Saved

Utilix knowledge base

How Subnetting Works: Step-by-Step Guide

Published Jun 1, 2026

How Subnetting Works

Subnetting divides a larger IP network into smaller, manageable segments. Each segment gets its own network address, broadcast address, and range of usable host IPs — essential for VLANs, security zones, and cloud architecture.

The basic idea

An IP address has two parts:

  1. Network portion — identifies which subnet the host belongs to
  2. Host portion — identifies the specific device within that subnet

The subnet mask (or CIDR prefix) draws the line between them:

IP:          192.168.10.50
Mask:        255.255.255.0  (/24)
Network:     192.168.10.0   ← host bits zeroed
Broadcast:   192.168.10.255 ← host bits all ones
Host range:  192.168.10.1 – 192.168.10.254

Step-by-step: calculate a subnet

Given 172.16.50.100/26:

1. Find the subnet mask

/26 = 26 network bits → mask 255.255.255.192

2. Calculate the network address

172.16.50.100  AND  255.255.255.192  =  172.16.50.64

3. Calculate the broadcast address

172.16.50.64  OR  0.0.0.63  =  172.16.50.127

4. Determine usable hosts

Network: .64, Broadcast: .127 → hosts .65 through .126 = 62 usable addresses

Run this instantly with the Subnet / CIDR Calculator.

Why subnet?

Security and isolation

Separate subnets for different trust zones:

10.0.1.0/24  — Employee workstations
10.0.2.0/24  — Servers and databases
10.0.3.0/24  — Guest Wi-Fi (isolated)
10.0.4.0/24  — IoT devices

Firewall rules apply per subnet — guests cannot reach the server VLAN.

Broadcast domain control

Broadcast traffic stays within a subnet. Smaller subnets mean less broadcast noise and better performance on large LANs.

Efficient address use

Instead of assigning a full /24 (254 hosts) to a department with 30 people, use a /27 (30 hosts) and save addresses for other departments.

Cloud and hybrid design

AWS, Azure, and GCP require you to define subnets within a VPC/VNet:

VPC:     10.0.0.0/16
  ├── Public subnet:   10.0.1.0/24  (load balancers, NAT)
  ├── Private subnet:  10.0.2.0/24  (app servers)
  └── Data subnet:     10.0.3.0/24  (databases)

Splitting a network into equal subnets

To divide a parent block, increase the prefix length:

ParentSplit toSubnetsHosts each
/16/24256254
/24/26462
/24/281614
/22/244254

Formula: number of subnets = 2^(new prefix − old prefix)

Example: /24 → /26 = 2^(26−24) = 2² = 4 subnets

Use the CIDR Subnet Splitter to list every child subnet automatically.

Choosing the right subnet size

Estimate hosts needed, then pick the smallest prefix that fits (always leave room for growth):

Hosts neededMinimum prefixUsable addresses
≤ 2/302
≤ 6/296
≤ 14/2814
≤ 30/2730
≤ 62/2662
≤ 126/25126
≤ 254/24254

Add 20–30% headroom for new devices, printers, and infrastructure.

Special cases

/31 point-to-point links (RFC 3021)

A /31 has exactly 2 addresses — both usable. Used for router-to-router links where no broadcast is needed.

/32 single host

A /32 identifies one specific host. Common in BGP routing and host-specific firewall rules.

Non-contiguous masks are invalid

255.255.255.7 is not a valid subnet mask — masks must be contiguous 1s followed by 0s. The calculator validates this automatically.

Subnetting worked example

Scenario: You have 192.168.0.0/16 and need four equal subnets for Sales, Engineering, HR, and Guest Wi-Fi.

Solution: /16 → /18 gives 2^(18−16) = 4 subnets:

SubnetCIDRHost rangeUsable
Sales192.168.0.0/18.0.1 – .63.25416 382
Engineering192.168.64.0/18.64.1 – .127.25416 382
HR192.168.128.0/18.128.1 – .191.25416 382
Guest192.168.192.0/18.192.1 – .255.25416 382

If you only need ~60 hosts per department, /26 within a /24 is more appropriate — use the splitter to explore options.

Related guides