This chapter covers subnet masks and CIDR notation, fundamental concepts for understanding IP addressing and network segmentation. On the CompTIA A+ 220-1101 exam, questions about subnetting typically appear in the Networking domain (Objective 2.1), often requiring you to identify the correct subnet mask, calculate the number of hosts, or determine if two IP addresses are on the same network. While deep subnetting calculations are not a major focus, you must understand the purpose of subnet masks, how CIDR notation works, and how to apply them in common scenarios such as setting up a small office network. Expect about 5-10% of exam questions to touch on subnet masks or related addressing concepts.
Jump to a section
Imagine a large apartment building with 256 mailboxes, numbered 0 through 255. The building's street address is 10.0.1.0, but each mailbox has its own number. Now, the building manager wants to divide the mailboxes into groups so that different delivery companies handle different sections. He decides that the first 64 mailboxes (0–63) belong to Company A, the next 64 (64–127) to Company B, and so on. To make this work, he installs a special partition board inside the mailboxes that physically separates the groups. The partition board has a slot at a certain height: any mailbox number below that slot is in one group, above it in another. The height of the slot is like the subnet mask's prefix length. For the first group of 64, the slot is set so that the first 6 bits of the mailbox number (since 2^6=64) are fixed to 000000, and the remaining 2 bits vary. In binary, mailbox 0 is 00000000, mailbox 63 is 00111111. The partition board uses a mask: it only looks at the first 6 bits to decide the group. So if a letter arrives addressed to mailbox 10 (binary 00001010), the board checks the first 6 bits (000010) and routes it to Company A's group. The mask itself is like a template: it has 1s for the bits that matter (the network portion) and 0s for the bits that don't (the host portion). In the building, the mask is a stencil that covers the last 2 bits of the mailbox number, so the delivery person only reads the first 6 bits to know which company. This is exactly how a subnet mask works: it tells a device which part of an IP address is the network identifier and which part is the host identifier, enabling logical segmentation of a larger network into smaller subnets.
What is a Subnet Mask and Why Does It Exist?
A subnet mask is a 32-bit number that divides an IP address into two parts: the network portion and the host portion. It works by 'masking' the IP address: bits in the mask set to 1 correspond to the network bits, bits set to 0 correspond to host bits. The purpose is to allow devices to determine whether a destination IP address is on the same local network or must be reached via a router. Without a subnet mask, a device would not know which addresses are local and which are remote, making routing impossible.
Subnet masks exist because IP addresses alone do not indicate how many bits belong to the network. In the original classful system (Class A, B, C), the network boundary was fixed by the first few bits, but that was wasteful and inflexible. Subnet masks enable Classless Inter-Domain Routing (CIDR), allowing arbitrary network sizes and efficient use of address space.
How Subnet Masks Work Internally
A device performs a bitwise AND operation between its own IP address and its subnet mask to determine the network address. For example, IP 192.168.1.10 with mask 255.255.255.0:
IP: 11000000.10101000.00000001.00001010
Mask: 11111111.11111111.11111111.00000000
AND result: 11000000.10101000.00000001.00000000 = 192.168.1.0 (network address)
To determine if another address, say 192.168.1.20, is on the same network, the device performs the same AND on that address and compares the result. If the network addresses match, they are on the same subnet; otherwise, traffic must go through a default gateway (router).
