IPv4 Subnet Calculator

Need to quickly calculate an IPv4 subnet? This Subnet Calculator lets you enter an IP address and either a CIDR prefix (like /24) or a subnet mask (like 255.255.255.0) and instantly see the key network details: network address, broadcast address, first and last usable IP, usable host count, and the wildcard mask for ACL rules. It’s a fast, practical tool for network planning, troubleshooting, VLAN setup, firewall configuration, and homelab projects—so you can verify IP ranges in seconds and avoid costly addressing mistakes.

IPv4 Subnet Calculator

Enter an IPv4 address and a subnet (CIDR like /24 or mask like 255.255.255.0).

Understanding IPv4 subnetting in practice

IPv4 subnetting is the process of splitting an IP network into smaller, more manageable networks. In real deployments, subnetting is not “just theory” — it directly affects routing, firewall rules, VLAN design, VPNs, NAT, Wi-Fi segmentation, access control, and how efficiently you use limited IPv4 address space. If you work with home networks, business LANs, cloud VPC/VNet design, or even a small homelab, subnetting is the difference between a clean, scalable address plan and a network that becomes painful to expand.

This guide explains what the calculator’s results mean and how to use them correctly when planning and troubleshooting.

What an IPv4 address and subnet really represent

An IPv4 address is a 32-bit number, usually written in dotted-decimal format (four octets), such as:

  • 192.168.1.10

  • 10.0.5.200

  • 172.16.32.1

On its own, an IPv4 address does not fully describe where the device “lives” in the network. You also need the subnet information, which tells you which part of the address is the network portion and which part is the host portion.

You’ll see subnetting written in two common formats:

  • CIDR notation: 192.168.1.10/24

  • Subnet mask: 192.168.1.10 255.255.255.0

These mean the same thing when the mask corresponds to that CIDR prefix.

CIDR prefix length explained

CIDR (Classless Inter-Domain Routing) uses a prefix length like /24 to state how many bits belong to the network portion.

  • /24 means: the first 24 bits are network bits, and the remaining 8 bits are host bits.

  • /16 means: 16 network bits, 16 host bits.

  • /30 means: 30 network bits, 2 host bits.

The number of host bits determines how many total addresses exist in the subnet:

  • Total addresses = 2^(host bits)

  • Host bits = 32 − prefix length

Examples:

  • /24 → host bits = 8 → total addresses = 2^8 = 256

  • /26 → host bits = 6 → total addresses = 2^6 = 64

  • /30 → host bits = 2 → total addresses = 2^2 = 4

This is why /24 is common in LANs (easy to think about), while /30 or /31 often appears in point-to-point links.

Subnet mask explained (and how it maps to CIDR)

A subnet mask is also 32 bits. It’s written as a dotted-decimal number like 255.255.255.0. In binary, a valid subnet mask is contiguous 1s followed by contiguous 0s:

  • 255.255.255.0

    • Binary: 11111111.11111111.11111111.00000000

    • CIDR: /24

  • 255.255.255.192

    • Binary: 11111111.11111111.11111111.11000000

    • CIDR: /26

The key rule: a valid subnet mask cannot have “holes.”
A mask like 255.0.255.0 is not valid for normal IPv4 subnetting because it is not contiguous in binary.

Common subnet masks and their CIDR equivalents

These are patterns you’ll see constantly:

  • /8 = 255.0.0.0

  • /16 = 255.255.0.0

  • /24 = 255.255.255.0

  • /25 = 255.255.255.128

  • /26 = 255.255.255.192

  • /27 = 255.255.255.224

  • /28 = 255.255.255.240

  • /29 = 255.255.255.248

  • /30 = 255.255.255.252

  • /31 = 255.255.255.254

  • /32 = 255.255.255.255

When you’re designing VLANs or smaller network segments, /24 is often too large, and /26, /27, /28 are common choices.

Network address, broadcast address, and why they matter

When you calculate a subnet, you usually get these core values:

Network address

The network address is the “base” address of the subnet. It identifies the subnet itself, not a particular host.

Example: 192.168.1.10/24

  • Network address: 192.168.1.0

In most cases, you don’t assign the network address to a device.

Broadcast address

The broadcast address is the last address in the subnet, used (in classic IPv4 behavior) to send a packet to all devices in the subnet.

Example: 192.168.1.10/24

  • Broadcast address: 192.168.1.255

In most cases, you don’t assign the broadcast address to a device either.

Usable host range

The usable host range is the set of addresses typically assignable to devices:

  • First usable host = network address + 1

  • Last usable host = broadcast address − 1

Example: 192.168.1.10/24

  • First usable: 192.168.1.1

  • Last usable: 192.168.1.254

This range is what you use for DHCP scopes, static IP assignments, printers, servers, etc.

Usable hosts vs total addresses

A frequent subnetting confusion is the difference between total addresses and usable hosts.

In traditional IPv4 LAN subnets:

  • Total addresses = 2^(host bits)

  • Usable hosts = total − 2

    • subtract network address

    • subtract broadcast address

So for /24:

  • Total: 256

  • Usable: 254

For /26:

  • Total: 64

  • Usable: 62

The /31 and /32 special cases

Some prefixes behave differently:

  • /32: single host route (exactly one address)

    • Used in routing, loopbacks, ACLs, and identifying a single endpoint.

