Common IPv4 Subnetting Scenarios: /25, /26, /27, /28
Published • 12 min read
TL;DR: Real networks need different subnet sizes for different purposes. /25 splits a /24 in half (126 hosts), /26 gives you quarters (62 hosts), /27 creates eighths (30 hosts), and /28 provides sixteenths (14 hosts). Learn when to use each size and how to plan efficient address layouts.
Why subnet size matters in real networks
While /24 networks are comfortable and familiar, real-world scenarios often call for different subnet sizes. Maybe you need to divide a department into smaller teams, create dedicated segments for servers, or set up point-to-point links between sites. Understanding when and how to use /25, /26, /27, and /28 subnets gives you the flexibility to design efficient, organized networks that don't waste address space.
The key insight is that different network segments have different requirements. A busy office floor might need hundreds of addresses, while a printer VLAN might only need a dozen. Point-to-point links between routers need just two addresses. By choosing the right subnet size for each purpose, you can create clean, scalable network designs that grow with your organization.
Smart subnetting also improves network performance and security. Smaller broadcast domains mean less network chatter. Logical address groupings make firewall rules clearer and troubleshooting easier. And when everything has a logical place, network documentation becomes straightforward.
The /25 network: splitting the classic /24
A /25 network takes a familiar /24 and cuts it exactly in half. Instead of one network with 254 hosts, you get two networks with 126 hosts each. This is perfect when you have two distinct groups that are too large for smaller subnets but don't need a full /24 each.
Math breakdown: /25 means 25 network bits and 7 host bits. 2^7 = 128 total addresses minus 2 (network and broadcast) = 126 usable hosts per /25 subnet.
Perfect /25 scenarios:
- Two office floors: Floor 1 gets 192.168.10.0/25 (hosts .1-.126), Floor 2 gets 192.168.10.128/25 (hosts .129-.254)
- Day shift vs. night shift: When you have two work shifts that need separate network policies
- Employees vs. contractors: Different security policies for different user types
- Wired vs. wireless: Some organizations separate wired and wireless devices into different subnets for security and management
The beauty of /25 is its simplicity—you're just drawing a line down the middle of a /24. The first /25 uses the first half of the addresses (0-127), and the second uses the second half (128-255). Network administrators often start here when they need to subdivide address space because the math is straightforward.
Real-world /25 example: dual-floor office
Imagine a company with 80 employees on the first floor and 60 on the second floor. A single /24 would work, but you want to separate them for security policies and network management.
Floor 1 Network: 192.168.50.0/25
- Network address: 192.168.50.0 (unusable)
- First host: 192.168.50.1 (often the gateway)
- Last host: 192.168.50.126
- Broadcast: 192.168.50.127 (unusable)
- Capacity: 126 hosts (plenty for 80 employees plus growth)
Floor 2 Network: 192.168.50.128/25
- Network address: 192.168.50.128 (unusable)
- First host: 192.168.50.129 (gateway at .129)
- Last host: 192.168.50.254
- Broadcast: 192.168.50.255 (unusable)
- Capacity: 126 hosts (comfortable for 60 employees plus expansion)
This setup lets you apply different firewall rules, DHCP scopes, and access policies to each floor while using address space efficiently. If Floor 1 grows beyond 126 devices, you can easily migrate to a full /24 or add additional subnets.
The /26 network: quarters for medium-sized groups
A /26 network divides a /24 into four equal pieces, giving you 62 usable hosts per subnet. This size is extremely popular for departmental networks, VLANs, and medium-sized workgroups that need their own address space.
Math breakdown: /26 means 26 network bits and 6 host bits. 2^6 = 64 total addresses minus 2 = 62 usable hosts per /26 subnet.
Perfect /26 scenarios:
- Departmental networks: HR (30 people), Engineering (45 people), Sales (25 people), Marketing (20 people)
- School classrooms: Each classroom network isolated from others
- Guest networks: Separate access for visitors with limited connectivity
- IoT device clusters: Groups of smart devices that need network access but security isolation
- Lab networks: Development or testing environments that need to be isolated from production
The /26 is often considered the "sweet spot" for many office networks. It's large enough for most departments but small enough that you can fit four of them in a single /24 address space, making address planning very tidy.
