Most people who struggle with the CCNA do not freeze on OSPF or VLANs. They freeze on a subnetting question with the clock running, because subnetting is the one skill the exam expects you to do in your head, fast, with no calculator. The good news: subnetting by network requirements is a fixed three-step method. Once you drill it, every “how many subnets” and “which mask” question becomes the same small piece of arithmetic.
This guide shows you how to subnet by the number of networks you need, then drills the method against a Class C, a Class B, and a Class A starting point, plus the /30 point-to-point link that shows up on nearly every exam. Every example shows the full arithmetic, the binary, the mask in both notations, and the resulting subnet list. Nothing is summarized away. It maps to objective 1.6 of the CCNA 200-301 study guide, and every example uses private RFC1918 or documentation address space.
Worked through every example below by hand and verified the subnet math in June 2026.
The 3-step method for subnetting by network requirements
To subnet by the number of networks you need: (1) convert the required number of subnets to the minimum number of borrowed bits, (2) add those bits to the default mask to get the new prefix, (3) calculate the increment and list the subnets. That is the whole method. Here is each step.
Step 1, find the borrowed bits. Find the smallest number of bits whose combinations cover your requirement. The rule is the smallest n where 2 to the power of n is greater than or equal to the number of subnets you need. Need 5 subnets? Two bits give 4 combinations (too few), three bits give 8 (enough), so you borrow 3 bits.
Step 2, build the new prefix. Borrow those bits from the left of the host portion of the default classful mask. The new prefix length is the default prefix plus the borrowed bits. A Class C default is /24, so borrowing 3 bits gives /27.
Step 3, find the increment and list the subnets. The increment (block size) is the decimal value of the lowest borrowed bit. For a /27 the borrowed bits sit in the fourth octet and the lowest one is the 32 position, so the increment is 32. Start at the network address and add the increment repeatedly to walk every subnet.
| Step | What you compute | Rule |
|---|---|---|
| 1 | Borrowed bits | smallest n where 2^n is at least the number of subnets |
| 2 | New prefix | default prefix + borrowed bits |
| 3 | Increment | decimal value of the lowest borrowed bit; list subnets by adding it |
Class C example: 5 subnets from 192.168.5.0/24
You need 5 subnets from a Class C network. Two bits give 4 combinations, which is not enough; three bits give 8, which covers 5 with room to spare. So borrow 3 bits. The new prefix is /24 plus 3, which is /27, and the mask is 255.255.255.224. In binary the fourth octet is 11100000, and 128 plus 64 plus 32 equals 224, which confirms the mask.
The lowest borrowed bit is the 32 position, so the increment is 32. Start at 192.168.5.0 and add 32 each time. That produces eight /27 subnets; you use 5 and keep 3 spare. Each /27 has 2 to the power of 5 host addresses, which is 32, leaving 30 usable after the network and broadcast are removed.
| Subnet | Network | First usable | Last usable | Broadcast |
|---|---|---|---|---|
| 192.168.5.0/27 | 192.168.5.0 | 192.168.5.1 | 192.168.5.30 | 192.168.5.31 |
| 192.168.5.32/27 | 192.168.5.32 | 192.168.5.33 | 192.168.5.62 | 192.168.5.63 |
| 192.168.5.64/27 | 192.168.5.64 | 192.168.5.65 | 192.168.5.94 | 192.168.5.95 |
| 192.168.5.96/27 | 192.168.5.96 | 192.168.5.97 | 192.168.5.126 | 192.168.5.127 |
| 192.168.5.128/27 | 192.168.5.128 | 192.168.5.129 | 192.168.5.158 | 192.168.5.159 |
| 192.168.5.160/27 | 192.168.5.160 | 192.168.5.161 | 192.168.5.190 | 192.168.5.191 |
| 192.168.5.192/27 | 192.168.5.192 | 192.168.5.193 | 192.168.5.222 | 192.168.5.223 |
| 192.168.5.224/27 | 192.168.5.224 | 192.168.5.225 | 192.168.5.254 | 192.168.5.255 |
Class B example: 60 subnets from 172.16.0.0/16
Now the requirement is 60 subnets from a Class B network. Five bits give 32 combinations (too few), six bits give 64 (enough for 60), so borrow 6 bits. The default Class B prefix is /16, so the new prefix is /22 and the mask is 255.255.252.0. In binary that is 11111111.11111111.11111100.00000000. All six borrowed bits land in the third octet, which is why the action moves there.
