×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Subinterfaces . . .

Unanswered Question
Sep 26th, 2006
User Badges:

Hi,

Because my routers only have a single eth interface each, I would like to set up subinterfaces for each one (one for my inside network, one for my outside network). Also, I would like to set up HSRP for my subinterfaces between routers. Since I can't add IP addresses to my subinterfaces without a higher-level IOS, I've ordered full mem upgrades for both. My question is, will my idea work? When I add IP addresses to the subinterfaces right now, I get an error telling me that the main interface has to be set for ISL or dotq. Simple enough, the upgrades will let me do that. But adding those settings to the main interface is usually done when you want to do inter-vlan routing, no? Why would it matter if you're not routing between vlans?


-Shikamaru

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
scottmac Tue, 09/26/2006 - 19:00
User Badges:
  • Green, 3000 points or more

For what you are trying to do, adding a secondary address would be better, and does not require adding subinterrfaces.


Example:


(Config-intf)# ip addr 192.168.1.1 255.255.255.0 <-normal, primary interface address


(then add this)


(config-intf)# ip addr 10.10.10.10 255.255.255.0 SECONDARY <--adds an additonal IP address to the same physical interface


That being said, what you are trying to do is generally considered a very bad idea. You give up most security options, greatly complicate the use of (some/most) routing protocols, and completely give up segregation of the broadcast domains (remember that a broadcast MAC address has a destination of all-ones (ff.ff.ff.ff.ff.ff) regardless of the layer three address).


SECONDARY addresses, IMHO, pretty much exist to aid in the migration of a net/subnet from one IP address block to another (like a company re-design or integrating address blocks of a new branch / newly acquired company); then the old and newly migrated hosts can still work concurrently.


Good Luck


Scott


shikamarunara Tue, 09/26/2006 - 19:22
User Badges:

Thank you, Scott. You're idea sounds much more in line with what I am looking to do.


Question; does HSRP even support subinterfaces the way I'm looking to implement it? I assume it will work fine with a secondary address then?


-Shikamaru

shikamarunara Tue, 09/26/2006 - 22:09
User Badges:

In retrospect, this idea won't work in my scenario since I wouldn't be implement HSRP or NAT.


What are the "security options" I would forgo if I used subinterfaces?


-Shikamaru

Actions

This Discussion