What is CIDR notation?

CIDR (Classless Inter-Domain Routing) notation like /24 indicates how many bits are used for the network portion of the address. A /24 means 24 bits for the network and 8 bits for hosts, giving 254 usable addresses (256 total minus network and broadcast).

What is a subnet mask?

A subnet mask separates the network and host portions of an IP address. For example, 255.255.255.0 (/24) means the first three octets identify the network and the last octet identifies individual hosts. In binary, it's a run of 1s followed by 0s; the 1s mark the network bits.

How many hosts can a subnet have?

The number of usable hosts is 2^(32-CIDR) − 2. The minus 2 accounts for the network address and broadcast address. A /24 has 254 usable hosts, /16 has 65,534, /8 has 16,777,214. /31 networks are special: both addresses are usable (RFC 3021 for point-to-point links).

Why does AWS subtract 5 addresses instead of 2?

AWS reserves the first 4 addresses (.0 network, .1 VPC router, .2 DNS, .3 future use) and the last (broadcast) in every subnet. So a /24 in AWS has 251 usable, not 254. Always size with this haircut in mind when picking AWS subnet sizes.

What's the difference between /24 and 255.255.255.0?

They're identical — different notation for the same subnet mask. /24 means "24 bits of network mask." 255.255.255.0 is the dotted-decimal form of those 24 leading 1-bits followed by 8 zero-bits. Use CIDR in modern documentation; dotted-decimal is legacy.

How do I know if two IPs are on the same subnet?

Apply the subnet mask to both IPs (bitwise AND) and compare the results. If the network addresses match, they're on the same subnet. Example: 192.168.1.50/24 AND mask = 192.168.1.0. 192.168.1.200/24 AND mask = 192.168.1.0. Same network → same subnet.

What is supernetting?

Supernetting (or aggregation) combines multiple adjacent subnets into a single shorter prefix. For example, 10.0.0.0/24 and 10.0.1.0/24 can be aggregated to 10.0.0.0/23. BGP routing tables rely heavily on aggregation to keep the global routing table manageable.

IP Subnet Calculator

Enter a CIDR prefix length to calculate the subnet mask, number of hosts, network address, and broadcast address. Essential for network planning and IP address management.

Subnetting is what lets a single IP address space serve every device on a network — from a 2-host point-to-point link to a /8 with 16 million addresses. The CIDR prefix (the "/24" after an IP) tells you exactly how the 32 bits are split between network and host: the prefix bits identify the network, the remaining bits enumerate hosts within that network. Once you can think in CIDR, every networking question — "is this IP in that subnet?", "how many addresses are in /27?", "what's the broadcast of this network?" — becomes a quick bitmask operation.

This calculator takes an IP and CIDR prefix and returns the subnet mask (in dotted-decimal), the network address, the broadcast address, the usable host range, and the total host count. Use it for network design (carving up a /24 into four /26 subnets), for troubleshooting (does 10.20.30.40 belong to 10.20.30.0/26?), or for ACL writing (is this address inside the allowed range?).

The math is mechanical once you internalize a few patterns. Most working network engineers don't compute subnets from scratch — they memorize the common ones (/24 = 256 addresses, /25 = 128, /26 = 64, /27 = 32, /28 = 16, /29 = 8, /30 = 4) and reason from there. This page is for the rest of us.

Inputs

IP Octet 1

IP Octet 2

IP Octet 3

IP Octet 4

CIDR Prefix (/ notation)

Results

Subnet Mask

255.255.255.0

Usable Hosts

254

Network

192.168.1.0

Subnet Details

Property	Value
IP Address	192.168.1.0/24
Subnet Mask	255.255.255.0
Wildcard Mask	0.0.0.255
Network Address	192.168.1.0
Broadcast Address	192.168.1.255
First Usable Host	192.168.1.1
Last Usable Host	192.168.1.254
Total Addresses	256
Usable Hosts	254
IP Class	C

Last updated: May 28, 2026

Formula

**The 32-bit IPv4 address space:** Every IPv4 address is 32 bits, typically displayed as 4 octets (4 × 8 bits) in dotted-decimal: 192.168.1.0. A CIDR prefix /N means the first N bits are the network portion, the remaining 32 − N bits are the host portion. **Subnet mask from CIDR:** mask = N ones followed by (32 − N) zeros, in binary. | CIDR | Subnet Mask | Total addresses | Usable hosts | |---|---|---|---| | /8 | 255.0.0.0 | 16,777,216 | 16,777,214 | | /16 | 255.255.0.0 | 65,536 | 65,534 | | /20 | 255.255.240.0 | 4,096 | 4,094 | | /22 | 255.255.252.0 | 1,024 | 1,022 | | /23 | 255.255.254.0 | 512 | 510 | | /24 | 255.255.255.0 | 256 | 254 | | /25 | 255.255.255.128 | 128 | 126 | | /26 | 255.255.255.192 | 64 | 62 | | /27 | 255.255.255.224 | 32 | 30 | | /28 | 255.255.255.240 | 16 | 14 | | /29 | 255.255.255.248 | 8 | 6 | | /30 | 255.255.255.252 | 4 | 2 | | /31 | 255.255.255.254 | 2 | 2 (point-to-point) | | /32 | 255.255.255.255 | 1 | 1 (host route) | **Usable hosts formula:** usable = 2^(32 − N) − 2 The "−2" excludes the network address (all host bits 0, identifies the subnet) and the broadcast address (all host bits 1, sends to all hosts). Exception: /31 networks use both addresses (RFC 3021). **Network and broadcast addresses:** - Network address = IP AND subnet_mask (host bits → 0) - Broadcast address = network OR (NOT subnet_mask) (host bits → 1) - Usable host range = network + 1 to broadcast − 1 **Worked example: 192.168.1.150/26** - Mask: 11111111.11111111.11111111.11000000 = 255.255.255.192 - Last octet 150 in binary: 10010110 - AND with 11000000: 10000000 → 128 = network 192.168.1.128 - Broadcast: 10111111 → 191 = broadcast 192.168.1.191 - Usable range: 192.168.1.129 − 192.168.1.190 (62 hosts)

