Networking VLSM subnetting CIDR IP addressing networking CCNA subnet mask

VLSM Subnetting Guide: Variable Length Subnet Mask Explained with Examples

Published on June 3, 2026 · Niwo

What is VLSM?

Variable Length Subnet Mask (VLSM) is an IP subnetting technique that allows network engineers to use different subnet mask lengths for different subnets within the same network. Instead of forcing every subnet to be the same size (as in classful or FLSM designs), VLSM tailors each subnet’s prefix length to match its actual host requirement.

VLSM is the practical implementation of Classless Inter-Domain Routing (CIDR), introduced by the IETF in 1993 through RFC 1518 and RFC 1519. CIDR replaced the rigid classful addressing system (Class A, B, C) and gave network administrators the freedom to divide IP blocks at arbitrary bit boundaries. VLSM is what you do inside your network with CIDR — the technique of carving a given block into variable-sized subnets.

Why standard subnetting wastes IPs

Before CIDR, subnetting was classful. A Class C network (/24) gave you 256 addresses. A Class B (/16) gave you 65,536. If your company needed 300 IPs, you had to take an entire Class B — wasting 65,236 addresses. Moving down, a Class C was too small for 300 hosts. This binary choice was the root cause of massive IPv4 address waste throughout the 1980s and early 1990s.

VLSM solved this by letting network engineers pick any prefix length between /0 and /32. Need 300 hosts? Use a /23 (510 usable addresses). Need 2 hosts for a WAN link? Use a /30 (2 usable addresses). Every subnet gets exactly what it needs — no more, no less.

CIDR foundation

CIDR notation — the familiar 192.168.1.0/24 format — is the language of VLSM. The number after the slash tells you how many bits belong to the network prefix. The remaining bits (32 minus the prefix) are host bits:

192.168.1.0/24  →  24 network bits  |  8 host bits  = 256 addresses
192.168.1.0/26  →  26 network bits  |  6 host bits  =  64 addresses
192.168.1.0/30  →  30 network bits  |  2 host bits  =   4 addresses

Each time you borrow one more bit from the host portion, you double the number of subnets and halve the number of addresses per subnet. This bit-level flexibility is the engine behind VLSM.

🧮 Try our VLSM Calculator to see CIDR prefix math in action — enter any base network and host requirements, and the tool generates an optimized plan instantly.

VLSM vs FLSM (Fixed Length Subnet Mask)

FLSM (Fixed Length Subnet Mask) divides a network into subnets of identical size. VLSM divides it into subnets of different sizes, each sized to match its host requirement. This single difference has massive implications for IP efficiency, scalability, and network design.

Key differences

Aspect	FLSM	VLSM
Subnet sizes	All identical	Varies per subnet
IP efficiency	Low — wastes addresses on small subnets	High — each subnet sized to need
Routing protocol support	RIPv1 (classful only)	RIPv2, OSPF, EIGRP, BGP, IS-IS
Configuration complexity	Simple but wasteful	Requires planning, vastly more efficient
Growth flexibility	Poor — must redesign for larger subnets	Good — gaps left for expansion
CIDR support	No	Yes — foundation of CIDR
Exam relevance	CCNA fundamentals	CCNA core skill

Real-world example: the cost of FLSM

Consider a medium business with a 10.0.0.0/24 block (256 addresses) that needs three subnets:

Server farm: 100 hosts
Office LAN: 50 hosts
WAN link: 2 hosts

With FLSM: dividing the /24 into 3 equal subnets means you need 3 subnets. The closest power-of-2 for 3 subnets is 4, so each subnet gets 64 addresses (/26). The WAN link, needing only 2 addresses, is assigned a /26 with 62 usable addresses — 60 are wasted. Total waste: 128 addresses (the 4th unused subnet of 64, plus 60 on the WAN link, plus 14 on the office LAN, plus 14 on the server farm if it only uses 100 out of 62… wait, 62 < 100, so this doesn’t even work).

The FLSM trap: with 3 subnets, you’d pick /26 (64 addresses), but 64 < 100 — the server farm doesn’t fit. You’d have to jump to /25 (128 addresses) × 2 subnets, which still doesn’t give you 3 subnets. The only FLSM option is /24 divided into 4 × /26, but the server farm (100 hosts) barely fits in one /26 (62 usable addresses — it doesn’t fit). So FLSM forces you to use a larger block like 10.0.0.0/23 (512 addresses), of which you use maybe 30%.

