What Is IPv4 Subnetting in Networking?
Also known as: IPv4 subnetting, subnet mask, CIDR, network segmentation, CompTIA A+ subnetting
This page mentions older exam versions. See the Legacy Exam Context section below. No direct current exam mapping is configured for this term yet — use the latest vendor objectives for your target exam.
On This Page
Quick Definition
IPv4 subnetting is like cutting a large office building into smaller rooms. Each room gets its own address range, so people can find each other faster and the network stays organized. It helps networks run smoothly and use IP addresses wisely without wasting them.
Must Know for Exams
IPv4 subnetting is a heavily tested topic in CompTIA A+ 220-1101 (formerly 220-1001) and appears in Network+ and Security+ exams as well. For the A+ exam, it falls under domain 2.0 Networking, specifically objectives related to IP addressing and network configuration. Candidates must be able to identify the correct subnet mask for a given number of hosts, calculate the network address, broadcast address, and usable IP range. The exam often presents a scenario where you need to choose the right subnet to accommodate a department with a specific number of devices, or where you need to determine why two devices cannot communicate.
In CompTIA Network+, subnetting is even more detailed. You are expected to perform binary subnet calculations, understand CIDR notation, and know how to design subnets for complex networks. The exam may ask you to calculate the number of subnets and hosts per subnet given a certain number of borrowed bits. You also need to understand how subnetting relates to routing and the use of subnet masks in router configurations. For Security+, subnetting is linked to network segmentation and access control lists (ACLs). You must understand how proper subnet placement can isolate sensitive data and reduce the attack surface.
Exam questions often use a multiple-choice format with a scenario, such as: A company has a /24 network and needs 6 subnets with at least 30 hosts each. Which subnet mask should they use? You must calculate that borrowing 3 bits gives 8 subnets (2^3) and each has 32 addresses (2^5), with 30 usable hosts. The answer would be /27 (255.255.255.224). Another common question provides an IP address and subnet mask and asks for the network address or broadcast address. Mastering these calculations is essential for passing. The A+ exam also includes performance-based questions where you must drag and drop IP addresses into the correct subnet dropdowns.
Simple Meaning
Imagine you live in a very large apartment complex. The complex has one main address, but inside there are hundreds of apartments. Without any system, when a package arrives for you, the delivery driver would have to wander the halls, knocking on every door until they find you. That is chaos. Now imagine the complex is divided into wings: Wing A, Wing B, Wing C, and so on. Each wing has its own floor plan, and each apartment has a number. When a package comes for Apartment 25 in Wing B, the driver goes directly to Wing B, then to Apartment 25. That is what subnetting does for a network.
In computer networking, an IPv4 address is like the main address of the apartment complex. Subnetting takes that single network and splits it into smaller subnetworks, called subnets. Each subnet is like a wing. Within each subnet, devices have their own unique addresses, and the network knows exactly where to send data. This makes the whole system faster and more secure. For example, in an office, you might have one subnet for the accounting department, another for sales, and another for guests. If a virus attacks the sales computers, the accounting computers are in a different subnet and stay safe. Subnetting also helps use IP addresses efficiently because instead of giving a huge block of addresses to one group, you give only what each group needs.
Subnetting is not just about splitting—it involves a special number called a subnet mask. The subnet mask tells the network which part of an IP address identifies the network and which part identifies the specific device. Think of it like a postal code that shows the city and the street, while the rest of the address is the house number. The subnet mask makes sure data goes to the right subnet first, then to the right device. Without subnetting, every device on a large network would see all the traffic, which slows things down and risks privacy. With subnetting, traffic stays within its own subnet unless it needs to go elsewhere.
Full Technical Definition
IPv4 subnetting is a foundational networking technique that involves partitioning a single Classful or Classless Inter-Domain Routing (CIDR) IP network into multiple smaller logical subnetworks. This is achieved by borrowing bits from the host portion of an IP address to create a subnet identifier. The result is a hierarchical addressing structure that enhances routing efficiency, reduces broadcast domain size, and improves network security and manageability.