  • /31: point-to-point subnets

    • There are only two addresses, and on point-to-point links many systems treat both as usable (no broadcast).

    • This is efficient for link networks because it avoids wasting addresses.

Your calculator accounts for these special cases because they show up often in real-world routing and ISP-style addressing.

Wildcard mask explained (ACL and routing use)

A wildcard mask is the inverse of the subnet mask:

  • Wildcard = 255.255.255.255 − subnet mask (bitwise NOT)

It’s used heavily in Cisco-style ACLs and some routing configurations.

Example:

  • Subnet mask: 255.255.255.0

  • Wildcard mask: 0.0.0.255

This wildcard means: “match the first three octets exactly, the last octet can vary.”

Another example:

  • Subnet mask: 255.255.255.192 (/26)

  • Wildcard mask: 0.0.0.63

Wildcard masks are extremely useful when you want to match a subnet range in firewall rules without listing every IP.

Subnetting with binary (the mental model that never fails)

If subnetting ever feels confusing, binary makes everything consistent.

An IPv4 address is 32 bits. With /24:

  • Network bits: first 24 bits

  • Host bits: last 8 bits

When you apply a subnet mask, you are effectively doing a bitwise operation:

  • Network address = IP AND mask

  • Broadcast address = network OR wildcard (or set all host bits to 1)

This is why network addresses end with “round numbers” when seen in decimal — those are just binary boundaries.

Quick boundary example with /26

A /26 has 6 host bits → blocks of 64 addresses in the last octet.

So the network boundaries in a /24 range look like:

  • 192.168.1.0/26 (0–63)

  • 192.168.1.64/26 (64–127)

  • 192.168.1.128/26 (128–191)

  • 192.168.1.192/26 (192–255)

This is why when you know the block size, you can immediately see which subnet an IP belongs to.

Block size shortcut (fast manual subnetting)

When subnetting within the last octet (common in /24 splitting), the block size is:

  • Block size = 256 − mask value in the changing octet

Examples:

  • /25 → mask 255.255.255.128 → block size 256 − 128 = 128

  • /26 → mask 255.255.255.192 → block size 256 − 192 = 64

  • /27 → mask 255.255.255.224 → block size 256 − 224 = 32

  • /28 → mask 255.255.255.240 → block size 256 − 240 = 16

  • /29 → mask 255.255.255.248 → block size 256 − 248 = 8

  • /30 → mask 255.255.255.252 → block size 256 − 252 = 4

Then the subnet starts at multiples of that block size.

Example: IP is 192.168.1.146 with /27 (block size 32)

  • Multiples of 32: 128, 160

  • 146 falls between 128 and 159

  • Network address: 192.168.1.128

  • Broadcast: 192.168.1.159

This is the same result your subnet calculator gives — but this mental shortcut is great when you’re in a hurry.

Practical subnet sizing for VLANs and departments

Subnetting is often driven by capacity planning. The goal is to choose a subnet that fits the expected number of devices, with reasonable headroom.

Approximate usable hosts by prefix:

  • /24 → 254 usable

  • /25 → 126 usable

  • /26 → 62 usable

  • /27 → 30 usable

  • /28 → 14 usable

  • /29 → 6 usable

  • /30 → 2 usable (classic point-to-point)

Typical real-world choices

  • Small VLAN (IoT, cameras): /27 or /28

  • Office users (smaller team): /26 or /25

  • Guest Wi-Fi (variable growth): often /24 or larger, sometimes multiple /24s

  • Router interconnects: /31 where supported (or /30)

  • Loopback interfaces: /32

Sizing too small causes renumbering pain. Sizing too large increases broadcast domain size and makes segmentation less strict. The “best” size is usually the smallest that still leaves growth room.

DHCP scope planning and subnetting pitfalls

Subnet calculators become especially valuable when you build DHCP scopes.

A clean approach is to reserve parts of the usable range:

Example: 192.168.50.0/24

  • .1 = router / default gateway

  • .2–.20 = infrastructure (switches, APs, controllers)

  • .21–.99 = static servers/printers

  • .100–.240 = DHCP pool

  • .241–.254 = spare / temporary static

Common mistakes

  • Including network (.0) or broadcast (.255) in DHCP scopes

  • Using the wrong mask (e.g., /24 vs /23) and causing overlapping networks

  • Forgetting that VPN pools must not overlap with LAN subnets

  • Creating ACL rules that match “almost” the right range, but not exactly

A subnet calculator reduces these risks by letting you verify the actual host range quickly.

Subnetting for VPNs, site-to-site tunnels, and cloud networking

VPN and cloud networks add one big constraint: overlaps break things.

If you connect:

  • Home network: 192.168.1.0/24

  • Remote office: 192.168.1.0/24

A site-to-site VPN will struggle because routes conflict. This is one reason many organizations avoid common consumer defaults like 192.168.0.0/24 or 192.168.1.0/24 for “serious” networks.

