Just another Cisco blog
Secondary IP Addresses
This is going to be a short post. I feel guilty for neglecting my blog (stupid ITIL), so I’m throwing this one together real quick.
There was a thread on Tech Exams recently, the poster was trying to figure out how to connect two subnets to a single Ethernet interface on a router. This was due to changing the address scheme within his company. Here’s what it looked like:
Very simple topology. The PC is part of the new address scheme and the printer is using a static IP from the old scheme. One of the easiest solutions here is to use a secondary IP on the Fa0/0 interface of R1. Here’s how it works:
EDGE(config)#int fa0/0 EDGE(config-if)#ip add 192.168.10.1 255.255.255.0 EDGE(config-if)#ip add 10.1.1.1 255.255.255.0 secondary |
Very simple commands. Let’s verify:
interface FastEthernet0/0 ip address 10.1.1.1 255.255.255.0 secondary ip address 192.168.10.1 255.255.255.0 |
It worked, the interface now has two IPs. Now we would just configure the IPs on the hosts (or DHCP server) using the proper subnet and gateway. Once the hosts are configured, everything will work as desired.
One thing to keep in mind, secondary IPs do not appear in the output of “sh ip int b”, but the secondary network will be shown with “sh ip route”:
EDGE#sh ip int b fa0/0
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.10.1 YES manual up up
EDGE#sh ip route 10.1.1.0
Routing entry for 10.1.1.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via FastEthernet0/0
Route metric is 0, traffic share count is 1 |
Remembering that secondary IPs do not appear in “sh ip int b” can be important for troubleshooting.
Last we’ll verify that the gateways are pingable:
EDGE#ping 192.168.10.1 Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms EDGE#ping 10.1.1.1 Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms |
That’s it for this one. Secondary IPs are a simple concept, but many people are not exposed to them. We use them quite a bit in my company at a lot of remote sites. It’s kind of a hack job, but they can be pretty useful.
Related Posts:
| Print article | This entry was posted by Colby on July 25, 2010 at 10:55 am, and is filed under Tutorials. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
about 1 month ago
Excellent post! But it should be noted that if network security is important, or broadcast traffic needs to be managed, than VLANs is the way to go. Although one thing comes to mind, if you wanted to run a routing protocol could you advertise both networks?
i.e.
router rip
network 192.168.10.0
network 10.0.0.0
about 1 month ago
You can use secondary IPs to peer with EIGRP, but not OSPF. You should be able to advertise secondary networks with both. Not sure about RIP, never tried.
about 1 month ago
A few tidbits for secondaries:
Traffic between two hosts on the connected LAN but in e two networks will go via the router. This often catches non network folks and those running firewalls – local traffic on the outside interface.
DHCP relay will come from the primary address (I think there’s an IOS command to alter this behaviour).
For IPv6 there’s no secondary keyword. All v6 addresses are created equal!
HTH,
Oliver.
about 1 month ago
Colby, if i remember correctly EIGRP sources it’s packets only from primary addresses not secondary, so its impossible to establish neighborship over the secondary addresses. Technically you could “network x.x.x.x” only the secondary addresses and your neighborship would come up but only if both routers believe they are on the same subnet from primary address point of view.
about 1 month ago
The network statement is using secondary IPs. I suppose it comes down to semantics. The neighbor is seen by it’s primary IP, but we’re sort of using secondary IPs.
about 1 month ago
yes, it would be fair to put it to the semantics because secondary addresses are taking a huge role in the neighborship forming. “Network x.x.x.x” just triggers the router to start advertise Hello packets out of the corresponding interface, all the rest neighborship is formed using primary addresses.
p.s. And you said one small n easy post about the secondary addresses. Not so trivial actually
about 1 month ago
Haha. The post itself was trivial. Leave it to the comments to get interesting.