With VLSM: you assign:

Server farm: /25 (126 usable addresses) — fits with room to grow
Office LAN: /26 (62 usable) — fits with margin
WAN link: /30 (2 usable) — zero waste

Total used: 128 + 64 + 4 = 196 addresses. Wasted: only 26 + 14 + 0 = 40 addresses. Efficiency: 79% vs 30% with FLSM.

This is the difference VLSM makes — it can mean the difference between fitting your entire network in a /24 versus needing a /23 or larger.

How VLSM Works

VLSM works by creating a subnet hierarchy where larger blocks are subdivided into progressively smaller blocks, always respecting the bit boundaries.

Subnet hierarchy

When you start with a base network like 10.0.0.0/24, VLSM treats it as a pool of addresses and allocates contiguous ranges of the required size. The key rule: once a block is assigned to a subnet, no other subnet may use those addresses.

The process follows a tree-like structure:

graph TB
    Root["10.0.0.0/24 (256 addresses)"]
    Root --> S1["/25 (128) — Largest subnet"]
    Root --> S2["/25 (128) — Reserved for future"]
    S1 --> M1["/26 (64) — Medium subnet"]
    S1 --> M2["/26 (64) — Medium subnet"]
    M1 --> SM1["/27 (32) — Small subnet"]
    M1 --> SM2["/27 (32) — Small subnet"]
    style Root fill:#1559ed,color:#fff
    style S2 fill:#e67e22,color:#fff

Each level of hierarchy corresponds to borrowing one additional bit. The beauty of this structure is that it naturally enables route summarization.

Route summarization

Because VLSM allocates addresses contiguously from the base address, all subnets derived from 10.0.0.0/24 share the same first 24 bits. A router can advertise a single /24 route instead of five individual subnet routes. This shrinks routing tables, reduces CPU load on routers, and speeds up convergence.

Consider this real scenario:

10.0.0.0/25 (Server farm)
10.0.128.0/26 (Office LAN)
10.0.192.0/27 (Lab network)
10.0.224.0/30 (WAN link)

Without VLSM summarization: 4 routes in the routing table. With VLSM summarization: 1 route — 10.0.0.0/24.

Contiguous addressing

VLSM works best when subnets are assigned contiguously — meaning subnet B starts at the address immediately after subnet A ends. Non-contiguous allocation (leaving random gaps) breaks the summarization chain and can fragment your address space. Always allocate from one end of the block moving forward; never skip around.

📐 Use our VLSM Calculator which enforces contiguous allocation automatically — it sorts subnets by size and assigns them sequentially without gaps.

VLSM Subnetting Step by Step

Here is the universal methodology for designing a VLSM plan. This process works for any network size, from a small office to a multi-site enterprise.

Step 1: Gather requirements

List every subnet you need and the number of usable host addresses each requires. Include all point-to-point links, management networks, guest VLANs, and future expansion.

Step 2: Sort by host count (descending)

Order all subnets from largest to smallest host requirement. This is the golden rule of VLSM: allocating large blocks first minimizes fragmentation and preserves contiguous space for smaller subnets that can fit into the remaining gaps.

Step 3: Calculate block size for each subnet

For each subnet, add 2 to the required host count (one for the network address, one for the broadcast address). Then round up to the next power of 2. This is your block size.

Required hosts	+2 for overhead	Next power of 2	CIDR prefix	Usable addresses
1–2	3–4	4	/30	2
3–6	5–8	8	/29	6
7–14	9–16	16	/28	14
15–30	17–32	32	/27	30
31–62	33–64	64	/26	62
63–126	65–128	128	/25	126
127–254	129–256	256	/24	254

Step 4: Assign ranges sequentially

Starting from your base network address, assign each subnet its block in descending size order. The next subnet’s network address equals the previous subnet’s broadcast address plus 1.

Step 5: Document and verify

Record every assignment in a table (network address, CIDR, mask, usable range, broadcast). Verify that no ranges overlap and that all requirements are met. Leave documented gaps for future expansion.