How to use this calculator

Enter an IP address and its CIDR prefix (e.g., 192.168.1.50 /24).
Read off the subnet mask, network address, broadcast, and usable host range.
For planning: start from required host count, find smallest CIDR that fits (e.g., 50 hosts → /26 with 62 usable).
For VLSM (variable-length subnetting): always allocate largest subnets first to avoid fragmentation.
For "does this IP belong to that subnet" checks: compute the network address of both; if they match, yes.
For aggregation (supernetting): combine adjacent subnets that share a longer prefix into a shorter one.

Worked examples

Carving a /24 into smaller subnets

**Scenario:** You have 192.168.10.0/24 (254 hosts) and need three subnets: 60 hosts for users, 25 for IoT, 10 for printers. **Calculation:** Users (60+) need /26 (62 hosts): 192.168.10.0/26. IoT (25+) needs /27 (30 hosts): 192.168.10.64/27. Printers (10+) need /28 (14 hosts): 192.168.10.96/28. Remaining: 192.168.10.112/28 (14 hosts), 192.168.10.128/25 (126 hosts). **Result:** Three subnets allocated, two blocks left for future use. Always allocate largest subnets at the start of the address space to keep aggregation clean.

AWS VPC sizing

**Scenario:** You're designing an AWS VPC and need to size CIDR blocks for prod, staging, and dev environments with future growth. **Calculation:** Pick a /16 VPC (65,536 addresses): 10.0.0.0/16. Split: prod /18 (10.0.0.0/18, 16,384 addresses), staging /18 (10.0.64.0/18), dev /18 (10.0.128.0/18), reserved /18 for VPN/peering (10.0.192.0/18). Within each environment, subnets are typically /20 or /24 per availability zone. **Result:** A /16 VPC with /18 environment splits gives plenty of room for subnets per AZ. AWS reserves 5 addresses per subnet (.0, .1, .2, .3, broadcast), so usable count is 2^(32-N) − 5, not −2.

Checking a firewall rule

**Scenario:** Firewall rule allows traffic from 10.20.30.0/27. Is 10.20.30.45 covered by this rule? **Calculation:** /27 mask = 255.255.255.224. Network: 10.20.30.45 AND mask = 10.20.30.32. The rule's network is 10.20.30.0. They don't match (32 ≠ 0), so 10.20.30.45 is NOT in the /27 starting at .0. (The /27 at .0 covers .0–.31; .45 belongs to the /27 starting at .32.) **Result:** 10.20.30.45 is in 10.20.30.32/27, not 10.20.30.0/27. CIDR boundaries follow the binary mask — /27 subnets always start at multiples of 32 (0, 32, 64, 96, …).

When to use this calculator

**Use subnet math when you need to:**

- **Design a corporate or data center network**: pick a private space (10/8, 172.16/12, or 192.168/16), then carve it into VLAN-sized subnets. - **Configure a router or firewall**: ACLs, NAT rules, static routes, and DHCP scopes all live and die by correct subnet boundaries. - **Audit cloud network ACLs**: AWS security groups, Azure NSGs, GCP firewall rules use CIDR. A /0 means "all of IPv4" — usually a mistake. - **Plan IPAM (IP Address Management)**: tools like phpIPAM, NetBox, Infoblox track allocations at CIDR granularity. - **Set up VPN/peering**: BGP advertises CIDR prefixes; smaller prefixes (more specific) win in routing. Aggregation matters. - **Troubleshoot connectivity**: "I can ping local but not the gateway" often means a mismatched subnet mask.

**Private (RFC 1918) ranges to know cold:**

- **10.0.0.0/8** — 16.7M addresses; ideal for large enterprises and clouds. - **172.16.0.0/12** — 1M addresses; sometimes used to avoid 10.x collisions. - **192.168.0.0/16** — 65K addresses; default for home routers and small networks.

**Special-use prefixes:**

- **127.0.0.0/8** — loopback; 127.0.0.1 is "localhost". - **169.254.0.0/16** — link-local (APIPA); appears when DHCP fails. - **224.0.0.0/4** — multicast (224.0.0.1 = all hosts, 239.x = private multicast). - **0.0.0.0/0** — the entire IPv4 address space; used as a default route or "anywhere" in ACLs.

Common mistakes to avoid

Picking a /24 when /26 would suffice. Burning a whole /24 (256 addresses) on a 10-host VLAN wastes space and complicates aggregation.
Forgetting that /31 and /32 don't use the −2 rule. /31 (point-to-point links per RFC 3021) uses both addresses; /32 is a single host route.
Computing subnet boundaries that don't fall on the mask's bit boundary. A /27 must start at a multiple of 32; 10.0.0.40/27 is malformed because 40 isn't a /27 boundary.
Mismatched subnet masks on the same network. If router thinks it's /24 and host thinks it's /25, half the traffic appears to be off-network and routes wrong.
Using 10.0.0.0/8 internally without sub-VPC planning. Inevitably overlaps with a future merger or cloud peering.
Confusing CIDR with subnet count. A /24 contains one network, not 254 networks — the 254 is the host count within it.
Reading IPv6 CIDR like IPv4. IPv6 uses 128 bits; a single /64 has 18 quintillion addresses. Standard end-user IPv6 allocations are typically /48 or /56.

Frequently Asked Questions

Sources & further reading

SponsoredShop Top Deals on AmazonSupport CalcMountain — browse top-rated products at no extra cost to you.