Understanding CIDR Subnet Mask Notation¶
pfSense® software uses CIDR (Classless Inter-Domain Routing) notation rather
than the common subnet mask 255.x.x.x when configuring addresses and
networks. Refer to the CIDR Subnet Table to find the CIDR
equivalent of a decimal subnet mask.
Subnet Mask |
CIDR Prefix |
Total IP Addresses |
Usable IP Addresses |
Number of /24 networks |
|---|---|---|---|---|
255.255.255.255 |
/32 |
1 |
1 |
1/256th |
255.255.255.254 |
/31 |
2 |
2* |
1/128th |
255.255.255.252 |
/30 |
4 |
2 |
1/64th |
255.255.255.248 |
/29 |
8 |
6 |
1/32nd |
255.255.255.240 |
/28 |
16 |
14 |
1/16th |
255.255.255.224 |
/27 |
32 |
30 |
1/8th |
255.255.255.192 |
/26 |
64 |
62 |
1/4th |
255.255.255.128 |
/25 |
128 |
126 |
1 half |
255.255.255.0 |
/24 |
256 |
254 |
1 |
255.255.254.0 |
/23 |
512 |
510 |
2 |
255.255.252.0 |
/22 |
1024 |
1022 |
4 |
255.255.248.0 |
/21 |
2048 |
2046 |
8 |
255.255.240.0 |
/20 |
4096 |
4094 |
16 |
255.255.224.0 |
/19 |
8192 |
8190 |
32 |
255.255.192.0 |
/18 |
16,384 |
16,382 |
64 |
255.255.128.0 |
/17 |
32,768 |
32,766 |
128 |
255.255.0.0 |
/16 |
65,536 |
65,534 |
256 |
255.254.0.0 |
/15 |
131,072 |
131,070 |
512 |
255.252.0.0 |
/14 |
262,144 |
262,142 |
1024 |
255.248.0.0 |
/13 |
524,288 |
524,286 |
2048 |
255.240.0.0 |
/12 |
1,048,576 |
1,048,574 |
4096 |
255.224.0.0 |
/11 |
2,097,152 |
2,097,150 |
8192 |
255.192.0.0 |
/10 |
4,194,304 |
4,194,302 |
16,384 |
255.128.0.0 |
/9 |
8,388,608 |
8,388,606 |
32,768 |
255.0.0.0 |
/8 |
16,777,216 |
16,777,214 |
65,536 |
254.0.0.0 |
/7 |
33,554,432 |
33,554,430 |
131,072 |
252.0.0.0 |
/6 |
67,108,864 |
67,108,862 |
262,144 |
248.0.0.0 |
/5 |
134,217,728 |
134,217,726 |
1,048,576 |
240.0.0.0 |
/4 |
268,435,456 |
268,435,454 |
2,097,152 |
224.0.0.0 |
/3 |
536,870,912 |
536,870,910 |
4,194,304 |
192.0.0.0 |
/2 |
1,073,741,824 |
1,073,741,822 |
8,388,608 |
128.0.0.0 |
/1 |
2,147,483,648 |
2,147,483,646 |
16,777,216 |
0.0.0.0 |
/0 |
4,294,967,296 |
4,294,967,294 |
33,554,432 |
Note
The use of /31 networks is a special case defined by RFC 3021 where
the two IP addresses in the subnet are usable for point-to-point links to
conserve IPv4 address space. Not all operating systems support RFC 3021,
so use it with caution. On systems that do not support RFC 3021, the
subnet is unusable because the only two addresses defined by the subnet mask
are the null route and broadcast and no usable host addresses.
pfSense software supports the use of /31 networks for interfaces and
Virtual IP addresses.
Where do CIDR numbers come from?¶
The CIDR number comes from the number of ones in the subnet mask when converted to binary.
The subnet mask 255.255.255.0 is 11111111.11111111.11111111.00000000 in
binary. This adds up to 24 consecutive ones, or /24 (pronounced “slash
twenty four”).
A subnet mask of 255.255.255.192 is 11111111.11111111.11111111.11000000
in binary, or 26 ones, hence /26.