CIDR Calculator
Free CIDR to IP Range Converter
Use our free CIDR calculator to instantly convert CIDR notation to IP ranges. Enter any CIDR block like 192.168.1.0/24 and get the subnet mask, usable hosts, broadcast address, wildcard mask, and full IP range in seconds.
Quick Answer: What Is a CIDR Calculator?
A CIDR calculator converts CIDR notation (like 10.0.0.0/24) into a full IP range with subnet mask, network address, broadcast address, usable hosts, and wildcard mask. CIDR stands for Classless Inter-Domain Routing — the standard way to define IP address blocks for subnetting, firewall rules, AWS VPC planning, and ACL configurations.
Robert Harrison
OSINT & Network Utility Expert
Robert specializes in network architecture, CIDR subnetting, and IP address management. He helps network engineers and cloud architects plan efficient, non-overlapping IP allocations for production environments.
View All Articles by Robert HarrisonWhat Is a CIDR Calculator and Why Do You Need One?
A CIDR calculator is a networking tool that converts CIDR notation into readable IP ranges. When you enter a CIDR block like 10.0.0.0/24, the calculator tells you the exact network address, broadcast address, subnet mask, wildcard mask, total IP addresses, and usable hosts in that block.
CIDR stands for Classless Inter-Domain Routing. It replaced the old classful addressing system in 1993 because the internet was running out of IP addresses. The old system only had three fixed sizes (Class A, B, and C), which wasted millions of IPs. CIDR lets you create any size network by adjusting the prefix length — the number after the slash.
Whether you are setting up an AWS VPC, configuring firewall rules, planning a corporate LAN, or studying for your CCNA certification, a CIDR calculator saves you from manual binary math and prevents expensive subnetting mistakes.
Key Fact: According to Wikipedia's CIDR documentation, Classless Inter-Domain Routing was introduced in 1993 via RFC 1518 and RFC 1519 to slow the exhaustion of IPv4 addresses and reduce the size of global routing tables.
How Does CIDR Notation Work? The Slash Explained
Every CIDR address has two parts: the IP address and the prefix length (the number after the slash). The prefix tells you how many of the 32 bits in an IPv4 address are locked for the network portion. The remaining bits are available for hosts.
Breaking Down 192.168.1.0/24
- IP Address: 192.168.1.0 — this is the starting point of the network
- Prefix /24: The first 24 bits (3 octets) define the network. The last 8 bits (1 octet) define the hosts.
- Subnet Mask: /24 equals 255.255.255.0 in dotted decimal notation
- Total IPs: 2^8 = 256 addresses (from .0 to .255)
- Usable Hosts: 256 minus 2 = 254 usable hosts (subtract network address and broadcast address)
The key concept is simple: a bigger prefix number means a smaller network. A /32 is a single IP. A /24 is 254 usable hosts. A /16 is 65,534 usable hosts. And a /8 gives you over 16 million.
Easy Memory Trick: For every bit you remove from the prefix, you double the number of hosts. Going from /25 (126 hosts) to /24 (254 hosts) doubles the size. Going from /24 to /23 (510 hosts) doubles it again.
Complete CIDR Cheat Sheet: All Subnet Sizes at a Glance
This CIDR cheat sheet shows every common prefix length, the matching subnet mask, how many total IPs and usable hosts each block contains, and the typical use case for each size.
| CIDR | Subnet Mask | Total IPs | Usable Hosts | Common Use |
|---|---|---|---|---|
| /32 | 255.255.255.255 | 1 | 1 | Single host, firewall rule |
| /31 | 255.255.255.254 | 2 | 2 | Point-to-point link (RFC 3021) |
| /30 | 255.255.255.252 | 4 | 2 | Router-to-router link |
| /28 | 255.255.255.240 | 16 | 14 | Small office, DMZ segment |
| /24 | 255.255.255.0 | 256 | 254 | Standard office LAN, cloud subnet |
| /22 | 255.255.252.0 | 1,024 | 1,022 | Medium enterprise campus |
| /20 | 255.255.240.0 | 4,096 | 4,094 | Large data center tier |
| /16 | 255.255.0.0 | 65,536 | 65,534 | AWS VPC, large ISP allocation |
| /8 | 255.0.0.0 | 16.7M | 16.7M | Internet backbone, ISP block |
For detailed subnet breakdowns beyond this table, use our dedicated Subnet Calculator Tool which supports VLSM (Variable Length Subnet Masking).