The lowest borrowed bit is the 4 position in the third octet, so the increment is 4 and it applies to the third octet. Each /22 holds 2 to the power of 10 addresses, which is 1024, leaving 1022 usable. Here are the first five subnets; the pattern continues by adding 4 to the third octet.
| Subnet | Network | First usable | Last usable | Broadcast |
|---|---|---|---|---|
| 172.16.0.0/22 | 172.16.0.0 | 172.16.0.1 | 172.16.3.254 | 172.16.3.255 |
| 172.16.4.0/22 | 172.16.4.0 | 172.16.4.1 | 172.16.7.254 | 172.16.7.255 |
| 172.16.8.0/22 | 172.16.8.0 | 172.16.8.1 | 172.16.11.254 | 172.16.11.255 |
| 172.16.12.0/22 | 172.16.12.0 | 172.16.12.1 | 172.16.15.254 | 172.16.15.255 |
| 172.16.16.0/22 | 172.16.16.0 | 172.16.16.1 | 172.16.19.254 | 172.16.19.255 |
Class A example: 1000 subnets from 10.0.0.0/8
A Class A network and a big requirement: 1000 subnets. Nine bits give 512 (too few), ten bits give 1024 (enough), so borrow 10 bits. The default Class A prefix is /8, so the new prefix is /18 and the mask is 255.255.192.0, which is 11111111.11111111.11000000.00000000 in binary. Eight of the borrowed bits fill the second octet, making it 255, and the last two turn on the 128 and 64 positions of the third octet, giving 192 there.
The lowest borrowed bit is the 64 position in the third octet, so the increment is 64 there. Each /18 holds 2 to the power of 14 addresses, which is 16384, leaving 16382 usable. The third octet steps 0, 64, 128, 192, then rolls into the next value of the second octet.
| Subnet | Network | First usable | Last usable | Broadcast |
|---|---|---|---|---|
| 10.0.0.0/18 | 10.0.0.0 | 10.0.0.1 | 10.0.63.254 | 10.0.63.255 |
| 10.0.64.0/18 | 10.0.64.0 | 10.0.64.1 | 10.0.127.254 | 10.0.127.255 |
| 10.0.128.0/18 | 10.0.128.0 | 10.0.128.1 | 10.0.191.254 | 10.0.191.255 |
| 10.0.192.0/18 | 10.0.192.0 | 10.0.192.1 | 10.0.255.254 | 10.0.255.255 |
| 10.1.0.0/18 | 10.1.0.0 | 10.1.0.1 | 10.1.63.254 | 10.1.63.255 |
The /30 subnet for point-to-point links
A /30 is the standard mask for a link between two routers, and it is the single most-tested subnetting scenario on the exam. The reason is efficiency: a point-to-point link needs exactly two addresses, one per router, and a /30 gives exactly that. The mask is 255.255.255.252, the last two bits of the fourth octet are host bits, and 2 to the power of 2 is 4 total addresses with 2 usable.
Take the block 203.0.113.0/30. The four addresses are 203.0.113.0 (the network), 203.0.113.1 (first usable), 203.0.113.2 (second usable), and 203.0.113.3 (the broadcast). R1 gets .1, R2 gets .2. The trap the exam loves: 203.0.113.3 is the broadcast, so it can never be configured on an interface, yet it is offered as a tempting wrong answer right next to the two valid hosts.
The pattern repeats for any /30. For 10.10.10.0/30 the addresses are 10.10.10.0 (network), 10.10.10.1 and 10.10.10.2 (the two usable hosts), and 10.10.10.3 (broadcast). If a question asks which address can be assigned to a router interface, only .1 and .2 are correct; the .0 and .3 are off limits. Sequential WAN links then step by the increment of 4: the next block is 10.10.10.4/30, then 10.10.10.8/30, and so on.
The binary-boundary trap
When the number of subnets you need is exactly a power of 2, naive binary conversion tempts you into borrowing one bit too many. Say you need 32 subnets. Writing 32 in binary gives 100000, which looks like 6 bits. But 2 to the power of 5 is already 32, and 5 bits produce values from 00000 to 11111, which is exactly 32 distinct subnets. Borrow 5, not 6.
