Subnet Calculator
Enter any IPv4 address and CIDR prefix to instantly calculate network details, usable host range, and binary breakdown.
How subnet calculation works
Every IPv4 address is a 32-bit number. A subnet divides that space into two parts: the network portion (shared by all hosts on the subnet) and the host portion (unique to each device). The CIDR prefix length tells you exactly where that division is.
The AND operation
To find the network address, the calculator performs a bitwise AND between the IP address and the subnet mask. Everywhere the mask has a 1, the result inherits the IP bit. Everywhere the mask has a 0, the result is 0. This zeros out the host portion, leaving only the network address.
The broadcast address is calculated by OR-ing the network address with the inverted mask (wildcard mask), which sets all host bits to 1.
Host count
A /24 network has 8 host bits: 28 = 256 total addresses. Two are always reserved — the network address (all host bits 0) and the broadcast address (all host bits 1) — leaving 254 usable hosts.
The formula is: 2(32 − prefix) − 2 usable hosts. Exception: /31 subnets (RFC 3021) have 2 usable addresses on point-to-point links, and /32 is a single host route.
Binary view: The colour-coded binary rows in the results show network bits in blue and host bits in green. This makes the prefix length visually tangible — you can see exactly which bits define the network and which are available for hosts.
CIDR notation explained
CIDR (Classless Inter-Domain Routing) replaced the older classful system in 1993. Instead of fixed Class A, B, or C networks, CIDR allows any prefix length from /0 (the entire internet) to /32 (a single host), enabling efficient address allocation and route aggregation.
The notation 192.168.1.0/24 means: start at 192.168.1.0, and the
first 24 bits are fixed (the network). The remaining 8 bits are variable (the hosts),
giving a range of 192.168.1.0 through 192.168.1.255.
Private address ranges (RFC 1918)
Three ranges are reserved for private networks and are never routed on the public internet. All require NAT to communicate externally:
10.0.0.0/8— 16,777,216 addresses. Used in large enterprises and cloud VPCs.172.16.0.0/12— 1,048,576 addresses. Often used in data centres.192.168.0.0/16— 65,536 addresses. Common in home and small office networks.
CIDR quick reference
| CIDR | Subnet Mask | Total Addresses | Usable Hosts | Common Use |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 16,777,216 | 16,777,214 | ISP blocks, Class A default |
| /12 | 255.240.0.0 | 1,048,576 | 1,048,574 | 172.16.0.0 private range |
| /16 | 255.255.0.0 | 65,536 | 65,534 | Class B, campus networks |
| /20 | 255.255.240.0 | 4,096 | 4,094 | Large office, cloud subnets |
| /22 | 255.255.252.0 | 1,024 | 1,022 | Medium network |
| /23 | 255.255.254.0 | 512 | 510 | Two /24s aggregated |
| /24 | 255.255.255.0 | 256 | 254 | Standard LAN — most common |
| /25 | 255.255.255.128 | 128 | 126 | Half of a /24 |
| /26 | 255.255.255.192 | 64 | 62 | Quarter of a /24, small VLAN |
| /27 | 255.255.255.224 | 32 | 30 | Small network segment |
| /28 | 255.255.255.240 | 16 | 14 | Micro VLAN, server cluster |
| /29 | 255.255.255.248 | 8 | 6 | DMZ, small server segment |
| /30 | 255.255.255.252 | 4 | 2 | Point-to-point WAN link |
| /31 | 255.255.255.254 | 2 | 2 | P2P router links (RFC 3021) |
| /32 | 255.255.255.255 | 1 | 1 | Host route, loopback |
Common use cases
Network design and planning
- Dividing a corporate address block into department VLANs
- Calculating how many hosts fit in a given subnet before provisioning
- Planning IPv4 address space for AWS VPCs or Azure Virtual Networks
- Verifying that an IP address belongs to a specific subnet during troubleshooting
- Confirming route summarisation before pushing routing changes
Networking exams and certification
- Practising subnet calculations for CompTIA Network+, CCNA, and similar exams
- Verifying manual calculations during study
- Understanding the relationship between CIDR prefix and host count
Security and firewall rules
- Writing ACL entries using wildcard masks (Cisco IOS)
- Defining source/destination ranges in firewall policies
- Confirming that a suspicious IP falls within an expected RFC 1918 block
- Planning network segmentation to isolate sensitive systems
MSP and helpdesk work
- Quickly finding the broadcast or gateway address when a customer reports connectivity issues
- Determining the correct subnet mask to enter on a static IP configuration
- Identifying whether two IP addresses are on the same subnet
Frequently asked questions
What is a subnet mask?
