issue with secondary address

Unanswered Question
Jul 21st, 2009

Hi all. We have a cisco1811 router set where our internal interface is set with 2 ip addresses. primary address is mask while secondary is mask ip). The reason for this is we have site to site vpn to customer site and we are in the phase of slowly converting our network devices to use the new ip range. 1 of my device is set with the ip, mask and gateway However when i do a tracert to external frm this device, the 1st hop is the old gateway which is This same device could ping Why is the 1st hop going to a different ip? Pls advise.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
nate-miller Tue, 07/21/2009 - 20:46

Don't worry about it- you're going to see funky behavior with secondary ip addresses.

Traceroute works by sending out ICMP packets with short TTLs. When a router gets a packet with a TTL that it expires, it sends back a packet with its IP address and a "time exceeded message". The IP address a router uses to send back this message is the primary address of the interface, not necessarily the virtual IP address that you sent the packet to.

One thing to keep in mind with secondary IP addressing is that DHCP and IP helper statements aren't going to work for the network of the secondary address- for the same reason I mentioned before. The router can't determine which network you wanted to source that DHCP from- so it sends the DHCP request to the server sourced from the primary address of th interface, not the secondary.

if you're truly migrating off the address space, it's probably a good thing to delete the secondary address, delete the primary address, install the new address as a primary, and the old address as a secondary.


This Discussion