I spent three weeks genuinely confused about subnetting. Not "I need to review this a bit more" confused. Actually, staring-at-the-ceiling-at-midnight confused. I'd read the explanations. I'd watched the videos. I could recite the process mechanically and still get answers wrong under any kind of time pressure.

Then something clicked. Not from a new resource — from a different starting point inside the same material I'd already read a dozen times. If subnetting isn't landing for you either, this is what I wish someone had told me in week one.

★ WHY MOST GUIDES START FROM THE WRONG END

Almost every subnetting guide starts with binary. "Convert the IP to binary, AND it with the subnet mask, and you get the network address." That's correct — and if it clicks for you immediately, build on it. Binary is the right foundation.

My problem wasn't the binary explanation. It was that I jumped straight to speed techniques before I actually understood what subnetting is. The binary made sense in isolation but I couldn't connect it to a fast answer under exam pressure. What I needed first was a mental model for the concept itself — then the binary and the shortcuts both fell into place on top of it.

Here's the mental model that finally worked for me:

[ THE MENTAL MODEL ] Think of an IP address space like a street. The network address is the street name. The host bits are the house numbers. The subnet mask tells you how many houses are allowed on the street.

Subnetting is just subdividing that street into smaller blocks. You're not doing math — you're drawing boundaries on a map.

Once that landed, the binary made sense. The math made sense. I wasn't converting numbers to figure something out — I was confirming where the boundaries I already understood in my head actually fell.

★ THE FRAMEWORK THAT ACTUALLY WORKS

Here's how I think through any subnetting question now. No binary required for most of it.

STEP 1: KNOW YOUR POWERS OF 2

[ SUBNET CHEAT SHEET — MEMORIZE THIS ] /24 = 256 addresses = 254 usable hosts
/25 = 128 addresses = 126 usable hosts
/26 = 64 addresses = 62 usable hosts
/27 = 32 addresses = 30 usable hosts
/28 = 16 addresses = 14 usable hosts
/29 = 8 addresses = 6 usable hosts
/30 = 4 addresses = 2 usable hosts
/31 = 2 addresses = p2p only*
/32 = 1 address = host route
[ * /31 EXCEPTION — RFC 3021 ] Normal subnets reserve the first address as network and the last as broadcast, leaving the rest as usable hosts. /31 breaks this rule. On a point-to-point link, RFC 3021 allows both addresses to be used as endpoint host addresses — there is no network address or broadcast. This only applies to p2p links between two devices (router-to-router, etc). Don't apply normal host math here.

Need /8 through /32 with subnet masks, wildcard masks, and block sizes? Full CIDR cheat sheet →

These numbers are powers of 2 — each step down adds one host bit. The "borrows bits" framing is useful but needs context: when people say a /25 "borrows 1 bit from a /24, giving 2 subnets of 128," they mean relative to a /24 parent block. If your parent block is a /22 the math changes. The cheat sheet above gives you absolute address counts per prefix — use those as your starting point, then apply them to whatever address space you're actually working inside.

STEP 2: FIND THE BLOCK SIZE

The block size is the magic number. It's just 256 minus the last non-255 octet of the subnet mask.

[ BLOCK SIZE EXAMPLES ] /24 → mask 255.255.255.0 → block = 256 - 0 = 256
/25 → mask 255.255.255.128 → block = 256 - 128 = 128
/26 → mask 255.255.255.192 → block = 256 - 192 = 64
/27 → mask 255.255.255.224 → block = 256 - 224 = 32
/28 → mask 255.255.255.240 → block = 256 - 240 = 16

The block size tells you where your subnets start and end within the interesting octet. For masks in the last octet (/25 through /30) subnets always start at multiples of the block size in that octet. This shortcut works cleanly there. For masks like /20, /21, /18, /23 where the interesting octet shifts left, the same principle applies but you need to identify which octet is actually changing — the last fully-masked octet isn't always the fourth. Get comfortable with last-octet masks first, then extend the same logic leftward.

STEP 3: LIST YOUR SUBNET BOUNDARIES

Given 192.168.10.0/27, the block size is 32. So your subnets start at:

SUBNETNETWORKFIRST HOSTLAST HOSTBROADCAST
1192.168.10.0.1.30.31
2192.168.10.32.33.62.63
3192.168.10.64.65.94.95
4192.168.10.96.97.126.127
...............
8192.168.10.224.225.254.255

You don't calculate each one separately. You count up by block size: 0, 32, 64, 96, 128, 160, 192, 224. The network address is always the first, broadcast is always one less than the next network address, usable hosts are everything in between.

