Defining Custom Subnet Masks

Consider the example shown below. Although I haven’t associated it with any requirements yet, notice that I have taken the default subnet mask for a Class A address, and have changed it to a custom non-default value. The address now includes not only network and host portions, but also a section that will be used to identify subnets.

Figure: Custom subnet mask including network, subnet, and host portions.

You have probably noticed that the divisions between the different portions of the address are no longer so clearly referenced. The subnet ID is defined by only 4 bits, meaning that it creates a division right in the middle of the second octet! This is an example of why looking at things in binary is so important – in decimal, it is very difficult to get a feeling for where (and how) the division occurs.

It’s time to get some custom masks defined. Let’s start off by going back to our original example. In it, we required at least 3 subnets, with an absolute minimum of 11 hosts per subnet. In order to come up with our custom mask value, we first need to decide which network address to use. I’m going to assume the private network address, which has a default subnet mask of

In this example, we know that the first 8 bits (the complete first octet) define the network. By stealing bits from the host portion of the address (starting at the beginning of the second octet), our custom mask will begin to take shape. But how many bits should we use? Well, for that we have to go back to our requirements, and a tiny bit of math.
We know that we require at least 3 subnets at a minimum. In order to understand how many bits we need to use to define the subnet portion of the address, we need to do a simple calculation. Remember that binary is Base 2. If we use a very simple exponential calculation, we can figure out how many subnets a certain number of bits will provide. In the same way that we subtracted “2” from the number of available hosts on a network, we are also going to subtract 2 from the number of available subnets. Although this is not explicitly required by RFCs, it is recommended by Cisco, so this is the model that we will follow. This will ultimately remove the first and last subnets from our available subnets. In other words, we are removing the subnet defined by all binary 0s, and the subnet defined by all binary 1s. The reason for this is that some older routers will not recognize these are valid subnets.

To find the number of available subnets, calculate the value 2n – 2, where n is the number of bits being “stolen”. For example, using 1 bit is not enough, since 21-2 is 0. Using 2 bits would provide 22-2 subnets, or 2. Using 3 bits would provide 23-2 subnets, or 6. See a pattern developing?

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.