What Is CIDR Notation? Explained with Examples
Learn what CIDR notation means, how slash prefixes like /24 and /27 define IP ranges, and how CIDR relates to subnet masks and routing.
Tools For This Topic
What CIDR notation means
CIDR stands for Classless Inter-Domain Routing. CIDR notation is a compact way to describe an IP network and its size by writing an address followed by a slash and a prefix length, such as 192.168.1.0/24.
The number after the slash tells you how many bits belong to the network portion of the address. The remaining bits are available for host addresses inside that network.
What the slash number tells you
A larger prefix means a smaller network. For example, a /24 leaves 8 host bits and creates a larger pool than a /27, which leaves only 5 host bits.
192.168.1.0/24 -> 256 total addresses, 254 usable hosts
192.168.1.0/27 -> 32 total addresses, 30 usable hosts
192.168.1.0/30 -> 4 total addresses, 2 usable hostsThose host counts describe the common everyday IPv4 model. Very small prefixes such as /31 and /32 are special cases, so do not assume the same subtract-two rule applies everywhere.
CIDR and subnet masks
CIDR and subnet masks describe the same boundary in different formats. CIDR is more compact, while subnet masks are written in dotted decimal notation.
- /24 equals 255.255.255.0
- /25 equals 255.255.255.128
- /27 equals 255.255.255.224
- /30 equals 255.255.255.252
Why CIDR is used in practice
- Cloud network design in AWS, Azure, and Google Cloud
- Firewall rules and IP allow lists
- Routing tables and summarised route advertisements
- VPN and private network configuration
- Subnet planning and documentation
CIDR matters because network boundaries affect reachability, segmentation, security policy, and address utilisation. Choosing the wrong prefix can create overlapping networks or waste address space.
Common CIDR mistakes
- Assuming /24 always means the default or correct subnet size
- Confusing total addresses with usable host addresses
- Forgetting that smaller slash numbers represent larger networks
- Using overlapping CIDR ranges across VPN, office, and cloud environments
- Copying a CIDR block into firewall rules without checking the exact boundary
How to read a CIDR block quickly
A quick rule of thumb is to focus on the prefix size before anything else. Smaller slash numbers mean larger networks, while larger slash numbers mean smaller and more specific ranges. That one habit helps prevent many firewall and routing mistakes.
It also helps to convert the CIDR block into both a subnet mask and a host count in your head. If you can recognise that /24 is 255.255.255.0 and /27 is 255.255.255.224, you can usually reason about the rest of the range much faster.
Use These DNS Pro Tools
If you want to validate this topic in practice, these DNS Pro tools are the fastest next step.
Related Tools
Related Articles
What Is a Subnet Mask? Explained Clearly
Learn what a subnet mask does, how it separates network and host portions of an IPv4 address, and how it relates to CIDR and usable ranges.
Private vs Public IP Addresses Explained
Learn the difference between private and public IP addresses, how special-use ranges fit in, and why correct IP classification matters in troubleshooting.
What Is APIPA? 169.254.x.x Explained
Learn what APIPA means, why devices assign 169.254.x.x addresses, what it says about DHCP problems, and how to troubleshoot a link-local IP quickly.