Secondary IP addressing

[StarTAC]

hi all...

i was wondering whether there are any problems or inefficiencies associated with having multiple IP addresses on an interface [problems not relating to routing protocols].... which is secondary IP addressing...

i read this some place, but no explanation was given on why it's inefficient...

i appreciate all insight...

 

[svermill]

Well, one bad thing is that if a machine on a shared ethernet segment needs to talk to a machine on that same segment, but the machines are in different subnets, the traffic has to go from machine A to the router and then right back on the same segment to machine B. There can't be any direct communication between the subnets without the router. Thus, every frame gets sent twice. There are also other little "gotchas" that come up from time to time. I seem to recall that one of them is that two routers won't form an adjaceny on the secondary address. That can be a problem.

I've read that Cisco is disconinuing support for secondary interfaces but I don't know if it's really true.

 

[l3stuff]

it breaks routing protocols, it breaks ICMP redirect, it's grossly inefficient, it was added for Nortel back when they were a phone company because Pierre Fortin was migrating from one address plan to another. Lot's of people use it, but shouldn't. Cabletron (remember them) actually tried to turn it into a feature for "Secure Fast VPNS" Blah, humbug

 

[ccie9545]

for what purpose are you thinking about using secondary addressing? Erik Rudnick, CCIE No. 9545
mailto:erik@kuriosity.com

 

[StarTAC]

well, i have a router, with 2 fast ethernet interfaces.. i have a class C network that i need to breakup into several subnets...

i have a switch which i am segmenting into VLANs, so inter-VLAN routing will also be a requirement....

is there any other feasible way i can have all subnets connected on a router without having to assign secondary IP addresses to the fast ethernet interfaces on the router..?..

all help appreciated...

 

[StarTAC]

i have been thinking, and perhaps i can use sub-interfaces on the ethernet interface, so i place each subnet on its own sub-interface...

i have tried doing this on my 2611 router, and i get the error...

"Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN".

on trying to enable 802.1q encapsulation on the sub-interface, i don't seem to have the encapuslation command available to me...

i am running IOS 12.2(11)T2 IP ... do i need to use another version of the IOS, such as IP PLUS, or is there something i am missing....?..

overall, is this the best alternative to secondary IP addressing...?..

all help appreciated...

 

[ChrisAC]

I've found secondary addresses to be very useful on a temporary basis when changing a customers IP range. When we have a customer that has applied for a new IP range and need to reconfigure firewalls, servers etc, we used to arrange a time to go down to the site and reconfigure the router and have the new range re-pointed. This meant terminating the old service on the old IP range and having the firewalls and servers reconfigured on the spot.

Now we use a secondary address on the router and route both the old and new ranges over a few days while the customer reconfigures their network. They can leave the old service running while testing servers on the new IP range. When everything is moved over and tested then we can take the old range off and make the secondary address the primary.

Works for me, although I wouldn't use it as a permanant solution but it's great for a changeover period.

Chris. **********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[StarTAC]

thanks Chris, for your insight, but, what'd i'd like to know is what would u choose as a permanent alternative, to having secondary IP addressing...?.....

the goal here, is to use a single router as a distribution point for several subnets... aside from using a typical secondary IP address to directly connect each subnet, what other way can u tell a router that it will provide routing services for subnet A, B, C, D ..... and so on...

many thanks...

 

[BuckWeet]

Add additonal ethernet ports, of if you could, get a Layer 3 switch.. 3550's are pretty cheap for what they can do...


BuckWeet

 

[Degg]

The reason you dont have the encapsulation 802.1q option is because the 2611 doesnt support trunking. you need a fast ethernet port to do that. a 2621 would be a better choice due to the fast ethernet ports. Degg
Network Administrator

 

[pc2mike]

The CISCO 2611 does support 802.1q on it's ethernet ports.

http://www.cisco.com/warp/public/cc/pd/rt/2600/prodlit/1726_pp.htm

BUT, after configuring the unit with a trunk, you will need something to port it to... like a CISCO 2924 Switch.

Just FYI.

---- clip ----
802.1Q VLANs allow LAN networks to be divided into workgroups connected via common backbones to form virtual LAN (VLAN) topologies. This technology, once limited to Fast Ethernet connections, is now supported on the built-in 10BaseT interfaces of the Cisco 2610, 2611 and 2612. Only the built-in 10BaseT interfaces are supported.
--------------

 

[StarTAC]

cheers guys...

 

[Degg]

thats good to know, now I dont have to upgrade our 2611, just update the IOS. Cool!

Degg
Network Administrator

 

[StarTAC]

Degg, i already tried that.... i've got a 2611 running which i upgraded to IOS 12.2(11)T2, with 2 on-board 10Mbps ethernet interfaces... it still doesn't work...

i also tried it on an AS5300 access server, which has both a 10Mbps and a fast ethernet port, running IOS 12.2(11)T.. still nothing doing...

good luck..

 

[svermill]

StarTAC,

Have you tried the feature navigator to see if there is a particular feature set that you need?

http://www.cisco.com/warp/public/732/support/fn/index.shtml

Regards,

Scott

 

[StarTAC]

thanks guys... i actually upgraded my AS5300 to 12.2(13)T IP PLUS this morning, as it spots a whopping 128MB DRAM...

i got the 802.1q encapsulation command on the fast ethernet and 10Mbps ethernet ports.. although only the fast ethernet port supports both ISL and 802.1q trunking, among other modes... the 10Mbps port supports only 802.1q and 802.10....

anyway, now that i can see it works, could any of u who have successfully used it, give me sample configuration involving a switch that has been divided into 3 VLAN segments..

the first 2 segments have 4 ports each.. and the 3rd segment has the remaining 16 ports...

a 2621 router will act as a gateway to the internet, and will be part of the 1st segment.. another router, a 3640, will be part of both the 2nd and 3rd segments, to handle distribution and access services....

both routers will have multiple addresses, covering several subnets of my 4 class C networks.. i would like to employ 802.1q trunking so i can eliminate the need for secondary IP addressing on a single ethernet/fast ethernet interface....

what configuration would u advise..?..

all help appreciated...