An IPv4 address is a 32-bit number typically written in dotted decimal notation, such as 192.168.1.0. It consists of two main parts: the network prefix and the host identifier. The subnet mask, expressed in dotted decimal or CIDR notation (e.g., 255.255.255.0 or /24), defines the boundary between these two parts. For example, in the address 192.168.1.10 with a subnet mask of 255.255.255.0, the first 24 bits (192.168.1) represent the network, and the last 8 bits (.10) represent the host. Subnetting extends this by adding a subnet field between the network and host portions, effectively creating a three-level hierarchy: network, subnet, and host.
To create subnets, you increase the subnet mask by borrowing bits from the host portion. For instance, using a /24 network (255.255.255.0) and borrowing 2 bits gives a /26 subnet mask (255.255.255.192). This yields 2^2 = 4 subnets, each with 2^(8-2) = 64 addresses, of which 62 are usable (the first is the network address, the last is the broadcast address). The subnets would be 192.168.1.0/26, 192.168.1.64/26, 192.168.1.128/26, and 192.168.1.192/26. Each subnet’s network address is calculated by setting all host bits to 0, and the broadcast address by setting all host bits to 1.
In real IT environments, subnetting is implemented during IP address planning. Network administrators use subnet calculators or manual binary math to design subnets that match organizational needs. Routers use the subnet mask to determine whether a destination IP is on the same local subnet or must be forwarded to another network. Protocols like ARP (Address Resolution Protocol) operate only within a broadcast domain, so smaller subnets reduce unnecessary broadcast traffic. Subnetting also enables VLANs (Virtual Local Area Networks) by aligning IP subnets with Layer 2 segments. For certification exams like CompTIA A+ 220-1101, understanding subnet masks, calculating usable hosts, and identifying network and broadcast addresses are essential skills.
Real-Life Example
Think of a large office building with a single main entrance and a reception desk. Everyone who works there has a badge with their name and department. Without a system, when a visitor comes to see someone in the finance department, they would have to walk through every floor and ask every person, which wastes time and creates a security risk. Now imagine the building is divided into color-coded zones: Blue Zone for finance, Green Zone for sales, Yellow Zone for IT, and Red Zone for HR. Each zone has its own entrance with a badge reader. When a visitor arrives, they go to the main desk and are given a badge that only opens the Blue Zone. They go directly to the Blue Zone, find the right office, and do not disturb other departments.
This maps directly to subnetting. The office building is the entire IP network. The color zones are subnets. The badge reader is the subnet mask—it checks which zone you belong to. The visitor is a data packet arriving from outside. The reception desk is the router, which looks at the destination IP address and uses the subnet mask to decide which subnet the packet should go to. The badge that only opens one zone is like a firewall rule that restricts traffic to specific subnets.
If the finance department has 50 people, you would assign them a subnet with at least 50 usable IP addresses, like a /26 subnet (62 usable addresses). The sales department with 20 people gets a /27 subnet (30 usable). This prevents wasting addresses. If a virus breaks out in the sales subnet, the finance computers remain safe because they are in a different subnet. The router stops the virus from spreading because it only forwards traffic that is specifically allowed. This is exactly how subnetting improves security and efficiency in a real computer network.
Why This Term Matters
IPv4 subnetting matters because it is the backbone of efficient network design in real IT environments. In any organization with more than a handful of devices, using a flat, single network is impractical. Without subnetting, all devices would share a single broadcast domain, meaning every time a computer sends a broadcast message (like an ARP request), every other computer on the network must process it. This creates congestion, slows down performance, and makes the network harder to troubleshoot. Subnetting divides the network into smaller broadcast domains, so broadcast traffic stays within its own subnet, reducing noise and improving speed.
From a cybersecurity perspective, subnetting is a core defense mechanism. By separating sensitive systems (like databases or HR servers) into their own subnets, administrators can apply strict firewall rules to control traffic between subnets. If an attacker compromises a device in the guest Wi-Fi subnet, they cannot easily reach the finance subnet because the router will block that traffic. This is called network segmentation, and it is a fundamental principle of defense-in-depth.
