issue with secondary address

donnie · ‎07-21-2009

Hi all. We have a cisco1811 router set where our internal interface is set with 2 ip addresses. primary address is 192.168.200.193 mask 255.255.255.192 while secondary is 192.168.201.1 mask 255.255.255.0(new ip). The reason for this is we have site to site vpn to customer site and we are in the phase of slowly converting our network devices to use the new ip range. 1 of my device is set with the ip 192.168.201.10, mask 255.255.255.0 and gateway 192.168.201.1. However when i do a tracert to external frm this device, the 1st hop is the old gateway which is 192.168.200.193. This same device could ping 192.168.201.1. Why is the 1st hop going to a different ip? Pls advise.

nate-miller · ‎07-21-2009

Don't worry about it- you're going to see funky behavior with secondary ip addresses.

Traceroute works by sending out ICMP packets with short TTLs. When a router gets a packet with a TTL that it expires, it sends back a packet with its IP address and a "time exceeded message". The IP address a router uses to send back this message is the primary address of the interface, not necessarily the virtual IP address that you sent the packet to.

One thing to keep in mind with secondary IP addressing is that DHCP and IP helper statements aren't going to work for the network of the secondary address- for the same reason I mentioned before. The router can't determine which network you wanted to source that DHCP from- so it sends the DHCP request to the server sourced from the primary address of th interface, not the secondary.

if you're truly migrating off the address space, it's probably a good thing to delete the secondary address, delete the primary address, install the new address as a primary, and the old address as a secondary.