CIDR Notation
CIDR (Classless Inter-Domain Routing) notation replaces the dotted-decimal subnet mask with a prefix length, written after the IP address with a slash (e.g., 192.168.1.0/24). The prefix length is the number of consecutive 1 bits in the subnet mask. For example: - /24 = 255.255.255.0 = 24 network bits, 8 host bits - /16 = 255.255.0.0 = 16 network bits, 16 host bits - /8 = 255.0.0.0 = 8 network bits, 24 host bits
Common Subnet Masks and Their Host Capacities
The number of usable host addresses per subnet is calculated as 2^(number of host bits) - 2. The subtraction of 2 accounts for the network address (all host bits 0) and the broadcast address (all host bits 1). Common masks: - /30 (255.255.255.252): 2 host bits -> 2^2 - 2 = 2 usable hosts (used for point-to-point links) - /29 (255.255.255.248): 3 host bits -> 6 usable hosts - /28 (255.255.255.240): 4 host bits -> 14 usable hosts - /27 (255.255.255.224): 5 host bits -> 30 usable hosts - /26 (255.255.255.192): 6 host bits -> 62 usable hosts - /25 (255.255.255.128): 7 host bits -> 126 usable hosts - /24 (255.255.255.0): 8 host bits -> 254 usable hosts - /23 (255.255.254.0): 9 host bits -> 510 usable hosts - /22 (255.255.252.0): 10 host bits -> 1022 usable hosts - /21 (255.255.248.0): 11 host bits -> 2046 usable hosts - /20 (255.255.240.0): 12 host bits -> 4094 usable hosts - /19 (255.255.224.0): 13 host bits -> 8190 usable hosts - /18 (255.255.192.0): 14 host bits -> 16382 usable hosts - /17 (255.255.128.0): 15 host bits -> 32766 usable hosts - /16 (255.255.0.0): 16 host bits -> 65534 usable hosts
Determining the Network Address and Broadcast Address
Given an IP address and subnet mask, you can find the network address by ANDing the IP with the mask. The broadcast address is obtained by setting all host bits to 1. For example, 192.168.1.10/24: network=192.168.1.0, broadcast=192.168.1.255. For 172.16.5.130/26: mask=255.255.255.192, host bits=6. The network is 172.16.5.128 (because 130 in binary is 10000010, AND with 11000000 = 10000000 = 128), broadcast=172.16.5.191 (10000000 | 00111111 = 10111111 = 191).
Subnetting a Network
Subnetting is the process of borrowing host bits to create additional subnet bits. For example, a /24 network (256 addresses) can be subnetted into two /25 subnets (128 addresses each) by borrowing 1 bit. Each subnet has its own network and broadcast address. The original network 192.168.1.0/24 becomes:
Subnet 1: 192.168.1.0/25 (network 192.168.1.0, broadcast 192.168.1.127, usable 192.168.1.1-126)
Subnet 2: 192.168.1.128/25 (network 192.168.1.128, broadcast 192.168.1.255, usable 192.168.1.129-254)
Configuration and Verification Commands
In Windows, you can view the subnet mask using:
- ipconfig (shows IPv4 address and subnet mask)
- ipconfig /all (shows more details)
On Linux/macOS:
- ifconfig
- ip addr show
To verify connectivity within a subnet, use ping. If the destination is on the same subnet, the device sends an ARP request directly; if not, it sends the packet to the default gateway.
How Subnet Masks Interact with Related Technologies
DHCP: A DHCP server assigns an IP address, subnet mask, default gateway, and DNS servers. The subnet mask tells the client how large its local network is.
Routing: Routers use the subnet mask to determine the network portion of a destination IP when looking up routes in the routing table. A route entry includes a destination network and its prefix length.
VLSM (Variable Length Subnet Mask): Allows different subnets within the same network to have different subnet masks, enabling more efficient use of address space.
Exam-Relevant Details
The default subnet masks for classful networks: Class A = 255.0.0.0 (/8), Class B = 255.255.0.0 (/16), Class C = 255.255.255.0 (/24).
Private IP ranges (RFC 1918): 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
Loopback address: 127.0.0.0/8 (typically 127.0.0.1/8).
APIPA (Automatic Private IP Addressing): 169.254.0.0/16, mask 255.255.0.0.
Trap Patterns on the Exam
Confusing the number of hosts with the total number of addresses. Remember: total addresses = 2^host bits, usable hosts = total - 2.
Thinking that /24 is always the default for Class C. While the default mask for Class C is /24, you can subnet further (e.g., /28) within a Class C network.
Misidentifying the broadcast address: it is the last address in the subnet, not the network address plus 1.
Forgetting that the network address and broadcast address are not assignable to hosts.
