Carving a network into equal-size subnets wastes addresses. A point-to-point link with two routers does not need the same block you hand a 60-user LAN, yet fixed-length subnetting gives every segment the same mask. VLSM, variable-length subnet masking, fixes that: you size each subnet to the hosts it actually needs and pack them into one network with no gaps.
This guide shows how to subnet by host requirements, then works a full VLSM design end to end: choosing each mask, allocating in the right order, checking for overlap, adding a subnet later, and confirming the result in a Cisco routing table. It assumes you can already subnet by network requirements; VLSM is the next step on the CCNA 200-301 path. Every subnet below was allocated and overlap-checked by hand in June 2026.
Subnet by host requirements
When the requirement is “this segment needs N hosts,” pick the smallest mask where 2 to the power of the host bits, minus 2, is at least N. The minus 2 removes the network and broadcast addresses. Borrow the fewest host bits that still satisfy the requirement, which leaves the most space for everything else.
| Hosts needed | Host bits | Usable (2^H minus 2) | Mask (from a /24) |
|---|---|---|---|
| 2 | 2 | 2 | /30 |
| up to 6 | 3 | 6 | /29 |
| up to 14 | 4 | 14 | /28 |
| up to 30 | 5 | 30 | /27 |
| up to 62 | 6 | 62 | /26 |
| up to 126 | 7 | 126 | /25 |
What VLSM is, and what it is not
VLSM means using more than one subnet mask within the same classful network. Splitting 192.168.10.0/24 into a /25, two /26s, and a /30 is VLSM. Using different masks on different networks is just ordinary classless addressing, not VLSM. There is no IOS command that turns VLSM on; it happens automatically when you assign different masks to interfaces inside one network.
The catch the exam tests is routing-protocol support. A protocol can only carry VLSM if it advertises the mask with every route. Classful RIPv1 does not, so it cannot.
| Routing protocol | Supports VLSM? | Why |
|---|---|---|
| RIPv1 | No | Classful: does not send the mask, auto-summarizes at classful boundaries |
| RIPv2 | Yes | Sends the mask with each route |
| OSPFv2 | Yes | Classless: mask carried per route |
| EIGRP | Yes | Classless: mask carried per route |
Allocate the largest subnet first
The one rule that prevents most VLSM mistakes: allocate the subnet with the most hosts first, then the next largest, down to the /30 links last. A large subnet needs a large contiguous block aligned to its mask boundary. If you hand out small subnets first, you can chop up the address space so no aligned block is left for the big one. Place the biggest rooms first; the closets fit in the space that remains.
A VLSM design worked end to end
Take 10.0.0.0/24 and four segments: LAN-A needs 100 hosts, LAN-B needs 60, LAN-C needs 20, and a WAN link needs 2. Sort them largest to smallest, choose each mask from the host-requirement rule, then allocate from 10.0.0.0 upward, each subnet starting right after the previous one’s broadcast.
LAN-A (100 hosts) takes a /25, which starts at 10.0.0.0 and ends at 10.0.0.127. LAN-B (60) takes a /26 starting at the next free address, 10.0.0.128. LAN-C (20) takes a /27 at 10.0.0.192. The WAN link (2) takes a /30 at 10.0.0.224. Here is the full allocation:
| Segment | Hosts | Mask | Subnet ID | Usable range | Broadcast |
|---|---|---|---|---|---|
| LAN-A | 100 | /25 | 10.0.0.0 | 10.0.0.1 to 10.0.0.126 | 10.0.0.127 |
| LAN-B | 60 | /26 | 10.0.0.128 | 10.0.0.129 to 10.0.0.190 | 10.0.0.191 |
| LAN-C | 20 | /27 | 10.0.0.192 | 10.0.0.193 to 10.0.0.222 | 10.0.0.223 |
| WAN | 2 | /30 | 10.0.0.224 | 10.0.0.225 to 10.0.0.226 | 10.0.0.227 |
Four segments fit inside a single /24 with room to spare, and not one address is wasted on the WAN link. Fixed-length subnetting would have forced every segment onto a /25 and run out of space after two.
Check for overlapping subnets
Two subnets overlap when one’s address range falls inside another’s. The check is three steps: compute each subnet ID, compute its broadcast (subnet ID plus 2 to the power of the host bits, minus 1), then confirm the next subnet’s ID is greater than the previous broadcast. In the design above, each broadcast (.127, .191, .223, .227) is lower than the next subnet ID (.128, .192, .224), so nothing overlaps.
The classic mistake: sizing LAN-C as 10.0.0.96/27 instead of 10.0.0.192/27. That /27 spans 10.0.0.96 to 10.0.0.127, which sits inside LAN-A’s 10.0.0.0/25 range (10.0.0.0 to 10.0.0.127). The two overlap, and IOS rejects the second address with an “overlaps with” error. Always check the new subnet’s range against every subnet already assigned.
Add a subnet to an existing design
Requirements change, and VLSM is built for it. Suppose LAN-D appears later and needs 10 hosts. Ten hosts needs 14 usable, which is a /28. Find the lowest /28 that does not overlap anything already used. The /28 blocks fall on multiples of 16: 10.0.0.192 and 10.0.0.208 sit inside LAN-C’s /27 (10.0.0.192 to 10.0.0.223), and 10.0.0.224 holds the WAN /30. The first /28 that is fully free is therefore 10.0.0.240.
| Segment | Hosts | Mask | Subnet ID | Usable range | Broadcast |
|---|---|---|---|---|---|
| LAN-D | 10 | /28 | 10.0.0.240 | 10.0.0.241 to 10.0.0.254 | 10.0.0.255 |
LAN-D slots into the gap between the WAN link and the end of the /24 without disturbing any existing subnet. That is the whole point of planning largest-first: the leftover space stays usable.
Confirm VLSM in the routing table
Once the five subnets are live on a router, show ip route groups them under their classful parent and prints a header line that proves VLSM is active:
10.0.0.0/8 is variably subnetted, 5 subnets, 5 masksRead it literally: five subnets of the 10.0.0.0 network are installed, and they use five different mask lengths (/25, /26, /27, /28, and /30). The counts track whatever is actually configured, so before LAN-D was added the same line would read “4 subnets, 4 masks”. The phrase “variably subnetted” is the routing table confirming VLSM is in use. If a network is ever summarized back to /8, a classful protocol such as RIPv1 is the usual cause.
Practice VLSM
VLSM is a calculation skill, so drill it. Use the trainer for the underlying network and broadcast math, then the quiz for the VLSM-specific decisions: mask choice by host count, allocation order, overlap, and protocol support.
The questions below check the VLSM judgement calls, each with a worked explanation.
VLSM quick-reference card
Keep this beside you while you practice. It is the whole method in six lines.
| Rule | What it does |
|---|---|
| 2^H minus 2 is at least N | Pick the mask: H host bits for N hosts |
| Allocate largest first | Biggest subnet, then down to the /30 links |
| Start after the last broadcast | Next subnet ID is the previous broadcast plus 1 |
| Overlap check | Next subnet ID must be above the previous broadcast |
| Protocol support | RIPv2, OSPFv2, EIGRP yes; RIPv1 no |
| “variably subnetted” in show ip route | Confirms VLSM is active |
With VLSM in hand, addressing stops being a source of wasted space and overlap errors, and you are ready for the routing topics that assume a clean, efficient address plan. For every mask, host count, and wildcard on one page, keep the subnetting cheat sheet within reach.
