In the first lesson of this course, we saw why we need subnetting in the first place. In this lesson, we will see why we need the netmask and its role in the subnetting process.

In short, subnetting is all about the network mask. To really understand IP subnetting, you need to have a good understanding of the function of the mask. Let's see why we need it. 

Why do we need the subnet mask?

Imagine a world where there is no subnet mask alongside IP addresses, as illustrated in figure 1 below. Suppose that PC1 ( wants to communicate with PC2 ( How would PC1 know whether PC2 is on the same network or not? How would PC1 even know to which network it belongs?

Why do we need the subnet mask?
Figure 1. Why do we need the subnet mask?

Recall that there is a major difference when hosts communicate within the same network or between different networks. 

  • Within a network, communication is handled through LAN switches. When a host sends a packet to another host on the same network, it uses ARP to resolve the target host's MAC address and directly sends ethernet frames destined for the remote host. The LAN switches simply forward the frames based on the destination MAC address.
  • On the other hand, communication between networks involves IP routing. When a host on a network sends an IP packet to a host on another network, it uses ARP to resolve the default gateway's MAC address. It then sends the packets to the default gateway router. The router examines the destination IP address and forwards the packet to the appropriate network based on its routing table.

Without knowing the network boundaries, PC1 does not know which process to follow and how to communicate with remote hosts. 

That's where the Subnet Mask comes into the picture. Using the mask, PC1 now knows which hosts are on the same network and which are not, as illustrated in figure 2 below.

The role of the Subnet Mask
Figure 2. The role of the Subnet Mask

In the example shown in figure 2, PC1 knows the boundaries of its network (based on the mask) and knows it has to send the packets to its default gateway.

Ok, now let's see what exactly is the subnet mask.

What is the subnet mask?

The subnet mask, referred to as the netmask or the network mask, is a 32-bit binary number of consecutive ones that separates an IP address into a network and host portions. We, humans, are used to working with subnet masks represented in decimal numbers, such as:

However, routers and switches work with the network mask in binary. The binary representation of the above network mask is as follows:


When we look at the binary subnet mask, we see that it is made of leading consecutive 1s and then consecutive 0s up to 32 bits. The 1s in the subnet mask identify the IP address's network portion, while the 0s identify the host portion. That is why there are only 32 possible values for the network mask. Each one is a combination of leading ones and trailing zeros. The mask is not a random 32-bit number! Table 1 shows all possible subnet mask values.

00000000.00000000.00000000.00000000 |                
10000000.00000000.00000000.00000000 |              
11000000.00000000.00000000.00000000 |              
11100000.00000000.00000000.00000000 |              
11110000.00000000.00000000.00000000 |              
11111000.00000000.00000000.00000000 |              
11111100.00000000.00000000.00000000 |              
11111110.00000000.00000000.00000000 |              
11111111.00000000.00000000.00000000 | (Class A)    
11111111.10000000.00000000.00000000 |            
11111111.11000000.00000000.00000000 |            
11111111.11100000.00000000.00000000 |            
11111111.11110000.00000000.00000000 |            
11111111.11111000.00000000.00000000 |            
11111111.11111100.00000000.00000000 |            
11111111.11111110.00000000.00000000 |            
11111111.11111111.00000000.00000000 | (Class B)  
11111111.11111111.10000000.00000000 |          
11111111.11111111.11000000.00000000 |          
11111111.11111111.11100000.00000000 |          
11111111.11111111.11110000.00000000 |          
11111111.11111111.11111000.00000000 |          
11111111.11111111.11111100.00000000 |          
11111111.11111111.11111110.00000000 |          
11111111.11111111.11111111.00000000 | (Class C)
11111111.11111111.11111111.10000000 |        
11111111.11111111.11111111.11000000 |        
11111111.11111111.11111111.11100000 |        
11111111.11111111.11111111.11110000 |        
11111111.11111111.11111111.11111000 |        
11111111.11111111.11111111.11111100 |        
11111111.11111111.11111111.11111110 |        
11111111.11111111.11111111.11111111 |        

The term “mask” is used because the subnet mask basically uses its own 32-bit binary number to mask the IP address's 32-bits. Let's see how.

Network and Host portions

Figure 3 shows how the mask divides an IP address into network and host portions. 

  • The 1s in the subnet mask define which bits in the IP address specify the network portion.
  • The 0s in the subnet mask define which bits in the IP address specify the host portion.

You can see in the example shown below that the mask defines that the first 24 bits of the IP address are the network identifier. Therefore, all IP addresses that start with bits 11000000.10101000.0000001.hhhhhhh are part of the same network. If we translate this into decimal numbers, every address that starts with 192.168.1.h with mask is part of the same network.

The function of the Subnet Mask
Figure 3. The function of the Subnet Mask

When we know the network portion of the address, we can figure out that the IP addresses in the network are as shown in figure 4 below.

Number of hosts per subnet
Figure 4. Number of hosts per subnet

As you can see, the mask defines that addresses from 11000000.10101000.00000001.00000000 through 11000000.10101000.00000001.11111111 are part of the same network. If we translate this to decimal numbers, all addresses from through are part of the same subnet.

Using the subnet mask, you calculate the number of hosts per subnet using the formula:

Number-of-hosts-per-subnet = 2^(number-of-bits-in-host-portion) - 2

The "-2" at the end of the formula is because the first and last IP addresses in each subnet are reserved, one for the network ID and one for the broadcast address.

For example, suppose you have the IP address The subnet mask for this network is, which means the first 24 bits of the IP address are the network ID, and the last 8 bits are the host ID.

To calculate the number of hosts per subnet for this network, we use the formula:

Number-of-hosts-per-subnet = 2^(8) - 2 = 254 hosts

Therefore, there are 254 usable IP addresses in this subnet.

Determining the boundaries of a subnet

The subnet mask determines the boundary of a subnet. Based on the subnet mask, we find the Network Identifier and the Broadcast Address of the subnet, which are the two ends of the network's boundary. All addresses In between are usable host addresses. 

But how do we find those based on a given IP address/Mask, for example,

If we want to be scientific, the explanation goes like this:

  • The network address is obtained by performing a bitwise AND operation between the IP address and the subnet mask. The result of this operation is the network identifier, which is the lowest IP address in the subnet. 
  • The broadcast address, the highest IP address in the subnet, is obtained by performing a bitwise OR operation between the network address and the inverted subnet mask.

If we want to be practical - We first convert the address and mask to binary and determine the network and host portions. Then we make the host portion to all zeros, which is the Network ID. Then we make the host portion to all 1s, which is the broadcast address. All IPs in between are the usable host addresses (2^host bits -2).

Let's start with a basic example. Let's calculate the boundary of

Determining the boundaries of a subnet
Figure 5. Determining the boundaries of a subnet

You can see the entire process illustrated in figure 5. Notice that this is a basic example, just to start tuning in. Let's now see a few more complex examples of determining the subnet's boundaries.

Let's calculate the boundary of

Full Content Access is for Registered Users Only (it's FREE)...

  • Learn any CCNA, DevNet or Network Automation topic with animated explanation.
  • We focus on simplicity. Networking tutorials and examples written in simple, understandable language for beginners.