Real-World VLSM Example

Let’s work through a substantial enterprise network. Your company has been assigned the block 172.16.0.0/22 (1024 addresses, 1022 usable) and needs to support the following departments and links:

Department	Hosts required	Purpose
Engineering	300	Workstations, servers, dev environments
Operations	150	Production floor, monitoring
Sales	60	CRM access, laptops, printers
Finance	25	Workstations, accounting systems
Guest WiFi	10	Visitor network (isolated)
WAN Link 1	2	HQ to Data Center
WAN Link 2	2	HQ to Branch Office
WAN Link 3	2	HQ to Cloud VPN

Step 1: Add overhead and sort

Subnet	Real need	+2 overhead	Block size (next power of 2)	CIDR
Engineering	300	302	512	/23
Operations	150	152	256	/24
Sales	60	62	64	/26
Finance	25	27	32	/27
Guest WiFi	10	12	16	/28
WAN Link 1	2	4	4	/30
WAN Link 2	2	4	4	/30
WAN Link 3	2	4	4	/30

Sorted descending: Engineering (/23) → Operations (/24) → Sales (/26) → Finance (/27) → Guest WiFi (/28) → WAN Links 1–3 (/30 each).

Step 2: Allocate sequentially

Starting from 172.16.0.0/22:

1. Engineering — /23 (512 addresses)

Network: 172.16.0.0
Mask: 255.255.254.0
Range: 172.16.0.1 – 172.16.1.254
Broadcast: 172.16.1.255
Next subnet starts at: 172.16.2.0

2. Operations — /24 (256 addresses)

Network: 172.16.2.0
Mask: 255.255.255.0
Range: 172.16.2.1 – 172.16.2.254
Broadcast: 172.16.2.255
Next subnet starts at: 172.16.3.0

3. Sales — /26 (64 addresses)

Network: 172.16.3.0
Mask: 255.255.255.192
Range: 172.16.3.1 – 172.16.3.62
Broadcast: 172.16.3.63
Next subnet starts at: 172.16.3.64

4. Finance — /27 (32 addresses)

Network: 172.16.3.64
Mask: 255.255.255.224
Range: 172.16.3.65 – 172.16.3.94
Broadcast: 172.16.3.95
Next subnet starts at: 172.16.3.96

5. Guest WiFi — /28 (16 addresses)

Network: 172.16.3.96
Mask: 255.255.255.240
Range: 172.16.3.97 – 172.16.3.110
Broadcast: 172.16.3.111
Next subnet starts at: 172.16.3.112

6. WAN Link 1 — /30 (4 addresses)

Network: 172.16.3.112
Mask: 255.255.255.252
Range: 172.16.3.113 – 172.16.3.114
Broadcast: 172.16.3.115
Next subnet starts at: 172.16.3.116

7. WAN Link 2 — /30 (4 addresses)

Network: 172.16.3.116
Mask: 255.255.255.252
Range: 172.16.3.117 – 172.16.3.118
Broadcast: 172.16.3.119
Next subnet starts at: 172.16.3.120

8. WAN Link 3 — /30 (4 addresses)

Network: 172.16.3.120
Mask: 255.255.255.252
Range: 172.16.3.121 – 172.16.3.122
Broadcast: 172.16.3.123
Next subnet starts at: 172.16.3.124

Step 3: Analysis

Total addresses used: 512 + 256 + 64 + 32 + 16 + 4 + 4 + 4 = 892 of 1024
Addresses still available: 172.16.3.124 through 172.16.3.255 (132 addresses) for future subnets or expansion
Unused block: 172.16.4.0/22 through 172.16.255.255 is not part of our /22 — but if the company has more IP space, these are contiguous

💡 You can reproduce this exact example in our VLSM Calculator — enter 172.16.0.0/22 as the base, add the 8 networks with their host counts, and the tool will generate the same optimized plan in seconds.

VLSM Cheat Sheet

A complete reference of CIDR prefixes, subnet masks, and host counts for IPv4. Bookmark this for exam day and real-world network design.