A subnet mask is a 32-bit number that defines which portion of an IP address is the network address and which is the host address. It uses consecutive 1s to mark the network bits, followed by 0s for the host bits.
For example, 255.255.255.0 in binary is
11111111.11111111.11111111.00000000 — 24 network bits
and 8 host bits. This is equivalent to /24 in CIDR notation.
What is CIDR notation?
CIDR (Classless Inter-Domain Routing) notation expresses an IP address alongside
its network prefix as a single string — for example, 192.168.1.0/24.
The number after the slash is the prefix length: how many bits from the left are
the network portion. /24 means 24 bits of network, 8 bits of host.
CIDR replaced the original classful system (Class A /8, Class B /16, Class C /24) in 1993, allowing any prefix length and enabling efficient allocation of address space.
What is the difference between network address and broadcast address?
The network address is the first address in a subnet: all host bits are 0. It identifies the subnet itself and cannot be assigned to any device. In 192.168.1.0/24, the network address is 192.168.1.0.
The broadcast address is the last address: all host bits are 1. A packet sent to the broadcast address is delivered to every host on the subnet. In 192.168.1.0/24, the broadcast is 192.168.1.255. Both addresses are reserved, leaving 254 usable host addresses.
How many hosts can a /24 network hold?
A /24 has 8 host bits, so 28 = 256 total addresses. Subtract 2 (network address and broadcast address) = 254 usable hosts.
The usable host formula is: 2(32 − prefix) − 2. A /25 gives 126, a /26 gives 62, a /27 gives 30, and so on — each additional bit halves the available host count.
What are RFC 1918 private IP addresses?
RFC 1918 reserves three address ranges for private (internal) use. These are not routed on the public internet, so any device can use them internally without conflicting with public addresses:
10.0.0.0/8— over 16 million addresses, common in large enterprises172.16.0.0/12— over 1 million addresses, common in data centres192.168.0.0/16— 65,536 addresses, standard in home networks
Devices on private networks reach the internet through NAT (Network Address Translation), which maps the private IP to a public IP at the router or firewall.
What is a wildcard mask and where is it used?
A wildcard mask is the bitwise inverse of the subnet mask. Where the subnet mask has 1s (network bits), the wildcard has 0s; where the subnet mask has 0s (host bits), the wildcard has 1s. For 255.255.255.0, the wildcard is 0.0.0.255.
Wildcard masks are commonly used in:
- Cisco IOS access control lists (ACLs)
- OSPF network statements
- Firewall rules that need to match a range of addresses
What is the difference between a /30 and /31 subnet?
A /30 has 4 addresses: 1 network, 2 usable hosts, 1 broadcast. It was the traditional choice for point-to-point WAN links because only 2 hosts were needed. However, 2 of the 4 addresses are wasted on the unusable network and broadcast addresses.
A /31, defined in RFC 3021, has only 2 addresses — no network or broadcast address is needed on a point-to-point link. Both addresses are usable (one per router), making /31 twice as efficient as /30 for P2P links. Most modern router operating systems support /31.
What does a /32 subnet mean?
A /32 is a host route — it refers to exactly one IP address. All 32 bits are the network portion; there are no host bits. It has no broadcast address because it represents a single, specific host.
/32 is commonly used for: loopback interface addresses (127.0.0.1/32), BGP next-hop addresses, VPN tunnel endpoints, and static routes pointing to a specific host rather than a network.