In cloud infrastructure, subnetting is equally critical. Platforms like Amazon Web Services (AWS) and Microsoft Azure require you to define subnets within a Virtual Private Cloud (VPC) to organize resources. Public subnets host web servers that face the internet, while private subnets host databases that only internal services can reach. Without understanding subnetting, you cannot correctly configure cloud networking. For system administrators, subnetting is essential for DHCP scope design, routing table configuration, and IP address management (IPAM). Every time you set up a new office, deploy a server rack, or connect branch offices via VPN, subnetting decisions determine whether the network works efficiently or fails under load.
How It Appears in Exam Questions
IPv4 subnetting appears in certification exams primarily through scenario-based multiple-choice questions, drag-and-drop exercises, and simulation-style items. The most common pattern is the calculate-and-choose type, where the question gives a network address and a requirement (e.g., 4 subnets with at least 50 hosts each) and asks you to pick the correct subnet mask from a list. These questions test your ability to apply the formula: number of subnets equals 2 to the power of borrowed bits, and number of usable hosts equals 2 to the power of remaining host bits minus 2.
Another frequent question type is the identify-the-network-address type. You are given an IP address and subnet mask, such as 192.168.10.55/27, and asked what the network address is. The correct approach is to convert the IP and mask to binary, AND them together, and convert back to decimal. For 192.168.10.55/27, the network address is 192.168.10.32. The broadcast address would be 192.168.10.63. Questions also ask for the usable host range, which in this case would be .33 through .62.
Troubleshooting questions present a scenario where two devices cannot communicate even though they are on the same physical switch. The cause often turns out to be that they are configured with different subnet masks, placing them in different subnets. For example, Device A has IP 10.0.0.5/24 and Device B has IP 10.0.0.6/25. Because the /25 mask creates two subnets (10.0.0.0/25 and 10.0.0.128/25), Device A believes Device B is on a different network, so it sends the packet to the default gateway instead of directly. Questions like this test your understanding of how the subnet mask influences communication.
Architecture questions ask you to design a subnet scheme for a company with multiple departments. You must allocate subnets without overlapping address spaces, ensuring each department has enough hosts. Some exams include drag-and-drop questions where you assign IP ranges to VLANs or router interfaces. Performance-based questions in CompTIA A+ 220-1101 simulate configuring a SOHO router, where you must input the correct IP address and subnet mask based on a given scenario.
Study a-plus-220-1201
Test your understanding with exam-style practice questions.
Example Scenario
You work as a junior IT support technician at a mid-sized company called GreenLeaf Corp. The company has three departments: Sales (25 employees), Engineering (40 employees), and Administration (15 employees). The company’s network administrator gives you a task: you have been allocated the private IP network 192.168.1.0/24 (256 addresses). You need to divide this network into three subnets, each large enough for the current number of employees plus some room for growth. For Sales, you need at least 30 usable addresses. For Engineering, you need at least 50 usable addresses. For Administration, you need at least 20 usable addresses.
To solve this, you apply subnetting. The /24 network has 8 host bits. You need to borrow bits to create subnets. If you borrow 2 bits, you get 4 subnets, each with 64 addresses (62 usable). That works for all three departments, and you even have one spare subnet for future use. The subnets would be: 192.168.1.0/26 (62 usable, assign to Engineering), 192.168.1.64/26 (assign to Sales), and 192.168.1.128/26 (assign to Administration). Each department gets its own subnet. You configure the router so each subnet is on a separate VLAN, and you set up DHCP scopes for each subnet. Now, if a virus hits the Sales subnet, Engineering and Administration remain isolated. This scenario shows how subnetting solves real allocation and security problems.
Common Mistakes
Forgetting to subtract 2 from the total host count when calculating usable addresses.
The first address in each subnet is the network address and cannot be assigned to a device. The last address is the broadcast address and is also unusable. Using the full count leads to overestimating how many devices can be connected, causing IP conflicts.