Better private address planning

Consider structured address plans like:

  • 10.10.0.0/16 for a site

  • VLANs as /24s:

    • 10.10.10.0/24 users

    • 10.10.20.0/24 servers

    • 10.10.30.0/24 IoT

    • 10.10.40.0/24 guest

  • Or smaller subnets if needed: /25, /26, /27

In AWS VPC, Azure VNet, and other clouds, you define a larger base network and subdivide into subnets for different availability zones, tiers, and security boundaries. Subnet math becomes a daily tool.

“Legacy IP classes” and why you still see them

You might still hear “Class A, B, C” in casual networking talk. This is historical (pre-CIDR), but it’s useful as a rough mental grouping:

  • Class A: 0–127.x.x.x (huge networks)

  • Class B: 128–191.x.x.x

  • Class C: 192–223.x.x.x

Today, networks are classless (CIDR), but the class concept still pops up in documentation and training.

Private IP ranges (RFC 1918) and common patterns

Most internal networks use private IPv4 space:

  • 10.0.0.0/8

  • 172.16.0.0/12 (172.16–172.31)

  • 192.168.0.0/16

You can subnet any of these as needed. A subnet calculator helps you avoid overlaps and pick clean boundaries.

Practical tip for avoiding overlaps

If you might ever use VPNs, remote access, or site-to-site connections, pick a less common private block early, for example:

  • 10.73.0.0/16 instead of 192.168.1.0/24

  • 172.23.40.0/24 for a specific VLAN

The goal is uniqueness across sites.

Supernetting (aggregating routes)

Subnetting splits networks. Supernetting aggregates multiple networks into a larger route, which simplifies routing tables.

Example:

  • 10.10.0.0/24

  • 10.10.1.0/24

  • 10.10.2.0/24

  • 10.10.3.0/24

These can be summarized as:

  • 10.10.0.0/22 (covers 10.10.0.0–10.10.3.255)

Route summarization is a big deal in enterprise networks and BGP-based environments. You want subnet boundaries that make summarization possible later.

Real troubleshooting scenarios where subnet calculations matter

1) “It works for some devices but not others”

Often caused by:

  • wrong mask on a host (e.g., host thinks /24 but network is /25)

  • wrong gateway

  • overlapping subnets

If a device believes it is local to another IP, it will ARP instead of routing — and connectivity becomes inconsistent.

2) “Firewall rule doesn’t match”

If your ACL expects 192.168.10.0/24 but the real subnet is 192.168.10.0/23, half your devices might not match. Wildcard masks can also be miscalculated and accidentally match too much (or too little).

3) “VPN is up but traffic won’t pass”

Classic overlap issue: both ends use the same subnet, or your VPN pool overlaps with a LAN subnet. Subnet math makes it obvious.

4) “Cloud instance can’t reach on-prem”

Often a route issue: the cloud subnet range doesn’t match the route you advertised, or security groups were built with the wrong CIDR.

A subnet calculator is a fast way to confirm the actual ranges.

Subnetting cheat sheet

When you need quick answers without thinking too hard, remember these:

  • /24 → 254 hosts

  • /25 → 126 hosts

  • /26 → 62 hosts

  • /27 → 30 hosts

  • /28 → 14 hosts

  • /29 → 6 hosts

  • /30 → 2 hosts (classic p2p)

  • /31 → 2 usable on p2p (common today)

  • /32 → single host

And when you see masks:

  • 255.255.255.0 → /24

  • 255.255.255.128 → /25

  • 255.255.255.192 → /26

  • 255.255.255.224 → /27

  • 255.255.255.240 → /28

  • 255.255.255.248 → /29

  • 255.255.255.252 → /30

  • 255.255.255.254 → /31

  • 255.255.255.255 → /32

How to use this subnet calculator effectively

To get reliable results:

  1. Enter the IPv4 address you want to evaluate (host IP).

  2. Enter either:

    • CIDR prefix (example: /24), or

    • dotted subnet mask (example: 255.255.255.0).

  3. Click Calculate to get:

    • Network and broadcast

    • First/last usable host

    • Usable host count

    • Wildcard mask

When to prefer CIDR vs mask

  • Prefer CIDR in modern documentation, cloud networks, firewall rules, and routing.

  • Masks are common in older systems, Windows dialogs, and some device UIs.

Knowing both makes you faster and helps you interpret mixed documentation.

Best practices for clean address planning

If you’re planning subnets from scratch, these habits save you later:

  • Use consistent sizes per VLAN type (e.g., /26 for users, /28 for IoT).

  • Reserve low addresses for gateways and infrastructure.

  • Keep DHCP pools separate and documented.

  • Avoid consumer-default ranges if you might use VPNs.

  • Design subnet boundaries that enable route summarization.

  • Document each subnet with purpose, VLAN ID, gateway, DHCP range, and ACL intent.

With a consistent scheme, your network becomes easier to secure, expand, and troubleshoot.



Image(s) used in this article are either AI-generated or sourced from royalty-free platforms like Pixabay or Pexels.

Similar Posts