
  • ACL wildcard masks — the inverse of a subnet mask, used in access control lists
  • NAT configurations — defining inside local and inside global address pools
  • DHCP scopes — correctly defining the address range and excluded addresses
  • Troubleshooting — determining if two hosts are on the same subnet

The exam gives you approximately 75 seconds per question. You need to subnet in your head, not on paper. That means drilling the block size method until it's automatic.

Wildcard Masks

A wildcard mask is the inverse of a subnet mask. You'll use them in OSPF network statements and extended ACLs.

To calculate: Subtract each octet of the subnet mask from 255.

  • Subnet mask 255.255.255.0 → wildcard 0.0.0.255
  • Subnet mask 255.255.255.192 → wildcard 0.0.0.63
  • Subnet mask 255.255.240.0 → wildcard 0.0.15.255

When an ACL says "permit 192.168.1.0 0.0.0.63", it matches 192.168.1.0 through 192.168.1.63 — exactly one /26 subnet.

Practice Problems

Try these without looking at the answers. Use the block size method.

Problem 1: How many usable hosts are in a /28 network?

Problem 2: What subnet does 172.16.45.200/21 belong to?

Problem 3: You need 30 subnets from 10.10.0.0/16. What mask should you use?

Problem 4: What is the broadcast address of 192.168.100.96/27?

Problem 5: Can hosts 10.1.1.130/25 and 10.1.1.200/25 communicate without a router?

Answers

1. /28 → 32 - 28 = 4 host bits → 2^4 - 2 = 14 usable hosts

2. /21 → mask 255.255.248.0 → block size = 256 - 248 = 8 (3rd octet). Count by 8: 0, 8, 16, 24, 32, 40, 48... 45 falls between 40 and 48. Answer: 172.16.40.0/21

3. 30 subnets → 2^5 = 32 (next power of 2 above 30) → 5 bits borrowed → /16 + 5 = /21 mask (255.255.248.0)

4. /27 → block size = 32. Count by 32: 64, 96, 128. 96 is the subnet, 128 - 1 = 127. Broadcast: 192.168.100.127

5. /25 → block size = 128. Subnet 1: 10.1.1.0-10.1.1.127. Subnet 2: 10.1.1.128-10.1.1.255. Host .130 is in subnet 2, host .200 is also in subnet 2. Yes, they can communicate — they're on the same subnet.

Subnetting in the Real World

In production networks, you'll use subnetting daily for:

  • VLAN design — each VLAN gets its own subnet, sized to the number of expected devices plus 20-30% growth
  • IP addressing plans — documenting which subnets are assigned to which purpose across the organization
  • Route summarization — aggregating specific routes into summary routes to reduce routing table size and improve convergence
  • Firewall rules — defining source and destination subnets in security policies
  • Cloud VPCs — AWS, Azure, and GCP all use CIDR notation for VPC and subnet configuration

Canadian enterprise networks typically allocate from the RFC 1918 private ranges (10.0.0.0/8 being the most common for large organizations) and use NAT at the perimeter. A solid understanding of subnetting is non-negotiable for anyone working in these environments.

Next Steps

If you can solve the practice problems above in under 30 seconds each, you're ready for the CCNA exam's subnetting questions. If not, keep drilling. There's no shortcut — speed comes from repetition.

CISNET's CCNA program dedicates an entire module to subnetting and IP addressing, with hands-on labs where you design and implement subnetted networks on real Cisco equipment. Our students practice until subnetting becomes second nature — because on the job, it needs to be.

Ready to Advance Your IT Career?

Get in touch to find the right certification path for your goals.

Get in Touch
CCNAAWSSecurity+CompTIA A+PMP