Real-world /26 example: departmental segmentation
A company wants to segment its 192.168.100.0/24 address space into four department networks:
Engineering: 192.168.100.0/26
- Address range: 192.168.100.1 - 192.168.100.62
- Perfect for 45 engineers plus printers, servers, and test equipment
- Gateway typically at 192.168.100.1
Sales: 192.168.100.64/26
- Address range: 192.168.100.65 - 192.168.100.126
- Suitable for 25 sales staff plus demo equipment and conference room devices
- Gateway at 192.168.100.65
Marketing: 192.168.100.128/26
- Address range: 192.168.100.129 - 192.168.100.190
- Handles 20 marketing team members plus creative workstations and media servers
- Gateway at 192.168.100.129
Guest/Visitor: 192.168.100.192/26
- Address range: 192.168.100.193 - 192.168.100.254
- Isolated network for visitor laptops and contractor access
- Restricted internet access, no internal network access
This layout provides clear separation between departments, enables department-specific security policies, and uses the entire /24 efficiently with room for growth in each department.
The /27 network: eighths for smaller teams
A /27 network gives you 30 usable hosts and divides a /24 into eight subnets. This size works perfectly for smaller teams, specialized server groups, or when you need many separate network segments within limited address space.
Math breakdown: /27 means 27 network bits and 5 host bits. 2^5 = 32 total addresses minus 2 = 30 usable hosts per /27 subnet.
Perfect /27 scenarios:
- Small team networks: Accounting (12 people), Legal (8 people), HR (15 people)
- Server farms: Web servers, database servers, application servers as separate groups
- Branch offices: Remote locations with 10-25 employees
- VLAN segmentation: Printers, phones, security cameras, building automation
- Development environments: Separate networks for dev, test, staging environments
The /27 shines in environments where you need many separate networks but each network doesn't need many addresses. It's particularly useful in multi-tenant environments or when implementing micro-segmentation for security.
Real-world /27 example: branch office network
A company has eight branch offices, each needing its own network segment for VPN connectivity and local resource access. They allocate 192.168.200.0/24 and divide it into eight /27 networks:
Branch Office Networks:
- Boston: 192.168.200.0/27 (hosts .1-.30)
- Chicago: 192.168.200.32/27 (hosts .33-.62)
- Dallas: 192.168.200.64/27 (hosts .65-.94)
- Denver: 192.168.200.96/27 (hosts .97-.126)
- Miami: 192.168.200.128/27 (hosts .129-.158)
- Phoenix: 192.168.200.160/27 (hosts .161-.190)
- Portland: 192.168.200.192/27 (hosts .193-.222)
- Seattle: 192.168.200.224/27 (hosts .225-.254)
Each branch gets 30 addresses—enough for 20-25 employees plus local servers, printers, and network equipment. The consistent addressing scheme makes VPN configuration straightforward and routing tables clean.
The /28 network: sixteenths for specialized purposes
A /28 network provides 14 usable hosts and divides a /24 into sixteen subnets. This small size is perfect for very specific purposes where you need many separate networks but each one serves only a few devices.
Math breakdown: /28 means 28 network bits and 4 host bits. 2^4 = 16 total addresses minus 2 = 14 usable hosts per /28 subnet.
Perfect /28 scenarios:
- Equipment clusters: Each rack in a data center gets its own /28
- Small server groups: Database cluster (3 servers), web farm (6 servers), monitoring system (4 servers)
- Point-of-sale systems: Each store location or department gets isolated POS networks
- Security camera zones: Cameras grouped by building area or security zone
- Building systems: HVAC controllers, lighting systems, access control panels
- Network appliances: Firewalls, load balancers, intrusion detection systems
The /28 is particularly valuable in environments where micro-segmentation is important for security or compliance. You can isolate small groups of related devices while still maintaining efficient address utilization.
