CIDR, VLSM, and Subnet Math
Key Takeaways
- CIDR slash notation counts network bits; the remaining host bits set the subnet size, replacing classful assumptions entirely.
- Usable IPv4 hosts equal 2 raised to the host-bit count minus 2, because the network ID and broadcast address are reserved in every subnet.
- Block size equals 256 minus the mask value in the interesting octet, and it spaces every network ID, broadcast, and host range.
- VLSM assigns different prefix lengths to subnets sized by need; always allocate the largest requirement first to avoid overlap.
- Subnetting PBQs reward one repeatable method, network ID then broadcast then usable range, far more than memorizing isolated answers.
From Classful to CIDR
Classless Inter-Domain Routing (CIDR) replaces class assumptions with explicit prefix lengths. A /24 means 24 network bits and 8 host bits; a /26 means 26 network bits and 6 host bits. The N10-009 PBQs will hand you a host address and prefix and expect the network ID, broadcast, and usable range in seconds. Memorize the mask chart below cold, because deriving each mask from scratch under a 90-minute clock wastes time you need for the longer scenarios.
| Prefix | Mask | Addresses | Usable hosts | Block size |
|---|---|---|---|---|
| /24 | 255.255.255.0 | 256 | 254 | 256 (4th octet) |
| /25 | 255.255.255.128 | 128 | 126 | 128 |
| /26 | 255.255.255.192 | 64 | 62 | 64 |
| /27 | 255.255.255.224 | 32 | 30 | 32 |
| /28 | 255.255.255.240 | 16 | 14 | 16 |
| /29 | 255.255.255.248 | 8 | 6 | 8 |
| /30 | 255.255.255.252 | 4 | 2 | 4 |
The usable-host formula is 2^(host bits) - 2. A /29 has 3 host bits, so 2^3 = 8 addresses minus 2 reserved = 6 usable. Point-to-point links use /30 (2 usable) by tradition, though /31 links exist in some designs.
The Fast Method
Use this exact sequence on every subnet question:
- Convert the prefix to a dotted-decimal mask.
- Find the interesting octet, the one octet where the mask is neither 255 nor 0.
- Block size = 256 - mask value in that octet.
- List network IDs by stepping in block-size increments from 0.
- The broadcast is one less than the next network ID.
- Usable hosts are every address between the network ID and broadcast.
Worked example: 192.168.10.77/26.
| Step | Result |
|---|---|
| Mask for /26 | 255.255.255.192 |
| Interesting octet | 4th |
| Block size | 256 - 192 = 64 |
| Network IDs | .0, .64, .128, .192 |
| 77 falls in | the .64 subnet |
| Network ID | 192.168.10.64 |
| Broadcast | 192.168.10.127 |
| Usable range | 192.168.10.65 - 192.168.10.126 |
Notice 77 lands between 64 and 127, so its network ID is 64 and broadcast is 127. Forgetting to subtract one for the broadcast (writing .128 instead of .127) is the single most common arithmetic slip on the exam.
VLSM Allocation
Variable Length Subnet Masking (VLSM) lets one address block carry subnets of different sizes, conserving addresses. The rule that prevents overlap is allocate the largest requirement first, then fit smaller subnets into the gaps on valid boundaries.
First, map each host requirement to the smallest prefix that satisfies it:
| Need | Smallest prefix | Usable |
|---|---|---|
| 100 hosts | /25 | 126 |
| 50 hosts | /26 | 62 |
| 25 hosts | /27 | 30 |
| 12 hosts | /28 | 14 |
| 5 hosts | /29 | 6 |
| 2 hosts | /30 | 2 |
Given 192.168.50.0/24 with needs of 100, 50, 25, and 12 hosts, allocate top-down:
| Requirement | Subnet | Usable range |
|---|---|---|
| 100 hosts | 192.168.50.0/25 | .1 - .126 |
| 50 hosts | 192.168.50.128/26 | .129 - .190 |
| 25 hosts | 192.168.50.192/27 | .193 - .222 |
| 12 hosts | 192.168.50.224/28 | .225 - .238 |
Each subnet begins exactly where the previous one ended plus one, with no overlap and no wasted block boundaries.
PBQ-Style Thinking
Scenario: assign subnets to departments needing 55, 27, 12, and 2 hosts from one /24. Sort largest first and pick /26 for 55, /27 for 27, /28 for 12, and /30 for the 2-host link. Place them on valid block boundaries so none overlap.
Scenario: host 10.1.5.130/25 cannot reach 10.1.5.20/25 directly. A /25 has block size 128, so .130 lives in 10.1.5.128/25 and .20 lives in 10.1.5.0/25. They are different subnets and require a router; same wire, different networks.
Reading Any Octet Position
The fast method works in any octet, not just the fourth. For a /18, the interesting octet is the third: the mask is 255.255.192.0, so block size is 256 - 192 = 64 in the third octet. Network IDs step by 64 there: x.x.0.0, x.x.64.0, x.x.128.0, x.x.192.0. A host of 172.16.100.5/18 therefore lands in 172.16.64.0/18, with a broadcast of 172.16.127.255 and a usable range of 172.16.64.1 through 172.16.127.254. The principle never changes; only the position of the interesting octet moves left as the prefix shortens. Identify which octet holds the partial mask, compute 256 minus that value, and step from zero.
A second habit worth building is reading the relationship between prefix length and counts as a ladder. Every time you remove one bit from the prefix (move from /27 to /26) you double the addresses and roughly double the usable hosts; every time you add a bit you halve them. This lets you sanity-check an answer instantly: if a question claims a /27 supports 60 hosts, you know it is wrong, because /27 holds 32 addresses and only 30 usable. The exam frequently offers a distractor that is off by exactly one prefix bit, so a quick doubling check catches it.
Counting Subnets, Not Just Hosts
Some questions ask how many subnets you gain by borrowing bits, the mirror image of host counting. Borrowing n bits from the host portion creates 2^n subnets. Splitting a /24 into /27s borrows 3 bits, yielding 2^3 = 8 subnets of 30 usable hosts each. Splitting that same /24 into /26s borrows 2 bits for 4 subnets of 62 hosts. Decide whether the scenario constrains you by subnet count or by hosts-per-subnet, because the two pull the prefix in opposite directions, and a good design satisfies the tighter of the two requirements.
Subnet Trap Table
| Trap | Correction |
|---|---|
| Using a classful mask automatically | Use the given CIDR prefix |
| Assigning the network ID to a host | First address is reserved |
| Assigning the broadcast to a host | Last address is reserved |
| Skipping the VLSM size sort | Allocate largest subnet first |
| Overlapping VLSM ranges | Honor block boundaries |
| Confusing total with usable | Usable = total - 2 |
| Answer off by one prefix bit | Double-check with the doubling ladder |
What is the network ID for host 192.168.10.77/26?
Which prefix is the smallest single subnet that supports 50 usable IPv4 hosts?
Which practice is essential to reliable VLSM planning?