Summary of Key Numbers
Maximum hosts for /24: 254
Maximum hosts for /30: 2 (point-to-point)
Common home network mask: 255.255.255.0 (/24)
Common enterprise subnet: /24 or /23
Conclusion
Understanding subnet masks and CIDR is essential for configuring IP addresses, troubleshooting connectivity, and designing networks. On the A+ exam, focus on being able to identify the correct mask for a given scenario, calculate the number of hosts, and determine if two addresses are on the same subnet. Practice with binary conversions and AND operations to build speed.
Identify the IP and mask
Start with an IP address and its subnet mask. For example, 192.168.1.10 with mask 255.255.255.0. The mask tells you which bits are network bits (1s) and which are host bits (0s). In this case, the first 24 bits are network, the last 8 are host. If the mask is given in CIDR notation like /24, convert to dotted decimal if needed. On the exam, you may be given either format.
Convert both to binary
Write the IP address and subnet mask in binary. Each octet is 8 bits. For 192.168.1.10: 11000000.10101000.00000001.00001010. For 255.255.255.0: 11111111.11111111.11111111.00000000. This step is critical because the AND operation works bit by bit. Practice converting common octets: 255=11111111, 254=11111110, 252=11111100, 248=11111000, 240=11110000, 224=11100000, 192=11000000, 128=10000000, 0=00000000.
Perform bitwise AND
Line up the bits of the IP and the mask. For each bit position, if both bits are 1, the result is 1; otherwise, 0. The result is the network address. For our example: 11000000.10101000.00000001.00001010 AND 11111111.11111111.11111111.00000000 = 11000000.10101000.00000001.00000000 = 192.168.1.0. This is the network address. The AND operation essentially 'zeros out' the host bits.
Determine broadcast address
The broadcast address is the network address with all host bits set to 1. To get it, take the network address in binary and change all host bits (the bits where the mask has 0) to 1. For /24, the last 8 bits become 11111111. So 192.168.1.0 becomes 192.168.1.255. For a /26 mask (255.255.255.192), the host bits are the last 6 bits. If network is 192.168.1.128 (binary 10000000), broadcast is 192.168.1.191 (10000000 | 00111111 = 10111111 = 191).
Calculate usable hosts
The number of usable host addresses is 2^(number of host bits) - 2. For /24: host bits = 32-24 = 8, so 2^8 - 2 = 256 - 2 = 254. For /26: host bits = 6, so 2^6 - 2 = 64 - 2 = 62. The subtraction of 2 removes the network address (all host bits 0) and broadcast address (all host bits 1). On the exam, you may need to calculate this for a given mask or determine the appropriate mask for a given number of hosts.
In a typical small office, the network administrator sets up a single subnet for all devices, commonly using 192.168.1.0/24. This provides 254 usable addresses, enough for a few dozen computers, printers, and phones. The DHCP server is configured to hand out addresses in that range, with a subnet mask of 255.255.255.0. The default gateway is usually the router's LAN IP, such as 192.168.1.1. This setup is simple and works well until the office grows beyond 254 devices or needs to segregate traffic (e.g., separate guest Wi-Fi from internal systems).
In a larger enterprise, network engineers use VLSM to create subnets of varying sizes. For example, a /24 network might be subnetted into multiple /28 subnets for different departments: Sales gets 192.168.1.0/28 (14 hosts), IT gets 192.168.1.16/28, and so on. This conserves IP addresses and reduces broadcast domains. A common mistake is miscalculating the subnet boundaries, causing overlapping subnets. For instance, using 192.168.1.0/28 and 192.168.1.15/28 would overlap because .15 is the broadcast of the first subnet. Proper planning ensures contiguous subnets.
In cloud environments like AWS, VPCs use CIDR blocks. A typical VPC might be 10.0.0.0/16, providing 65,536 addresses. Subnets within the VPC are created with smaller masks, such as /24 for public subnets and /24 for private subnets. The subnet mask determines the size of the subnet and affects routing. Misconfiguring the subnet mask can lead to connectivity issues: if a host has a mask that is too large (e.g., /16 instead of /24), it may think remote hosts are local and fail to send traffic to the gateway. Conversely, a mask that is too small (e.g., /28 instead of /24) may cause the host to consider some local addresses as remote, sending traffic to the gateway unnecessarily. Performance-wise, larger subnets increase broadcast traffic, which can degrade performance on busy networks. Best practice is to use the smallest subnet that accommodates the expected number of hosts, plus room for growth.
