Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
Entry № 1236

Subnet

Reviewed byCybersecurity entrepreneur & security researcher

What is Subnet?

SubnetA contiguous range of IP addresses that share a common prefix, defining a single broadcast domain and routing boundary on a network.


A subnet (subnetwork) groups IP addresses that share the most significant bits of their address into a single layer-3 network. Subnetting was formalised in RFC 950 (1985), which split the rigid Class A/B/C scheme into network and host portions defined by a subnet mask; RFC 4632 later generalised this into classless CIDR with arbitrary prefix lengths such as /24 or /27, and RFC 1918 reserved 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 for private use. Hosts in the same subnet communicate directly via ARP or IPv6 Neighbor Discovery; traffic to other subnets is forwarded through a router. Variable-Length Subnet Masking (VLSM) lets one prefix be carved into right-sized blocks to conserve addresses.

In security architecture the subnet is the natural boundary for VLANs, ACLs, firewall rules, and microsegmentation, and it bounds the blast radius of layer-2 attacks like ARP spoofing, which cannot cross a routed boundary. Flat, oversized subnets are a recurring root cause in breach reports: once an attacker lands on one host, an unsegmented /16 lets them sweep and pivot freely. The 2013 Target breach is a textbook case — attackers reached payment systems because the network lacked segmentation between the vendor-facing and card-processing zones. Overlapping or mis-routed subnets that bridge trust zones are an equally common lateral-movement risk.

flowchart TB
  R[Router / Layer-3 firewall]
  R --> A[10.1.10.0/24<br/>Production servers]
  R --> B[10.1.20.0/24<br/>User workstations]
  R --> C[10.1.30.0/24<br/>Build agents]
  A -.ACL denies.- C
  B -.ACL denies.- A

Examples

  1. 01

    The /24 subnet 10.1.20.0/24 contains 256 addresses, with 10.1.20.255 reserved as broadcast.

  2. 02

    Production servers live in 10.1.10.0/24 while build agents are isolated in 10.1.30.0/24.

Frequently asked questions

What is Subnet?

A contiguous range of IP addresses that share a common prefix, defining a single broadcast domain and routing boundary on a network. It belongs to the Network Security category of cybersecurity.

What does Subnet mean?

A contiguous range of IP addresses that share a common prefix, defining a single broadcast domain and routing boundary on a network.

How do you defend against Subnet?

Defences for Subnet typically combine technical controls and operational practices, as detailed in the full definition above.

What are other names for Subnet?

Common alternative names include: Subnetwork, IP subnet.

Related terms

See also