Utilix knowledge base
How Subnetting Works: Step-by-Step Guide
Published Jun 1, 2026
How Subnetting Works
Subnetting divides a larger IP network into smaller, manageable segments. Each segment gets its own network address, broadcast address, and range of usable host IPs — essential for VLANs, security zones, and cloud architecture.
The basic idea
An IP address has two parts:
- Network portion — identifies which subnet the host belongs to
- Host portion — identifies the specific device within that subnet
The subnet mask (or CIDR prefix) draws the line between them:
IP: 192.168.10.50
Mask: 255.255.255.0 (/24)
Network: 192.168.10.0 ← host bits zeroed
Broadcast: 192.168.10.255 ← host bits all ones
Host range: 192.168.10.1 – 192.168.10.254
Step-by-step: calculate a subnet
Given 172.16.50.100/26:
1. Find the subnet mask
/26 = 26 network bits → mask 255.255.255.192
2. Calculate the network address
172.16.50.100 AND 255.255.255.192 = 172.16.50.64
3. Calculate the broadcast address
172.16.50.64 OR 0.0.0.63 = 172.16.50.127
4. Determine usable hosts
Network: .64, Broadcast: .127 → hosts .65 through .126 = 62 usable addresses
Run this instantly with the Subnet / CIDR Calculator.
Why subnet?
Security and isolation
Separate subnets for different trust zones:
10.0.1.0/24 — Employee workstations
10.0.2.0/24 — Servers and databases
10.0.3.0/24 — Guest Wi-Fi (isolated)
10.0.4.0/24 — IoT devices
Firewall rules apply per subnet — guests cannot reach the server VLAN.
Broadcast domain control
Broadcast traffic stays within a subnet. Smaller subnets mean less broadcast noise and better performance on large LANs.
Efficient address use
Instead of assigning a full /24 (254 hosts) to a department with 30 people, use a /27 (30 hosts) and save addresses for other departments.
Cloud and hybrid design
AWS, Azure, and GCP require you to define subnets within a VPC/VNet:
VPC: 10.0.0.0/16
├── Public subnet: 10.0.1.0/24 (load balancers, NAT)
├── Private subnet: 10.0.2.0/24 (app servers)
└── Data subnet: 10.0.3.0/24 (databases)
Splitting a network into equal subnets
To divide a parent block, increase the prefix length:
| Parent | Split to | Subnets | Hosts each |
|---|---|---|---|
| /16 | /24 | 256 | 254 |
| /24 | /26 | 4 | 62 |
| /24 | /28 | 16 | 14 |
| /22 | /24 | 4 | 254 |
Formula: number of subnets = 2^(new prefix − old prefix)
Example: /24 → /26 = 2^(26−24) = 2² = 4 subnets
Use the CIDR Subnet Splitter to list every child subnet automatically.
Choosing the right subnet size
Estimate hosts needed, then pick the smallest prefix that fits (always leave room for growth):
| Hosts needed | Minimum prefix | Usable addresses |
|---|---|---|
| ≤ 2 | /30 | 2 |
| ≤ 6 | /29 | 6 |
| ≤ 14 | /28 | 14 |
| ≤ 30 | /27 | 30 |
| ≤ 62 | /26 | 62 |
| ≤ 126 | /25 | 126 |
| ≤ 254 | /24 | 254 |
Add 20–30% headroom for new devices, printers, and infrastructure.
Special cases
/31 point-to-point links (RFC 3021)
A /31 has exactly 2 addresses — both usable. Used for router-to-router links where no broadcast is needed.
/32 single host
A /32 identifies one specific host. Common in BGP routing and host-specific firewall rules.
Non-contiguous masks are invalid
255.255.255.7 is not a valid subnet mask — masks must be contiguous 1s followed by 0s. The calculator validates this automatically.
Subnetting worked example
Scenario: You have 192.168.0.0/16 and need four equal subnets for Sales, Engineering, HR, and Guest Wi-Fi.
Solution: /16 → /18 gives 2^(18−16) = 4 subnets:
| Subnet | CIDR | Host range | Usable |
|---|---|---|---|
| Sales | 192.168.0.0/18 | .0.1 – .63.254 | 16 382 |
| Engineering | 192.168.64.0/18 | .64.1 – .127.254 | 16 382 |
| HR | 192.168.128.0/18 | .128.1 – .191.254 | 16 382 |
| Guest | 192.168.192.0/18 | .192.1 – .255.254 | 16 382 |
If you only need ~60 hosts per department, /26 within a /24 is more appropriate — use the splitter to explore options.
Related guides
- What Is CIDR? — prefix notation and mask conversion
- IPv4 Address Formats Explained — decimal, binary, hex, and integer
- Subnet / CIDR Calculator
- CIDR Subnet Splitter