The CompTIA A+ 220-1101 exam (Objective 2.1) tests your ability to compare and contrast various networking concepts, including subnet masks and CIDR. Specifically, you may be asked to:
Identify the correct subnet mask for a given scenario (e.g., a small office with 50 devices).
Determine the number of usable hosts given a subnet mask.
Recognize that a /24 mask is 255.255.255.0 and provides 254 hosts.
Understand that CIDR notation (e.g., /24) is a shorthand for the subnet mask.
Know that private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) are used internally and must be combined with a subnet mask.
Common wrong answers: 1. Choosing 255.255.255.0 for a point-to-point link (needs /30 or 255.255.255.252). Candidates often default to /24. 2. Calculating usable hosts as 2^host bits without subtracting 2. For /24, they say 256 instead of 254. 3. Confusing the network address (first IP) with the default gateway. The gateway is typically the first usable address, but not always. 4. Thinking that a /16 mask (255.255.0.0) is used for Class B networks only, but it can be used with any IP (though not common for Class C).
Numbers to memorize: - /30 = 2 usable hosts - /29 = 6 usable - /28 = 14 usable - /27 = 30 usable - /26 = 62 usable - /25 = 126 usable - /24 = 254 usable - /23 = 510 usable - /16 = 65,534 usable - /8 = 16,777,214 usable
Exam tips: When you see a question asking for the subnet mask for a network with X hosts, find the smallest mask that provides at least X+2 addresses. For example, for 10 hosts, you need at least 12 addresses, so a /28 (16 addresses) works. Also, remember that the network address and broadcast address are not assignable. Eliminate answers that include those addresses as valid host IPs. Finally, practice converting between CIDR and dotted decimal: /24 = 255.255.255.0, /25 = 255.255.255.128, /26 = 255.255.255.192, /27 = 255.255.255.224, /28 = 255.255.255.240, /29 = 255.255.255.248, /30 = 255.255.255.252.
A subnet mask divides an IP address into network and host portions using a bitwise AND operation.
CIDR notation (e.g., /24) is a shorthand for the subnet mask (e.g., 255.255.255.0).
Usable hosts per subnet = 2^(host bits) - 2.
Common masks: /30 = 2 usable, /29 = 6, /28 = 14, /27 = 30, /26 = 62, /25 = 126, /24 = 254.
The network address (all host bits 0) and broadcast address (all host bits 1) are not assignable to hosts.
Private IP ranges (RFC 1918) require a subnet mask to define the network size.
On the A+ exam, know how to choose the correct mask for a given number of hosts.
A /24 mask is the most common for small office/home networks.
APIPA uses mask 255.255.0.0 (/16) for the 169.254.0.0/16 range.
Loopback address 127.0.0.1 uses mask 255.0.0.0 (/8).
These come up on the exam all the time. Here's how to tell them apart.
Classful Addressing
Uses fixed network bits based on address class: A=8, B=16, C=24.
Wasteful: a Class C network (/24) is the smallest unit, even if only 2 hosts needed.
No subnetting within a class without VLSM (which is classless).
Default masks: Class A 255.0.0.0, B 255.255.0.0, C 255.255.255.0.
No prefix length notation; subnet mask must be written in dotted decimal.
CIDR (Classless Inter-Domain Routing)
Uses variable-length subnet masks (VLSM) with arbitrary prefix lengths.
Efficient: can create subnets of any size (e.g., /30 for 2 hosts).
Allows subnetting of any network, regardless of original class.
Uses slash notation (e.g., /24) to indicate prefix length.
Standard for modern networking; required for routing on the internet.
Mistake
The subnet mask 255.255.255.0 is always used for Class C addresses.
