The Internet Protocol Address (or IP) is used by network devices as host identifiers for communication with other network devices using Internet Protocol. Internet Protocol version 4 (IPv4) are 32-bit binary numbers, usually represented in human-readable dotted-decimal format (e.g. Certain IP addresses are reserved by the Internet Assigned Numbers Authority (IANA) for special use and cannot be used as host addresses (listed in RFC 5735).

CCNA Training – Resources (Intense)

A subnet mask is a binary number (also usually represented in dotted-decimal format) used to separate network and host parts in an IP address. An IPv4 subnet mask is 32 bits large. In a valid subnet mask, the network part is represented with “1” from left side followed and ended by host part “0” – 11111111.11111111.11111111.00000000 (binary form), (dotted-decimal form) or simply “/24” which means that the subnet network part is 24 bits long. If you want to study more on IPv4 addressing, you can read my previous article on it.

This article covers octal and decimal math with respect to IP subnetting, subnet masks, broadcast addresses and the like. It’s meant to de-mystify the simple math of IP networking for the novice LAN administrator. A sound understanding of these concepts is critical for security and general network stability and yet even university-level textbooks seem to gloss over this topic.

Brief overview

An IP number has four 8-bit octets. Since each binary bit has two possible values, either on or off (0 or 1), each octet can represent 28 = 256 decimal numbers (0 to 255). If we count up all 32 bits (4×8=32), we have an Internet of 256x256x256x256 = 232 = 4,294,967,296 possible addresses. That’s too many for any one network so this number is segmented into more manageable chunks, or subnets, via routing. The network base address and subnet mask determines what portion of the 32-bit Internet belongs to a given subnet.

A network interface (NIC) should not waste its processing power looking at any and all IP traffic. We want each NIC to ignore anything not meant for it. A subnet mask provides a way to quickly and efficiently filter out anything not meant for our subnet. NICs on hosts, routers, etc., use a combination of network “base” address and “mask” to determine what to ignore and what to listen to.

The netmask shorthand notation (the /##’s) just specifies how many 1’s to keep to determine the network address of an interface. Each octet has eight 1’s. With no masking, that’s “11111111.11111111.11111111.11111111”. The netmask would be or just /0, meaning look at all the ones in all the octets — the entire Internet. Again, we generally do not want any NIC to listen to the entire Internet.

The netmask is called a “mask” because it also tells how many 1’s on the left-hand side to mask-out when figuring out a specific host address.

For a “Class C” or “8-bit” subnet (32-24=8), the network interfaces only care about the last octet. So we use, or its shorthand equivalent, /24.

For a Class B or “16-bit” subnet (32-16=16), we need the details of the last two octets. So we use, or /16.

Computers love octal math because they’re essentially binary in nature (like a switch that can be either OFF/0 or ON/1) the same way humans like base ten (because we count on our fingers). Our base ten tendencies cause our eyes to glaze over when presented with octal numbers. Still, some understanding of the octal number system helps us comprehend IP networking a bit more clearly.

The eight “places” in 11111111 equate to 128 64 32 16 8 4 2 1.

IP subnet mask conversion

The old way of IP/Mask notation:

The old way of IP/Mask notation:

The new way of specify the mask is a lot simpler and faster and is known as CIDR notation, or Classless Inter Domain Routing. A Net mask must by definition be moving Left to Right.

All one’s (1) up to a point will then change to become all Zero’s (0) until the end of the mask. Given this, we can specify the mask by how many binary 1’s there are.

In-depth details for conversion are as follows:

Binary Representation CIDR Value
Subnet Mask
11111111.00000000.00000000.00000000 /8
11111111.10000000.00000000.00000000 /9
11111111.11000000.00000000.00000000 /10
11111111 .11100000 00000000.00000000 /11
11111111.11110000.00000000. 00000000 /12
11111111 .11111000.00000000.00000000 /13
11111111.11111100.00000000.00000000 /14
11111111.11111110.00000000.00000000 /15
11111111.11111111.00000000.00000000 /16
11111111.11111111.10000000.00000000 /17
11111111.11111111.11000000.00000000 /18
11111111.11111111.11100000.00000000 /19
11111111.11111111.11110000.00000000 /20
11111111.11111111.11111000.00000000 /21
11111111.11111111.11111100.00000000 /22
11111111.11111111.11111110.00000000 /23
11111111.11111111.11111111.00000000 /24
11111111.11111111.11111111.10000000 /25
11111111.11111111.11111111.11000000 /26
11111111.11111111.11111111.11100000 /27
11111111.11111111.11111111.11110000 /28
11111111.11111111.11111111.11111000 /29
11111111.11111111.11111111.11111100 /30
11111111.11111111.11111111.11111110 /31
11111111.11111111.11111111.11111111 /32

Ok, now let’s take a sample scenario wherein given a subnet mask of X.X.X.X, how do I determine the subnet’s CIDR notation?

This discussion will assume class-less subnetting (no doubt because some might say I lack class).

1. Write down the subnet mask (e.g.

2. Convert each octet into binary: 1111 1111.1111 1111.1111 1111.0000 0000.

3. Count the number of ones in the last step, starting from left to right.

4. Write down the count from the previous step (e.g. 24).

5. Next write down the IP address of the host or gateway (e.g.

6. Convert each octet into binary: 1100 0000.1010 1000.0000 0001.0000 0011.

7. Perform a bitwise AND operation on the binary subnet mask and binary IP address:

1111 1111. 1111 1111. 1111 1111. 0000 0000 A ( i.e. subnet mask)

1100 0000. 1010 1000. 0000 0001. 0000 0011 B ( i.e. given IP address)


1100 0000.1010 1000.0000 0001.0000 0000 C = A AND B ( i.e. Network address)

8. Take the answer from the operation above and convert each octet back to decimal (base10) notation.

9. Write down the result of the previous operation:

10. Append the bit count from step #4 (above) to the result of the last operation using CIDR notation (e.g.

With this scenario, I hope you got a clear idea about the technique required to convert subnet masks.

Tips for CCNA Exams:

For CCNA exams and real time scenarios, you need to master subnet masks. I have given you the required techniques to pass the exam and master the technology for the job. In order to practice further, try to Google for newer questions and solve them.

Hopefully, all the confusion regarding the conversion of subnet masks have been washed out from your mind. Just be calm and relax and give it your 100 percent, and I am sure that subnet conversion is never going to confuse you.

Now it’s time to take credits from you, Keep reading and use the comments section below this article if you have any questions to ask.


  1. Guide to Cisco Certified Network Associate certification by Todd Lamlee, Sybex press.
  2. Guide to Cisco Certified Network Associate by Richard Deal.
  3. Cisco Certified Network Professional-Route by Wendel Odom,
  4. CCNP- Route Quick reference by Denis Donohou,
  5. Cisco Certified Internetwork Expert by Wendel odom and others,
  6. Cisco Certified Internetwork Expert Quick reference by Brad Ellis,