Always remember the formula: usable hosts = (2^(number of host bits)) minus 2. For a /26 subnet, there are 6 host bits, so 2^6 = 64, minus 2 equals 62 usable addresses.
Assuming that a /24 network always gives 256 usable addresses.
A /24 network has 256 IP addresses total, but the first is the network address and the last is the broadcast address, leaving 254 usable. This mistake can cause a network to run out of addresses.
Always subtract 2 from the total IP count to get usable addresses. For /24, usable = 256 minus 2 = 254.
Confusing the subnet mask with the default gateway.
The subnet mask defines the boundary between network and host portions. The default gateway is the IP address of the router that forwards traffic to other networks. Using the same value for both will break routing.
The subnet mask is a 32-bit number like 255.255.255.0. The default gateway is an IP address within the same subnet, typically the first usable IP or the router's interface address.
Thinking that subnets must all be the same size.
Subnets can be different sizes. For example, you can have a /26 subnet for a large department and a /28 for a small team. Using different subnet masks is called Variable Length Subnet Masking (VLSM) and is efficient.
Plan subnets based on actual host requirements. Use larger masks (like /26) where many devices are needed, and smaller masks (like /28) where only a few devices exist. Ensure subnets do not overlap.
Miscounting the number of subnets when borrowing bits.
Borrowing 3 bits creates 2^3 = 8 subnets, not 3. Some beginners think the number of borrowed bits equals the number of subnets, leading to incorrect subnet planning.
The number of subnets is 2 raised to the power of borrowed bits. Borrow 2 bits for 4 subnets, 3 bits for 8 subnets, and so on. Always use the power of two.
Placing two devices with different subnet masks on the same physical switch and expecting them to communicate directly.
Even if they are on the same switch, if they have different subnet masks, they may perceive each other as being on different networks and will send traffic to the router instead of directly. This can cause connectivity issues.
Ensure all devices on the same local broadcast domain use the same subnet mask. If different subnets are needed, use VLANs or separate switches and route between them.
Exam Trap — Don't Get Fooled
The exam gives an IP address like 192.168.1.127/25 and asks for the network address. Many learners incorrectly assume .127 is in the first subnet (192.168.1.0/25) because .127 seems close to the middle.
But the /25 mask creates two subnets: 192.168.1.0/25 (range .0 to .127) and 192.168.1.128/25 (range .128 to .255). The network address for the first subnet is .0, and for the second is .
128. Since .127 is in the first subnet, the network address is .0, not .127. Always write out the subnet ranges in binary or use the increment method. For a /25 subnet, the increment is 128 (256 minus 128).
The subnet boundaries are 0 and 128. IP addresses from 0 to 127 are in the first subnet, with network address .0 and broadcast .127. Addresses from 128 to 255 are in the second subnet.
Memorize that the network address always ends with all zero bits in the host portion. Practice with multiple examples until the process is automatic.
Commonly Confused With
The subnet mask defines which part of an IP address is the network and which part is the host. The default gateway is the IP address of the router that a device uses to send traffic to other networks. They are two completely different pieces of configuration.
If your computer has IP 10.0.0.5 with subnet mask 255.255.255.0, it knows it is on the 10.0.0.0 network. You also configure the default gateway as 10.0.0.1 for internet access. The subnet mask and gateway are different values.
CIDR (Classless Inter-Domain Routing) is a method for allocating IP addresses and routing that replaced the old classful system. Subnetting is the process of dividing a network into smaller pieces. CIDR uses a prefix length (like /24) to represent the subnet mask, but subnetting is the actual technique of borrowing bits.
When you write 192.168.1.0/24, that is CIDR notation. The act of splitting that /24 into four /26 networks is subnetting. CIDR is the notation; subnetting is the action.
A broadcast domain includes all devices that receive a broadcast message from any device within that domain. Subnetting reduces the size of broadcast domains. A collision domain is a network segment where packets can collide with each other; switches break collision domains, but subnetting and VLANs break broadcast domains.