Correct
Class C addresses have a default mask of /24 (255.255.255.0), but you can use any mask with any address class in CIDR. For example, you can use /28 on a Class C address to create smaller subnets.
Mistake
The network address is the first usable host address.
Correct
The network address (all host bits 0) is not assignable to a host. It is used to identify the subnet. The first usable host address is the network address plus 1.
Mistake
A /24 subnet has 256 usable host addresses.
Correct
A /24 subnet has 256 total addresses, but the network address (first) and broadcast address (last) are reserved, leaving 254 usable hosts.
Mistake
CIDR notation and subnet masks are two different things.
Correct
CIDR notation (e.g., /24) is simply a shorthand for the subnet mask. /24 is equivalent to 255.255.255.0. They represent the same information.
Mistake
The default gateway must always be the first usable IP in the subnet.
Correct
The default gateway can be any usable IP address in the subnet. While it is common to use the first or last usable address, it is not required by any standard.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
The subnet mask for a /27 network is 255.255.255.224. This is because /27 means 27 network bits, so the last 5 bits are host bits. In binary, the mask is 11111111.11111111.11111111.11100000, which converts to 255.255.255.224. This mask provides 30 usable host addresses (2^5 - 2 = 30). On the exam, you may need to convert quickly: /24 = 255.255.255.0, /25 = 255.255.255.128, /26 = 255.255.255.192, /27 = 255.255.255.224, /28 = 255.255.255.240, /29 = 255.255.255.248, /30 = 255.255.255.252.
A /28 subnet has 4 host bits (32 - 28 = 4), so the total number of addresses is 2^4 = 16. Subtracting the network address and broadcast address leaves 14 usable host addresses. This is a common size for small networks. For example, a /28 subnet of 192.168.1.0 has usable addresses 192.168.1.1 through 192.168.1.14, with broadcast 192.168.1.15.
A subnet mask defines the boundary between the network and host portions of an IP address, determining which devices are on the same local network. The default gateway is the IP address of the router that a device uses to send traffic to destinations outside its local subnet. Both are configured on a host. For example, a host with IP 192.168.1.10, mask 255.255.255.0, and gateway 192.168.1.1: the mask tells it that any address starting with 192.168.1 is local, and the gateway is used for all other traffic.
Yes, subnet masks can vary widely. Common masks include 255.255.255.252 (/30) for point-to-point links, 255.255.255.0 (/24) for small networks, 255.255.0.0 (/16) for larger networks, and 255.0.0.0 (/8) for very large networks. The mask is determined by the number of network bits. On the A+ exam, you may need to identify the correct mask for a given scenario, such as a network with 50 devices (use /26 or 255.255.255.192).
The broadcast address for the subnet 10.0.0.0/24 is 10.0.0.255. The /24 mask means the first 24 bits are network (10.0.0), and the last 8 bits are host. The broadcast address sets all host bits to 1, so the last octet becomes 255 (11111111). Therefore, the broadcast is 10.0.0.255. This address is used to send packets to all devices on that subnet.
To calculate the network address, perform a bitwise AND operation between the IP address and the subnet mask. For example, IP 192.168.1.10 and mask 255.255.255.0: convert both to binary, AND them, then convert back. The result is 192.168.1.0. In decimal, you can also use the 'AND' method: for each octet, if the mask octet is 255, the network octet equals the IP octet; if the mask octet is 0, the network octet is 0. For non-255/0 masks, binary conversion is needed.
CIDR notation (e.g., 192.168.1.0/24) simplifies the representation of an IP address and its subnet mask. Instead of writing the mask in dotted decimal (255.255.255.0), you just specify the number of network bits after a slash. This notation is used in routing tables, network configuration, and documentation. It also enables VLSM, allowing networks to be divided into subnets of different sizes efficiently. On the A+ exam, you may see CIDR notation in questions about IP addressing.
You've just covered Subnet Masks and CIDR for A+ — now see how well it sticks with free 220-1101 practice questions. Full explanations included, no account needed.
Done with this chapter?