The "Subtract 2" Rule: Network Address and Broadcast Address
You will notice our CIDR calculator shows two numbers: total IPs and usable hosts. The difference is always 2 (except for /31 and /32 special cases). Here is why:
Two Reserved Addresses in Every Subnet
- Network Address (first IP): This identifies the subnet itself. Devices use it for routing decisions. You cannot assign it to a host. Example: in 192.168.1.0/24, the network address is 192.168.1.0.
- Broadcast Address (last IP): This address sends data to every device in the subnet simultaneously. Example: in 192.168.1.0/24, the broadcast address is 192.168.1.255.
The Usable Hosts Formula
The formula is: Usable Hosts = 2^(32 minus prefix) minus 2. For a /24: 2^8 = 256 total, minus 2 = 254 usable hosts. For a /16: 2^16 = 65,536 total, minus 2 = 65,534 usable hosts.
Cloud Exception: In AWS, Amazon reserves 5 IPs per subnet (not 2). These include the network address, VPC router, DNS server, future use, and broadcast address. So a /24 in AWS gives only 251 usable hosts, not 254. Azure reserves 5 as well. Plan accordingly using our CIDR calculator.
CIDR for AWS, Azure, and Google Cloud: VPC Planning Guide
If you are building cloud infrastructure, CIDR is your primary planning tool. Every VPC (Virtual Private Cloud) in AWS, Azure, or Google Cloud requires a CIDR block assignment at creation time — and you cannot change it later without rebuilding.
Best CIDR Blocks for AWS VPC
- VPC Foundation: Use 10.0.0.0/16 — this gives you 65,534 usable IPs to subnet into tiers
- Web Tier: 10.0.1.0/24 — 251 hosts (after AWS reserves 5)
- App Tier: 10.0.2.0/24 — separate subnet for application servers
- Database Tier: 10.0.3.0/24 — private subnet with no internet access
Always leave gap space between your subnets. If you pack them too tight, you cannot expand a tier later without rebuilding the entire VPC. To understand how IP addresses work at the binary level for proper CIDR planning, use our IP to Binary Converter.
How the CIDR Calculator Works: Bitwise AND Logic Explained
Behind the clean interface, our CIDR calculator performs bitwise AND operations to find the network address. Here is the exact process:
Step-by-Step Calculation for 192.168.1.55/24
# Step 1: Convert IP to binary
192.168.1.55 = 11000000.10101000.00000001.00110111
# Step 2: Create the subnet mask from /24
/24 mask = 11111111.11111111.11111111.00000000
# Step 3: Bitwise AND to get network address
Network = 11000000.10101000.00000001.00000000
= 192.168.1.0
# Step 4: Invert mask for broadcast (bitwise OR with wildcard)
Broadcast = 11000000.10101000.00000001.11111111
= 192.168.1.255
This is why our CIDR calculator works correctly even when you enter a host IP instead of the network address. The bitwise AND operation always finds the true network start. For IPv6 address formatting, use our IPv6 Address Expansion Tool.
What Is a Wildcard Mask and How Is It Used?
A wildcard mask is the mathematical inverse of a subnet mask. Where the subnet mask uses 1s to mark the network bits and 0s for host bits, the wildcard mask flips them — 0s mark "must match" bits and 1s mark "don't care" bits.
Wildcard Mask Calculation
- /24 Subnet Mask: 255.255.255.0 → Wildcard: 0.0.0.255
- /16 Subnet Mask: 255.255.0.0 → Wildcard: 0.0.255.255
- /28 Subnet Mask: 255.255.255.240 → Wildcard: 0.0.0.15
Where Are Wildcard Masks Used?