On a single switch without VLANs, all ports are in one broadcast domain. If you create two subnets with a router between them, each subnet becomes its own broadcast domain. Collisions are handled separately by switches.
The network address is the first IP in a subnet, used to identify the subnet itself. It cannot be assigned to a host. The broadcast address is the last IP in the subnet, used to send a message to all hosts in that subnet. Both are reserved and cannot be used for devices.
In the subnet 192.168.1.0/26, the network address is 192.168.1.0 and the broadcast address is 192.168.1.63. Hosts can use addresses .1 through .62.
Step-by-Step Breakdown
Identify the base network and its subnet mask
Start with the IP network you want to subdivide, for example 192.168.1.0/24. The /24 means the subnet mask is 255.255.255.0. Write the mask in binary: 11111111.11111111.11111111.00000000. The zeros are the host bits you can borrow.
Determine how many subnets you need
Decide the number of subnets required. For example, you need 4 subnets. Use the formula: bits to borrow = log2(number of subnets) rounded up. 4 subnets requires 2 borrowed bits because 2^2 = 4. If you need 5 subnets, you still borrow 3 bits to get 8 subnets (since 2 bits only gives 4).
Calculate the new subnet mask
Add the borrowed bits to the original prefix length. Original /24 becomes /26 (24 + 2). The new subnet mask is 255.255.255.192. In binary: 11111111.11111111.11111111.11000000. The two bolded bits are borrowed.
Find the subnet increment
The increment is 2^(number of remaining host bits) or 256 minus the last non-zero octet of the subnet mask. For /26, the last octet of the mask is 192. The increment is 256 minus 192 = 64. So each subnet starts 64 addresses apart.
List the subnet ranges
Start at 0 and add the increment. For /26, the subnets are: 0 (192.168.1.0 to 192.168.1.63), 64 (192.168.1.64 to 192.168.1.127), 128 (192.168.1.128 to 192.168.1.191), and 192 (192.168.1.192 to 192.168.1.255). Each range's first address is the network address, the last is the broadcast address.
Calculate usable hosts per subnet
Each subnet has 2^(remaining host bits) total addresses. For /26, remaining host bits = 6, so 64 addresses. Subtract 2 for network and broadcast: 62 usable addresses per subnet. This tells you how many devices you can assign.
Assign subnets to departments or VLANs
Match subnets to your specific needs. For example, assign 192.168.1.0/26 to Engineering, 192.168.1.64/26 to Sales, and 192.168.1.128/26 to Administration. Configure DHCP scopes and router interfaces accordingly.
Practical Mini-Lesson
IPv4 subnetting is a practical skill that every IT professional must master. At its core, subnetting is about binary math and logical division. To subnet effectively, you must think in binary, even though you write in decimal. The first step in any subnetting task is to write the subnet mask in binary. For example, 255.255.255.192 becomes 11111111.11111111.11111111.11000000. The ones represent the network portion, and the zeros represent the host portion. The number of zeros tells you how many hosts per subnet, minus two.
In practice, network administrators use subnetting during IP address planning. If your organization has a /16 network (65,534 usable addresses), you would never assign it all to one flat network. Instead, you would break it into /24 subnets (254 usable each) for each department, location, or function. This makes the network manageable. For example, a company with 10 branch offices might allocate a /24 to each office. Then, within each office, you might further subnet into /27 for different teams. This hierarchical approach is called Variable Length Subnet Masking (VLSM) and is essential for efficient use of address space.
What can go wrong? The most common issue is overlapping subnets. If you accidentally assign two departments IP ranges that overlap, devices will have duplicate addresses or routing will fail. Always plan on paper or use a subnet calculator. Another common issue is forgetting to update the routing table. When you create new subnets, routers need routes to know how to reach them. In a dynamic routing environment, protocols like OSPF or EIGRP will learn these routes automatically, but in static routing, you must add them manually.