CIDR	Subnet Mask	/24 equivalent	Block size	Total addresses	Usable hosts
/32	255.255.255.255	1/256th	1	1	0 (host route)
/31	255.255.255.254	1/128th	2	2	2 (RFC 3021)
/30	255.255.255.252	1/64th	4	4	2
/29	255.255.255.248	1/32nd	8	8	6
/28	255.255.255.240	1/16th	16	16	14
/27	255.255.255.224	1/8th	32	32	30
/26	255.255.255.192	1/4th	64	64	62
/25	255.255.255.128	1/2	128	128	126
/24	255.255.255.0	1	256	256	254
/23	255.255.254.0	2	512	512	510
/22	255.255.252.0	4	1,024	1,024	1,022
/21	255.255.248.0	8	2,048	2,048	2,046
/20	255.255.240.0	16	4,096	4,096	4,094
/19	255.255.224.0	32	8,192	8,192	8,190
/18	255.255.192.0	64	16,384	16,384	16,382
/17	255.255.128.0	128	32,768	32,768	32,766
/16	255.255.0.0	256	65,536	65,536	65,534
/15	255.254.0.0	512	131,072	131,072	131,070
/14	255.252.0.0	1,024	262,144	262,144	262,142
/13	255.248.0.0	2,048	524,288	524,288	524,286
/12	255.240.0.0	4,096	1,048,576	1,048,576	1,048,574
/11	255.224.0.0	8,192	2,097,152	2,097,152	2,097,150
/10	255.192.0.0	16,384	4,194,304	4,194,304	4,194,302
/9	255.128.0.0	32,768	8,388,608	8,388,608	8,388,606
/8	255.0.0.0	65,536	16,777,216	16,777,216	16,777,214
/7	254.0.0.0	131,072	33,554,432	33,554,432	33,554,430
/6	252.0.0.0	262,144	67,108,864	67,108,864	67,108,862
/5	248.0.0.0	524,288	134,217,728	134,217,728	134,217,726
/4	240.0.0.0	1,048,576	268,435,456	268,435,456	268,435,454
/3	224.0.0.0	2,097,152	536,870,912	536,870,912	536,870,910
/2	192.0.0.0	4,194,304	1,073,741,824	1,073,741,824	1,073,741,822
/1	128.0.0.0	8,388,608	2,147,483,648	2,147,483,648	2,147,483,646
/0	0.0.0.0	16,777,216	4,294,967,296	4,294,967,296	4,294,967,294

Quick reference for common subnet sizes (CCNA essential):

/30 — Point-to-point links (2 usable hosts)
/29 — Small server cluster or management network (6 hosts)
/28 — Small department or IoT segment (14 hosts)
/27 — Medium department or guest network (30 hosts)
/26 — Large department (62 hosts)
/25 — Very large department (126 hosts)
/24 — Standard LAN (254 hosts — the classic)

VLSM Best Practices

1. Plan for growth, not just today

Always leave 20–30% free space in your base block. Departments grow, new VLANs appear, and mergers happen. The 152 free addresses in our earlier /24 example (59% of the block) feel like waste today but are insurance against tomorrow’s redesign.

2. Document your scheme rigorously

Use a spreadsheet, a network documentation tool, or our VLSM Calculator (which exports CSV) to record every assignment. Include network address, CIDR, mask, broadcast, purpose, location, and a contact. Without documentation, a VLSM plan becomes unmanageable within six months.

3. Use route summarization aggressively

Design your VLSM hierarchy so that subnets can be summarized at natural boundaries (/24, /16, /8). For example, if all US offices use 10.1.0.0/16 and all EU offices use 10.2.0.0/16, your core routers only need two routes, not hundreds. This principle — summarize before you advertise — is the difference between a clean network and a routing table disaster.

4. Leave gaps for expansion

When assigning subnets contiguously, consider reserving every Nth block for future use. For example, if you need 6 /28s today, allocate them inside a /26 range and leave the other /26 for growth. This way, expanding a subnet doesn’t require renumbering adjacent networks.

5. Use consistent subnet sizes for similar roles

Standardize: all WAN links get /30, all guest networks get /28, all server VLANs get /25. This makes troubleshooting easier — when you see 172.16.x.116/30, you immediately know it’s a point-to-point link. Consistency reduces human error.