Real-world /28 example: data center rack allocation
A data center uses 10.20.30.0/24 to address sixteen server racks, with each rack getting a /28 subnet:
Sample rack allocations:
- Rack A1: 10.20.30.0/28 (hosts .1-.14) - Web servers
- Rack A2: 10.20.30.16/28 (hosts .17-.30) - Application servers
- Rack A3: 10.20.30.32/28 (hosts .33-.46) - Database servers
- Rack A4: 10.20.30.48/28 (hosts .49-.62) - Storage servers
Each /28 provides 14 addresses—enough for 10-12 servers plus switches and out-of-band management interfaces. This creates clean address boundaries that align with physical infrastructure and make cable management, troubleshooting, and security policies much simpler.
Beyond /28: even smaller subnets
Sometimes you need even smaller subnets for very specific purposes:
/30 subnets (2 usable hosts): Perfect for point-to-point links between routers. Each link gets exactly the two addresses it needs—one for each router interface. This is incredibly common in WAN environments and data center interconnects.
/31 subnets (2 usable hosts, no broadcast): RFC 3021 defines this special case for point-to-point links. There's no network or broadcast address—both addresses are usable. This saves one address per link compared to /30.
/32 subnets (1 host): This represents a single host address, often used for loopback interfaces, host routes, or very specific firewall rules.
Planning your subnet hierarchy
Effective subnetting requires planning your address hierarchy from the top down. Start with your total address space, then work down to individual subnet requirements:
Step 1: Inventory your requirements
- Count devices in each department/location/function
- Plan for 3-5 years of growth
- Add 25-50% buffer for unexpected needs
- Identify special requirements (servers, links, appliances)
Step 2: Choose subnet sizes
- Round up device counts to the next power of 2
- Pick the smallest subnet that provides adequate space
- Consider using consistent sizes for operational simplicity
- Leave room for additional subnets
Step 3: Assign address ranges
- Start with the largest subnets first
- Align subnet boundaries on natural bit boundaries
- Document everything clearly
- Reserve some space for future expansion
Variable Length Subnet Masking (VLSM) in action
VLSM allows you to use different subnet sizes within the same address space efficiently. Here's a complete example using 192.168.1.0/24:
Requirements analysis:
- Main office: 100 hosts (need /25)
- Branch office: 25 hosts (need /27)
- Server VLAN: 10 hosts (need /28)
- Printer VLAN: 6 hosts (need /29)
- Router links: 4 links of 2 hosts each (need /30s)
VLSM allocation:
- 192.168.1.0/25 → Main office (126 hosts)
- 192.168.1.128/27 → Branch office (30 hosts)
- 192.168.1.160/28 → Server VLAN (14 hosts)
- 192.168.1.176/29 → Printer VLAN (6 hosts)
- 192.168.1.184/30 → Router link 1
- 192.168.1.188/30 → Router link 2
- 192.168.1.192/30 → Router link 3
- 192.168.1.196/30 → Router link 4
- 192.168.1.200/29 → Future expansion
This allocation uses 200 of the 254 available addresses efficiently, with room left for growth or additional links.
Common subnetting mistakes and how to avoid them
Overlapping subnets: The most dangerous mistake is creating subnets that overlap. Always double-check that your subnet ranges don't conflict. Use a spreadsheet or network planning tool to track allocations.
Insufficient growth planning: Don't cut subnets too close to current needs. Networks always grow faster than expected. Plan for at least 50% growth over 3 years.
Ignoring alignment: Subnet boundaries should align with bit boundaries. Don't create arbitrary ranges like 192.168.1.10 to 192.168.1.50—use proper CIDR blocks.
Poor documentation: Keep clear records of what each subnet is used for. Future network administrators (including future you) will thank you for comprehensive documentation.
Forgetting special addresses: Remember that each subnet loses two addresses for network and broadcast. Factor this into your capacity planning.
Tools for subnet planning and verification
Several tools can help you plan and verify your subnetting schemes:
IP calculators: Use our IP Prefix Calculator to quickly verify subnet math and see address ranges clearly. Try each of your planned subnets to ensure they provide the capacity you expect.
