secondary ip address

Answered Question
Mar 13th, 2008

Hi, I have a T1 connected to the internet. The WAN address is assigned to the ethernet 0/0 interface. We have a secondary IP address on the ethernet 0/0 interface that is a private address that belongs to the LAN. Some before me set this up and I don't know why it was done that way. Can anyone tell me any benefits of this configuration? or reason why would you do this? I would like to get rid off the WAN addresss because it causes some minor issues. Here is the config.

interface Serial0/3/0

mtu 4470

no ip address

encapsulation frame-relay IETF

ip route-cache flow

no ip mroute-cache

no fair-queue

frame-relay lmi-type ansi

interface Serial0/3/0.500 point-to-point

bandwidth 1536

ip unnumbered GigabitEthernet0/0

ip access-group 112 in

ip nat outside

ip inspect vsafw out

ip virtual-reassembly

no cdp enable

frame-relay interface-dlci 500 IETF

interface GigabitEthernet0/0

ip address 172.21.19.1 255.255.255.0 secondary

ip address 63.x.x.129 255.255.255.128

ip nat inside

I have this problem too.
0 votes
Correct Answer by Richard Burts about 8 years 8 months ago

Bart

I have a customer with a very similar configuration on their Internet facing router. I suspect that the logic of your setup is very similar to theirs. They have a point to point Frame Relay interface which is configured with ip unnumbered pointing to the LAN interface. The LAN interface has the public IP as its primary address and has a private address as secondary. The main reason that they do this is that it allows the IP block assigned to them by their provider to be used on the LAN interface. They have a number of machines on the LAN configured with public addresses. It allows the public address to be used without setting up address translation for them.

If you do show ARP on your router do you see MAC addresses on the LAN for the "public" subnet? If so then you have machines on the LAN configured with the public addresses like my customer does. If you move the public address from the LAN to the WAN as you wish to do you will need to readdress the machines on the inside and to set up translations (many of which will need to be static translations if the machines need a consistent address appearance in the Internet.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (4 ratings)
Loading.
Edison Ortiz Thu, 03/13/2008 - 14:51

Perhaps they were going thru a re-IP process and this was a migration step?

__

Edison.

bsudol79p Thu, 03/13/2008 - 15:03

Not that I know of, but I want to get rid of it however I want to make sure it won't break anything for examale NAT. I have some issues with this WAN address because when I ping another router that is also connected to the same switch the packet gets dropped by the switch because the switch doesn't know about the WAN network. However when I do ping with source of LAN address 172.21.19.1 the ping works fine.

Correct Answer
Richard Burts Thu, 03/13/2008 - 15:15

Bart

I have a customer with a very similar configuration on their Internet facing router. I suspect that the logic of your setup is very similar to theirs. They have a point to point Frame Relay interface which is configured with ip unnumbered pointing to the LAN interface. The LAN interface has the public IP as its primary address and has a private address as secondary. The main reason that they do this is that it allows the IP block assigned to them by their provider to be used on the LAN interface. They have a number of machines on the LAN configured with public addresses. It allows the public address to be used without setting up address translation for them.

If you do show ARP on your router do you see MAC addresses on the LAN for the "public" subnet? If so then you have machines on the LAN configured with the public addresses like my customer does. If you move the public address from the LAN to the WAN as you wish to do you will need to readdress the machines on the inside and to set up translations (many of which will need to be static translations if the machines need a consistent address appearance in the Internet.

HTH

Rick

bsudol79p Thu, 03/13/2008 - 15:22

Thanks again Rick, we don't have public addresses on the LAN and we use NAT for all translations so I think that it won't break anything. Thank for pointing that out. Maybe in the past the public addresses were on the LAN.

JORGE RODRIGUEZ Thu, 03/13/2008 - 17:26

You could always use a ping sweep utility to scan 63.104.1.129 network to be on the safe side that there are not local hosts configured with any address under this net, I have seen in the past when decomissioning subnets some old host devices not showing in arp table and suddenly do show up in ping sweeps, worsed case scenario someone will scream when network is removed from interface and can always be placed back, if no one does then you are safe.

Richard Burts Thu, 03/13/2008 - 19:43

Bart

It was an interesting question and I am glad that my response was helpful. Thank you for using the rating system to indicate that your question was resolved. It makes the forum more useful when people can read a question and can know that they will read a response that successfully resolved the question.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

satishkirve Fri, 03/14/2008 - 13:43

Hi,

Such configurations are also employed when you don't have sufficient interfaces on the routers.Because in such case a single interface serves as both WAN and LAN interfaces.

Actions

This Discussion