- Cisco ACLs (Access Control Lists): Cisco routers use wildcard masks instead of subnet masks in ACL rules to define which IPs are permitted or denied.
- OSPF Routing: When configuring OSPF network statements, you specify the wildcard mask to define which interfaces participate.
- Firewall Rules: Some firewall vendors use wildcard masks for more flexible IP matching than standard subnet masks allow.
Our CIDR calculator automatically calculates the wildcard mask for every CIDR block you enter, saving you from error-prone manual bit flipping. For verifying how your firewall handles these rules, check open ports using our Open Port Scanner Tool and test your connection latency with our Network Ping Test Tool.
CIDR vs Classful Addressing: Why the Old System Failed
Before CIDR, the internet used classful addressing — a rigid system where IP blocks came in only three fixed sizes:
| Class | Range | Default Mask | Hosts | Problem |
|---|---|---|---|---|
| Class A | 1.0.0.0 - 126.255.255.255 | /8 | 16.7 million | Way too large for most organizations |
| Class B | 128.0.0.0 - 191.255.255.255 | /16 | 65,534 | Still too large, wasted IPs |
| Class C | 192.0.0.0 - 223.255.255.255 | /24 | 254 | Often too small for growing companies |
A company needing 500 IP addresses had to buy a Class B with 65,534 IPs — wasting over 65,000 addresses. CIDR solved this by letting you use any prefix length. A /23 gives exactly 510 usable hosts — perfect for that 500-device company with room to grow.
Supernetting and Route Aggregation: Combining CIDR Blocks
Supernetting (also called route aggregation or CIDR aggregation) is the opposite of subnetting. Instead of splitting a large network into smaller pieces, you combine multiple smaller CIDR blocks into one larger advertisement to reduce routing table size.
Supernetting Example
# Four separate /24 blocks:
192.168.0.0/24 (192.168.0.0 - 192.168.0.255)
192.168.1.0/24 (192.168.1.0 - 192.168.1.255)
192.168.2.0/24 (192.168.2.0 - 192.168.2.255)
192.168.3.0/24 (192.168.3.0 - 192.168.3.255)
# Combined into one /22 supernet:
192.168.0.0/22 (192.168.0.0 - 192.168.3.255)
# 4 routing entries → 1 routing entry
ISPs use supernetting extensively to keep global routing tables manageable. Without it, every router on the internet backbone would need millions more entries, increasing memory costs and routing latency. To look up the ISP behind any IP address, use our MAC Address Lookup Tool. For investigating domain registrations of hosting providers, try our Reverse DNS Lookup Tool.
CIDR in Security: Firewall Rules, ACLs, and Zero Trust
CIDR notation is the language of firewall rules and security groups. Every major firewall, cloud provider, and ACL system uses CIDR to define which IP addresses are allowed or denied access.
Common Security CIDR Patterns
- 0.0.0.0/0: Matches ALL IPs on the entire internet. Use with extreme caution — opening SSH or RDP to 0.0.0.0/0 exposes your server to every attacker on earth.
- 10.0.0.0/8: Matches all private RFC 1918 IPs in the 10.x.x.x range. Common for internal-only firewall rules.
- Single IP/32: Matches exactly one IP address. The tightest possible rule — ideal for whitelisting your office IP.
For maximum security, use the tightest CIDR range possible. If your office has 5 IPs, use a /29 (6 usable) instead of a /24 (254). To check if an IP is already flagged for abuse, use our IP Fraud Score Analysis Tool and IP Blacklist Reputation Checker. For detecting Tor exit nodes that may be testing your firewall rules, use our Tor Exit Node Detector. And to verify HTTP request integrity, try our HTTP Headers Analyzer.