Spreadsheets: Create a simple tracking sheet with columns for subnet, purpose, size, first address, last address, and utilization. This helps prevent overlaps and tracks growth.
Network documentation tools: Tools like NetBox, phpIPAM, or even simple IPAM systems can help track address allocations and prevent conflicts.
Subnet calculators: Online tools that help you divide larger blocks into smaller subnets systematically, ensuring efficient use of address space.
Subnetting for security and performance
Smart subnetting improves both security and network performance:
Security benefits:
- Separate subnets enable different firewall policies
- Network segmentation limits attack propagation
- VLANs can isolate sensitive systems
- Guest networks prevent access to internal resources
Performance benefits:
- Smaller broadcast domains reduce network chatter
- Logical grouping improves routing efficiency
- Quality of service policies work better with clear boundaries
- Troubleshooting becomes easier with organized address space
Migration strategies for existing networks
If you have an existing flat network that needs segmentation, plan the migration carefully:
Parallel approach: Build new subnets alongside the old network, then migrate devices gradually. This minimizes disruption but requires more address space during the transition.
Phased approach: Migrate one department or function at a time. Start with the least critical systems and work toward mission-critical infrastructure.
Big bang approach: Reconfigure everything during a maintenance window. This is disruptive but gets the job done quickly. Only suitable for smaller networks or when you have extensive downtime available.
Regardless of approach, thorough testing and rollback plans are essential. Document the new addressing scheme completely before beginning migration.
Subnet size quick reference
Keep this handy for planning:
- /25: 126 hosts (half of /24) - large departments
- /26: 62 hosts (quarter of /24) - medium departments
- /27: 30 hosts (eighth of /24) - small teams
- /28: 14 hosts (sixteenth of /24) - server groups
- /29: 6 hosts - very small groups
- /30: 2 hosts - point-to-point links
- /31: 2 hosts - efficient point-to-point (RFC 3021)
- /32: 1 host - single device
Advanced scenarios: multi-site and hierarchical design
Large organizations often need hierarchical addressing schemes that scale across multiple sites and network tiers:
Geographic hierarchy: Use different /16s or /12s for different regions, then subdivide by city, then by site, then by function. For example:
- 10.1.0.0/16 → East Coast
- 10.2.0.0/16 → West Coast
- 10.1.1.0/24 → New York office
- 10.1.2.0/24 → Boston office
- 10.1.1.0/26 → NY engineering
- 10.1.1.64/26 → NY sales
Functional hierarchy: Organize by network function rather than geography. Separate ranges for users, servers, infrastructure, and management traffic.
Hierarchical designs make routing more efficient, troubleshooting easier, and address allocation more systematic.
Testing your subnetting knowledge
Try these scenarios with the IP Prefix Calculator:
- Divide 172.16.50.0/24 into four equal /26 subnets for four departments
- Create eight /27 branch office networks from 10.100.0.0/24
- Plan a /28 for servers (10 devices) and a /29 for printers (4 devices) within 192.168.20.0/24
- Design point-to-point links using /30 subnets from 169.254.1.0/24
- Mix /25, /27, and /28 subnets efficiently within a single /24 block
Key principles for successful subnetting
- Plan for growth—networks always expand beyond initial estimates
- Use consistent patterns that are easy to remember and document
- Align subnet boundaries with natural bit boundaries
- Group related functions into the same subnets
- Leave room for future expansion in your addressing scheme
- Document everything thoroughly for future administrators
Your next steps with practical subnetting
Start by analyzing your current network. Count devices by function and location. Identify growth areas and special requirements. Then practice designing subnet schemes using our calculator to see how different approaches affect address utilization. The key is understanding that subnetting is both an art and a science—the math must work, but the design should also make operational sense for your specific environment.
Remember that good subnetting serves the people who will manage the network daily. Clear patterns, logical groupings, and adequate documentation make everyone's job easier and reduce the chance of configuration errors that can disrupt network operations.