IT operations

Subnet Calculator

Enter an IPv4 address and CIDR prefix to get the network address, broadcast address, subnet mask, and usable host count. Change the prefix to see how splitting a /24 into /25s or /26s reduces host capacity and enables network segmentation.

Last reviewed May 14, 2026 by ToolSpilo Editorial Team.

Review method: Reviewed against RFC 4632 for CIDR, RFC 3021 for /31 point-to-point links, and cloud reserved-address guidance. Existing structure and subnet tables preserved.

Calculator tool

How this calculator works

Use the explanation to understand the formula, assumptions, and practical limits behind the calculator result.

What CIDR Notation Means

A CIDR prefix like /24 tells you how many bits are reserved for the network portion of the address. The remaining bits identify individual hosts on that network.

Host bits=32prefix\text{Host bits} = 32 - \text{prefix}

A /24 has 8 host bits → 28=2562^8 = 256 total addresses → 254 usable hosts (network and broadcast addresses are reserved).

General formula: Usable hosts=2(32prefix)2\text{Usable hosts} = 2^{(32 - \text{prefix})} - 2

For /31 (point-to-point links, RFC 3021) and /32 (single host routes) the −2 rule does not apply.

Building the Subnet Mask in Binary

The subnet mask is prefix bits of 1, followed by (32 − prefix) bits of 0:

CIDRBinary maskDotted decimal
/811111111.00000000.00000000.00000000255.0.0.0
/1611111111.11111111.00000000.00000000255.255.0.0
/2411111111.11111111.11111111.00000000255.255.255.0
/2611111111.11111111.11111111.11000000255.255.255.192
/3011111111.11111111.11111111.11111100255.255.255.252

Worked Example: 192.168.1.25/24

IP address: 192.168.1.25 CIDR prefix: /24 → subnet mask 255.255.255.0

Bitwise AND of IP and mask gives the network address:

192.168.1.25  = 11000000.10101000.00000001.00011001
255.255.255.0 = 11111111.11111111.11111111.00000000
AND           = 11000000.10101000.00000001.00000000 = 192.168.1.0

Broadcast address = network address with all host bits set to 1:

192.168.1.0 + 255 host bits = 192.168.1.255
ResultValue
Network address192.168.1.0
Subnet mask255.255.255.0
Broadcast address192.168.1.255
Usable host range192.168.1.1 – 192.168.1.254
Usable host count254

Subnetting for Network Segmentation

Dividing a larger block into smaller subnets isolates traffic and limits blast radius in security incidents. Common splits from a /24:

SplitSubnetsHosts per subnetUse case
/241254Flat network
/252126Staff / servers
/26462Department VLANs
/27830Small office zones
/30642Point-to-point WAN links

A DMZ, internal LAN, and management network each on their own /26 means a compromised DMZ host cannot directly reach the management subnet.

Edge Cases

/31 — RFC 3021 point-to-point links. Only 2 addresses, both usable (no network/broadcast reservation). Common on router-to-router WAN links.

/32 — Single host route. Used for loopback addresses and host-specific routing entries. Zero usable hosts in the traditional sense.

/0 — The default route. Matches all addresses. Never used for host assignment.

Frequently asked questions

Does this calculator support IPv6?

No — this calculator handles IPv4 only. IPv6 uses 128-bit addresses with the same CIDR notation concept, but the math operates on 128-bit blocks. A /64 IPv6 prefix leaves 64 host bits, which is 2642^{64} addresses — more than 18 quintillion per subnet. IPv6 subnetting tools require separate handling of the 128-bit address space.

Why do /30 subnets only give 2 usable hosts?

A /30 has 2 host bits → 22=42^2 = 4 total addresses. The first is the network address and the last is the broadcast address, leaving exactly 2 usable addresses. This makes /30 the smallest subnet for a connection between two routers — one address per interface.

If you only need the two host addresses and want to eliminate the overhead, RFC 3021 /31 subnets provide exactly 2 addresses with no reservation.

What is VLSM and how does the subnet calculator help?

Variable Length Subnet Masking (VLSM) means using different prefix lengths within the same address space — for example, a /22 for a large office, /26 for a branch, and /30 for WAN links, all carved from the same /20 block.

The subnet calculator helps by showing exactly how many addresses each prefix provides. Start with the largest requirement and allocate the smallest prefix that satisfies it, leaving the remaining space for smaller subnets. This maximises address efficiency.

How do I use subnets for security segmentation?

Each VLAN or security zone should usually have its own subnet, but the subnet alone is not the control. Routing rules, ACLs, and firewall policy decide what can move between subnets.

Typical segmentation for a small organisation:

  • Management VLAN /27 — switches, routers, OOB access
  • Server VLAN /26 — internal application servers
  • User VLAN /24 — desktops and laptops
  • DMZ /28 — public-facing services
  • IoT/OT /25 — devices that must not reach the corporate LAN

Firewall rules then enforce the intent: user VLAN → server VLAN on specific ports only; DMZ → internal network blocked unless a narrow rule is required.