Subnetting connects to broader IT concepts like VLANs, firewalls, and VPNs. A VLAN is a Layer 2 segmentation, but to route between VLANs, you need an IP subnet per VLAN. Firewall rules are written based on source and destination subnets. VPN tunnels connect subnets across the internet. Cloud VPCs require you to define subnets during deployment. Understanding subnetting is therefore not just an exam skill, it is a daily tool for anyone configuring networks, deploying servers, or managing cloud infrastructure. To practice, take a random /24 network, choose a number of subnets, and calculate all ranges, network addresses, and broadcast addresses manually until it becomes second nature.
Memory Tip
Remember the subnetting formula: 2^(borrowed bits) for subnets, 2^(remaining host bits) minus 2 for usable hosts. For a quick check, use the magic number: 256 minus the last non-zero octet of the subnet mask gives the subnet increment.
Covered in These Exams
Legacy Exam Context
Older materials may mention these exam versions, but learners should use the current objectives for their target exam.
220-1001220-1101(current version)Related Glossary Terms
An A record is a DNS record that maps a domain name to the IPv4 address of the server hosting that domain.
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
5G is the fifth generation of cellular network technology, designed to deliver faster speeds, lower latency, and support for many more connected devices than previous generations.
The 24-pin motherboard connector is the main power cable that connects the computer's power supply unit (PSU) to the motherboard, supplying electricity to the motherboard and its components.
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
Frequently Asked Questions
Why is 192.168.1.0/24 called a /24 network?
The /24 indicates that the first 24 bits of the IP address are the network portion. The remaining 8 bits are for hosts. It is a short way to write the subnet mask 255.255.255.0.
What is the difference between a subnet mask and a wildcard mask?
A subnet mask uses binary ones to mark the network portion and zeros for hosts. A wildcard mask is the inverse: zeros for network, ones for hosts, and is used in access control lists (ACLs) for matching addresses.
Can I subnet a /30 network?
A /30 network has only 2 usable host addresses (4 total, minus 2). You cannot further subnet it because you would need at least 2 host bits to create subnets, and /30 leaves no room for borrowing.
Do I need to know binary for CompTIA A+ subnetting?
Yes, understanding binary is essential. You need to be able to convert between binary and decimal to calculate network addresses and subnet masks. The exam often expects binary thinking for performance-based questions.
What is the smallest subnet that can support 2 devices?
A /30 subnet has 4 total addresses, with 2 usable hosts (one for each device). The network address and broadcast address occupy the other two. This is commonly used for point-to-point links between routers.
Why do we lose 2 addresses per subnet?
The first address in each subnet is reserved as the network address, which identifies the subnet itself. The last address is the broadcast address, used to send a message to all devices in that subnet. Neither can be assigned to a host.
What happens if I assign an IP address that is the broadcast address?
That IP is already reserved for broadcasting. If you assign it to a device, you will cause IP address conflicts and that device will not communicate properly because other devices will interpret traffic to that address as a broadcast.
Is subnetting still relevant with IPv6?
Yes. IPv6 also uses subnetting, but the scale is much larger. IPv6 subnets are typically /64, providing 18 quintillion addresses per subnet. The principles are the same, but the math is simpler because you rarely need to conserve addresses.
Summary
IPv4 subnetting is a fundamental networking skill that enables efficient use of IP addresses, improves network performance, and strengthens security through segmentation. It involves dividing a single IP network into smaller subnets by borrowing bits from the host portion of the address. The subnet mask defines the boundary between network and host, and proper calculation ensures each subnet has enough usable addresses for its devices.
For IT certification exams like CompTIA A+ 220-1101, subnetting appears in scenario-based questions where you must determine the correct subnet mask, network address, broadcast address, or usable host range. Common mistakes include forgetting to subtract 2 for the network and broadcast addresses, misidentifying the number of subnets, and confusing the subnet mask with the default gateway. By mastering binary conversion, the subnetting formulas, and the increment method, you can confidently solve any subnetting problem on the exam and in real-world networking.
Remember that subnetting is not just an exam topic, it is a daily tool for designing, managing, and securing modern networks.