6. Avoid subnet zero confusion

Modern Cisco IOS (12.0 and later) enables ip subnet-zero by default, and the CCNA exam assumes you can use subnet zero. But some legacy equipment still blocks it. Know your equipment and enable subnet zero when possible — VLSM benefits from every available block.

7. Pair VLSM with VLANs

In a switched network, each VLAN should map to exactly one VLSM subnet. This creates a clean 1:1 mapping between Layer 2 segments and Layer 3 subnets, making ACL management, QoS policy application, and troubleshooting straightforward.

Frequently Asked Questions

What is VLSM in networking?

VLSM (Variable Length Subnet Mask) is a subnetting technique that allows a network to be divided into subnets of different sizes by using different subnet mask lengths. Instead of forcing all subnets to use the same prefix length (as in FLSM), VLSM assigns each subnet the smallest mask that provides enough addresses for its hosts. This minimizes wasted IP addresses and is essential for efficient IPv4 address management in modern networks.

Why does VLSM use more bits?

VLSM doesn’t “use more bits” — it uses different numbers of bits for different subnets. In a VLSM design, some subnets may have longer prefixes (more network bits, fewer host bits) and others shorter prefixes (fewer network bits, more host bits). For example, within the same /24 block, you might have a /26 (26 network bits, 6 host bits) for a LAN and a /30 (30 network bits, 2 host bits) for a point-to-point link. The total number of bits is always 32; what changes is the split between network and host portions.

Can VLSM be used with IPv6?

IPv6 does not use the term “VLSM” because the protocol was designed with CIDR from the start. However, the same principle applies: an organization assigned a /48 can allocate /56 subnets to small branch offices, /52 to larger sites, and /64 to individual VLANs. In IPv6, the /64 boundary is mandatory for SLAAC (Stateless Address Autoconfiguration), so the “variable” part applies at the site level (prefix lengths between /48 and /64) rather than within a single subnet. The VLSM mindset — allocate only what you need, document everything, summarize where possible — is even more important in IPv6 due to the sheer address space size.

What is the difference between CIDR and VLSM?

CIDR (Classless Inter-Domain Routing) is the global routing and address allocation standard that replaced classful addressing. It defines how IP addresses are allocated by ISPs and how routes are aggregated in the Internet’s backbone. VLSM (Variable Length Subnet Mask) is the application of CIDR principles within a private network. Think of it this way:

CIDR is the protocol — the rules that allow variable-length prefixes.
VLSM is the technique — how you use those rules to subnet your assigned block.

You cannot do VLSM without CIDR, but CIDR also covers supernetting, route aggregation, and ISP-level allocation, which go beyond VLSM.

How to calculate VLSM manually?

List every subnet and its required usable hosts.
Add 2 to each requirement (for network and broadcast addresses).
Sort subnets in descending order of need.
For each subnet, find the next power of 2 ≥ the adjusted requirement. That’s your block size.
Calculate the CIDR prefix: 32 - log₂(block_size).
Assign ranges sequentially from your base address.
Document everything in a table.

For example, needing 50 hosts → 52 adjusted → 64 block → /26. Needing 2 hosts → 4 adjusted → 4 block → /30. Then assign: 0–63 for the /26, 64–67 for the first /30, 68–71 for the next /30, etc.

⚡ Skip the manual math — use our VLSM Calculator which automates the entire process, sorts subnets automatically, and exports your plan as CSV for documentation.

Conclusion

VLSM subnetting is one of the most practical skills a network engineer can master. It’s the difference between a network that uses 30% of its IP space and one that uses 80%+. It’s the difference between a routing table with 50 entries and one with 5. It’s the difference between “we need more IPs” and “we have room to grow.”

Whether you’re studying for the CCNA, designing a campus network, or planning cloud VPCs on AWS or Azure, VLSM is the tool you’ll reach for every time. The principles are universal: allocate large blocks first, plan for growth, document everything, and summarize aggressively.

Ready to put this into practice?

VLSM Calculator — Enter your host requirements and get an optimized, sorted, contiguous VLSM plan in seconds. Export to CSV for documentation.
Subnet Calculator — For standard FLSM subnetting calculations.
CCNA Study Tip: Practice VLSM by hand at least 10 times with different block sizes. Then verify with our calculator. You’ll internalize the math and ace the exam questions.

Master VLSM, and you master efficient IP design.