Private IP Address Ranges: RFC 1918 CIDR Blocks
Three CIDR blocks are reserved for private use and are never routed on the public internet. These are defined in RFC 1918 and are used for internal networks, home routers, and cloud VPCs.
| CIDR Block | Range | Total IPs | Typical Use |
|---|---|---|---|
| 10.0.0.0/8 | 10.0.0.0 - 10.255.255.255 | 16.7 million | Large enterprises, cloud VPCs |
| 172.16.0.0/12 | 172.16.0.0 - 172.31.255.255 | 1.05 million | Docker networks, medium companies |
| 192.168.0.0/16 | 192.168.0.0 - 192.168.255.255 | 65,536 | Home routers, small office LANs |
To identify whether a suspicious IP is private or public, use our IP Geolocation Lookup Tool. For investigating the registration details behind a public IP, try our WHOIS Domain Lookup.
CIDR and IPv6: Subnetting the 128-Bit Address Space
CIDR notation works identically for IPv6 as it does for IPv4 — but the scale is astronomically larger. IPv4 uses 32-bit addresses (about 4.3 billion total). IPv6 uses 128-bit addresses (about 340 undecillion).
Common IPv6 CIDR Blocks
- /128: Single IPv6 host — equivalent to IPv4's /32
- /64: Standard IPv6 subnet — contains 18 quintillion addresses. This is what ISPs assign to home users.
- /48: Standard site allocation — allows 65,536 individual /64 subnets
- /32: ISP allocation — enough for 4 billion /64 subnets
To format and expand IPv6 addresses correctly, use our IPv6 Address Expansion Tool. For converting IP addresses to binary format for manual CIDR calculations, try our IP to Binary Converter. You can also test your full connection security with our Browser Privacy Leak Checker, SSL Certificate Checker, and Internet Speed Test.
CIDR Calculator: Frequently Asked Questions
What is a CIDR calculator?
A CIDR calculator converts CIDR notation (like 192.168.1.0/24) into a detailed breakdown showing the network address, broadcast address, subnet mask, wildcard mask, total IPs, and usable hosts.
How do I convert CIDR to IP range?
Enter your CIDR block into our free CIDR calculator. It performs a bitwise AND between the IP and subnet mask to find the network address, then calculates the broadcast address to determine the full IP range.
How many usable hosts are in a /24 subnet?
A /24 subnet contains 256 total IPs. Subtract 2 for the network address and broadcast address, giving 254 usable hosts. In AWS, it is 251 because Amazon reserves 5 IPs per subnet.
What is the difference between CIDR and a subnet mask?
CIDR uses slash notation (/24) while a subnet mask uses dotted decimal (255.255.255.0). They express the same information. /24 equals 255.255.255.0. Both define the boundary between network bits and host bits.
What is a wildcard mask used for?
A wildcard mask is the inverse of a subnet mask. It is used in Cisco ACL rules and OSPF routing configurations. For /24, the subnet mask is 255.255.255.0 and the wildcard mask is 0.0.0.255.
What CIDR block should I use for AWS VPC?
Use 10.0.0.0/16 for your main VPC (65,534 usable IPs). Then divide into /24 subnets for each tier. AWS reserves 5 IPs per subnet, so a /24 gives 251 usable hosts. Leave gap space between subnets for future expansion.
Can CIDR blocks overlap?
In a single routing table, overlapping CIDR blocks cause conflicts. Routers use the longest prefix match to resolve them. In cloud networking, overlapping CIDRs prevent VPC peering and VPN connections entirely. Always plan non-overlapping CIDR ranges.
What is the difference between CIDR and classful addressing?
Classful addressing only had fixed Class A (16M hosts), Class B (65K), and Class C (254). CIDR replaced this in 1993 with variable-length prefix notation. CIDR lets you create any size network, from a single /32 host to a /8 with millions of IPs.
Related Network Planning Tools
Complete your network architecture with our free toolkit.
Calculate Your CIDR Block Now
Free CIDR to IP Range Converter
Convert any CIDR notation to a full IP range with subnet mask, usable hosts, and wildcard mask. Our free CIDR calculator works instantly — perfect for AWS VPC planning, firewall rules, and network architecture.