Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
13
Helpful
7
Replies

secondary ip address

Go to solution
bsudol79p
Level 1
Level 1

‎03-13-2008 02:48 PM - edited ‎03-03-2019 09:07 PM

Hi, I have a T1 connected to the internet. The WAN address is assigned to the ethernet 0/0 interface. We have a secondary IP address on the ethernet 0/0 interface that is a private address that belongs to the LAN. Some before me set this up and I don't know why it was done that way. Can anyone tell me any benefits of this configuration? or reason why would you do this? I would like to get rid off the WAN addresss because it causes some minor issues. Here is the config.

interface Serial0/3/0

mtu 4470

no ip address

encapsulation frame-relay IETF

ip route-cache flow

no ip mroute-cache

no fair-queue

frame-relay lmi-type ansi

interface Serial0/3/0.500 point-to-point

bandwidth 1536

ip unnumbered GigabitEthernet0/0

ip access-group 112 in

ip nat outside

ip inspect vsafw out

ip virtual-reassembly

no cdp enable

frame-relay interface-dlci 500 IETF

interface GigabitEthernet0/0

ip address 172.21.19.1 255.255.255.0 secondary

ip address 63.x.x.129 255.255.255.128

ip nat inside

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bsudol79p

‎03-13-2008 03:15 PM

Bart

I have a customer with a very similar configuration on their Internet facing router. I suspect that the logic of your setup is very similar to theirs. They have a point to point Frame Relay interface which is configured with ip unnumbered pointing to the LAN interface. The LAN interface has the public IP as its primary address and has a private address as secondary. The main reason that they do this is that it allows the IP block assigned to them by their provider to be used on the LAN interface. They have a number of machines on the LAN configured with public addresses. It allows the public address to be used without setting up address translation for them.

If you do show ARP on your router do you see MAC addresses on the LAN for the "public" subnet? If so then you have machines on the LAN configured with the public addresses like my customer does. If you move the public address from the LAN to the WAN as you wish to do you will need to readdress the machines on the inside and to set up translations (many of which will need to be static translations if the machines need a consistent address appearance in the Internet.

HTH

Rick

HTH

Rick

View solution in original post

7 Replies 7

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎03-13-2008 02:51 PM

Perhaps they were going thru a re-IP process and this was a migration step?

__

Edison.

Go to solution
bsudol79p
Level 1
Level 1
In response to Edison Ortiz

‎03-13-2008 03:03 PM

Not that I know of, but I want to get rid of it however I want to make sure it won't break anything for examale NAT. I have some issues with this WAN address because when I ping another router that is also connected to the same switch the packet gets dropped by the switch because the switch doesn't know about the WAN network. However when I do ping with source of LAN address 172.21.19.1 the ping works fine.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bsudol79p

‎03-13-2008 03:15 PM

Bart

I have a customer with a very similar configuration on their Internet facing router. I suspect that the logic of your setup is very similar to theirs. They have a point to point Frame Relay interface which is configured with ip unnumbered pointing to the LAN interface. The LAN interface has the public IP as its primary address and has a private address as secondary. The main reason that they do this is that it allows the IP block assigned to them by their provider to be used on the LAN interface. They have a number of machines on the LAN configured with public addresses. It allows the public address to be used without setting up address translation for them.

If you do show ARP on your router do you see MAC addresses on the LAN for the "public" subnet? If so then you have machines on the LAN configured with the public addresses like my customer does. If you move the public address from the LAN to the WAN as you wish to do you will need to readdress the machines on the inside and to set up translations (many of which will need to be static translations if the machines need a consistent address appearance in the Internet.

HTH

Rick

HTH

Rick

Go to solution
bsudol79p
Level 1
Level 1
In response to Richard Burts

‎03-13-2008 03:22 PM

Thanks again Rick, we don't have public addresses on the LAN and we use NAT for all translations so I think that it won't break anything. Thank for pointing that out. Maybe in the past the public addresses were on the LAN.

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to bsudol79p

‎03-13-2008 05:26 PM

You could always use a ping sweep utility to scan 63.104.1.129 network to be on the safe side that there are not local hosts configured with any address under this net, I have seen in the past when decomissioning subnets some old host devices not showing in arp table and suddenly do show up in ping sweeps, worsed case scenario someone will scream when network is removed from interface and can always be placed back, if no one does then you are safe.

Jorge Rodriguez

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to JORGE RODRIGUEZ

‎03-13-2008 07:43 PM

Bart

It was an interesting question and I am glad that my response was helpful. Thank you for using the rating system to indicate that your question was resolved. It makes the forum more useful when people can read a question and can know that they will read a response that successfully resolved the question.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
satish_k
Level 1
Level 1

‎03-14-2008 01:43 PM

Hi,

Such configurations are also employed when you don't have sufficient interfaces on the routers.Because in such case a single interface serves as both WAN and LAN interfaces.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card