Security Tools

CIDR Subnet Calculator

Enter any CIDR notation (e.g. 192.168.1.0/24) to get network address, broadcast, subnet mask, and usable host count.

By ToolHub Pro, Editorial Team·Updated 2026-01-15

CIDR Notation

IP Addresses and Subnets

An IPv4 address is a 32-bit number written as four decimal octets (e.g. 192.168.1.0). A subnet divides a larger network into smaller logical segments, allowing you to control broadcast domains and network routing. Subnets are defined by a network address and a subnet mask — the mask determines which part of the IP address identifies the network and which part identifies individual hosts. Understanding subnets is essential for configuring firewalls, cloud VPCs (Virtual Private Clouds), and network security groups where you need to specify which IP ranges are allowed or denied.

CIDR Notation Explained

CIDR (Classless Inter-Domain Routing) notation writes the network address followed by a slash and the number of network bits: 192.168.1.0/24. The /24 means the first 24 of 32 bits are the network portion, leaving 8 bits for host addresses — supporting 256 addresses (254 usable, excluding network and broadcast). /16 gives 65,536 addresses; /32 is a single host. CIDR replaced the old Class A/B/C system and allows more flexible allocation of address space.

Common Subnet Sizes

For practical reference: /32 = 1 host (single IP rules in firewalls), /30 = 2 usable hosts (point-to-point links), /28 = 14 hosts, /24 = 254 hosts (standard office LAN), /16 = 65,534 hosts (large VPC), /0 = all IP addresses ("allow from anywhere" in security group rules). AWS VPCs typically use /16 as the VPC CIDR and /24 subnets for individual availability zones, giving room for 256 subnets per VPC.

Private Address Ranges

Three IP ranges are reserved for private networks and are never routed on the public internet: 10.0.0.0/8 (16.7M addresses, common in large cloud VPCs), 172.16.0.0/12 (1M addresses, Docker's default), and 192.168.0.0/16 (65,536 addresses, typical home/office routers). When configuring security groups or firewall rules to allow internal traffic only, these ranges are used to restrict access to within the private network. Traffic between these ranges never crosses the public internet, but still requires routing within a data centre or cloud environment.

Frequently Asked Questions

What does /24 mean in CIDR notation?

/24 means the first 24 bits of the address are the network prefix. This leaves 8 bits for host addresses, giving 256 total addresses and 254 usable hosts (excluding network and broadcast addresses).

What is the difference between network and broadcast address?

The network address (first address) identifies the subnet itself. The broadcast address (last address) sends packets to all hosts on the subnet. Neither can be assigned to a device — that's why /24 has 254 usable hosts, not 256.

What CIDR notation is used for single hosts?

/32 represents a single host (exactly one IP). /31 is used for point-to-point links (2 addresses, no broadcast). /30 is the smallest subnet for regular use (2 usable hosts).

Related Tools

UUID Generator Secret Key Generator