The safe rule that never fails: subtract 1 from the requirement before converting to binary, then count the bits. If you need 32 subnets, convert 31, which is 11111, five bits, and 2 to the power of 5 equals 32. If you need 33, convert 32, which is 100000, six bits, and 2 to the power of 6 equals 64, which covers 33. Either way the count is right. These are the values that catch people, so commit them to memory.
| Subnets needed | Bits to borrow | Combinations (2^n) |
|---|---|---|
| 2 | 1 | 2 |
| 4 | 2 | 4 |
| 8 | 3 | 8 |
| 16 | 4 | 16 |
| 32 | 5 | 32 |
| 64 | 6 | 64 |
| 128 | 7 | 128 |
| 256 | 8 | 256 |
Finding which subnet an address belongs to
The exam also runs the method in reverse: given a host address and a mask, find its subnet. The trick is the increment again. Calculate the block size, then find the highest multiple of the increment that is less than or equal to the value in the interesting octet. That multiple is the network address.
Take 192.168.1.75/26. The mask is 255.255.255.192, so the increment is 64 and the subnets in the fourth octet start at 0, 64, 128, 192. The value 75 sits between 64 and 128, so the network is 192.168.1.64, the broadcast is 192.168.1.127, and the usable range is 192.168.1.65 to 192.168.1.126.
A harder one: 172.28.228.144/21. A /21 leaves the increment in the third octet, and 256 minus 248 gives a block size of 8. The quick formula is to divide the interesting octet by the increment and take the floor: 228 divided by 8 is 28.5, the floor is 28, and 28 times 8 is 224. So the network is 172.28.224.0, the broadcast is 172.28.231.255, and the usable range is 172.28.224.1 to 172.28.231.254.
Choosing the mask for a given number of hosts
Sometimes the requirement is hosts per subnet, not the number of subnets. The direction flips but the arithmetic is the same: borrow the fewest host bits where 2 to the power of the host bits, minus 2, is at least the hosts you need. Fewer host bits means more bits left for subnets and less wasted address space.
An office of 20 users needs at least 20 usable addresses. Four host bits give 14 usable, which is too few; five host bits give 30 usable, which is enough. Five host bits means a /27 (255.255.255.224). Watch the off-by-one temptation here: a /28 gives only 14 usable, so it cannot hold 20 users even though it looks close.
The same logic handles a multi-floor building. Floors needing 24, 29, 28, and 22 users each fit comfortably in a /27, because the largest floor (29 users) still needs only 30 usable addresses. One mask, /27, sizes every floor as its own subnet with almost no waste. Once each segment is sized, you assign the addresses on the device, the same way the base configuration on a Cisco device sets an interface IP.
Subnetting reference card
Keep these three tables next to you while you practice. The first is the powers of 2 you should know cold; the second is the CIDR prefixes that appear most on the exam; the third is the binary-boundary values to watch.
| Bits (n) | 2^n | Usable hosts (2^n minus 2) |
|---|---|---|
| 2 | 4 | 2 |
| 3 | 8 | 6 |
| 4 | 16 | 14 |
| 5 | 32 | 30 |
| 6 | 64 | 62 |
| 7 | 128 | 126 |
| 8 | 256 | 254 |
| 10 | 1024 | 1022 |
| 14 | 16384 | 16382 |
The common CIDR prefixes, with the mask, block size, and host counts you read off without thinking:
| Prefix | Mask | Block size | Total addresses | Usable hosts |
|---|---|---|---|---|
| /24 | 255.255.255.0 | 256 | 256 | 254 |
| /25 | 255.255.255.128 | 128 | 128 | 126 |
| /26 | 255.255.255.192 | 64 | 64 | 62 |
| /27 | 255.255.255.224 | 32 | 32 | 30 |
| /28 | 255.255.255.240 | 16 | 16 | 14 |
| /29 | 255.255.255.248 | 8 | 8 | 6 |
| /30 | 255.255.255.252 | 4 | 4 | 2 |
Practice until it is automatic
Reading subnetting is not the same as doing it. The only way to beat the clock on exam day is to run the calculation until it is muscle memory. The trainer below generates an unlimited stream of questions and checks each one instantly, covering network and broadcast addresses, host ranges, masks, wildcards, and prefixes. Aim for a long streak before you move on.
When the trainer feels easy, test the concepts with the short quiz below. Each question has a worked explanation so you can confirm the method, not just the answer. Keep the subnetting cheat sheet open while you drill for the mask, host-count, and block-size tables at a glance.
Once subnetting by requirement is automatic, the next skill is VLSM, which assigns differently sized subnets from a single block so a /30 WAN link and a /24 user LAN can share the same address space without waste. That builds directly on the increment method you just drilled.