WHY THIS MATTERS UNDER EXAM PRESSURE

Here's a real exam-style question: which subnet does 192.168.10.100 belong to? What's the network address, broadcast, and usable range?

If you know /27 = block of 32, you immediately count up your boundaries: 0, 32, 64, 96, 128. The address 100 falls between 96 and 128 — so the answer is:

[ WORKED EXAMPLE — 192.168.10.100/27 ] Network address: 192.168.10.96
First usable: 192.168.10.97
Last usable: 192.168.10.126
Broadcast: 192.168.10.127

Time to answer: under 10 seconds once block sizes are internalized.

That's the gap the block size approach closes. You might fully understand the binary — 27 network bits, 5 host bits, 2⁵ = 32 addresses — and still freeze on where 100 actually lands when the clock is running. Counting multiples of 32 in your head is fast. Binary AND operations under pressure are not.

[ ALSO ON THELINEMAN ] Running Fortinet gear at home is the best way to apply subnetting in a real environment. Here's exactly what my lab costs and how it's configured.
FORTINET ON A BUDGET ▶

★ THE VLSM PROBLEM — AND WHY IT'S EASIER THAN IT LOOKS

Variable Length Subnet Masking (VLSM) sounds intimidating. It's just subnetting a subnet — allocating different sized blocks from the same address space based on actual requirements. The same rules apply, you're just doing it in layers.

The key is always to start with the largest requirement and work down. Allocate the biggest subnet first, then carve out smaller ones from the remaining space. Never allocate a larger block from space that's already been used.

[ VLSM APPROACH ] 1. Sort your requirements from largest to smallest
2. Find the smallest subnet that fits the largest requirement
3. Allocate it from the start of your address space
4. Repeat for the next requirement, starting from where the last one ended
5. Document every boundary as you go — don't try to hold it in your head
[ ⚠ VLSM IN THE REAL WORLD ] For the CCNA exam the above approach is enough. In production network design VLSM gets more complex — you also need to think about route summarization (can your subnets be advertised as a single summary route?), hierarchy (does the addressing reflect your network topology?), and room for growth (will you need more hosts or subnets in this range later?). Cisco's own documentation notes that VLSM conserves address space but also makes addressing plans easier to get wrong if you're not careful. Exam first, design thinking second.

★ A NOTE ON ORDER — BINARY FIRST IS STILL RIGHT

After posting about this, someone made a good point: the ideal path is probably binary foundation first, speed techniques second. Learn why /27 means 27 network bits and 5 host bits. Understand that each octet shares the same bit value order — 128, 64, 32, 16, 8, 4, 2, 1. See how /27 sits exactly 3 hops right of /24 and lands on the 32 bit slot, which is also your block size. That pattern repeats across every octet boundary.

Once that relationship between binary and block size clicks, the cheat sheet stops being memorization and starts being something you could derive yourself. That's a much stronger position to be in on exam day.

My mistake was jumping to the shortcuts before the foundation was solid. If you're early in your CCNA prep, do it in the right order — Jeremy's IT Lab covers the binary side better than anything else I've found. Then come back to the block size approach as a speed layer on top of real understanding.

★ WHAT ACTUALLY MADE IT STICK

Reading helped. Videos helped. But what actually made subnetting automatic was repetition under time pressure.

I used subnettingpractice.com every single day for two weeks. Not to study — just to drill. Set a timer, answer questions, check results, repeat. After about 200 reps the mental model stopped being something I recalled and started being something I just did.

This is the same principle behind Ironman training. You don't think about your stroke when you're swimming at kilometre 3 of the swim leg. You've done it enough times that your body just knows. Subnetting works the same way. The goal isn't to understand it — it's to internalize it until understanding isn't even the right word anymore._

[ ★ APPLY IT IN A LAB ] Once subnetting clicks, put it to work. The VLAN lab series uses real subnets — you'll address switches and PCs from scratch using exactly what's covered here.
VLAN LAB 1 ▶
[ ★ RESOURCES THAT HELPED ME ]
SUBNETTING PRACTICE ↗ JEREMY'S IT LAB ↗ BOSON EXSIM ↗
◀ PREVIOUS FORTINET ON A BUDGET: MY HOME LAB STACK EXPLAINED NEXT ▶ WHAT ENTERPRISE NETWORKING ACTUALLY LOOKS LIKE