Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Workaround for Secondary IPs

I have some equipment that does not support secondary IPs (not Cisco [sorry didn't know where else to go]). Is there a possible workaround for this? The device is a L3 switch, so I can create SVIs, but I am afraid that may not work...Any thoughts?

Here's the situation:

Currently using an EOL (POS) firewall/router as the corporate routing device. I want to replace, however, the current device is using numerous secondary IP addresses (ran out of the primary), and the L3 switch that I have does not support secondary IPs (at least not that I have noticed from the CLI and from looking online). I was looking for a way to replace the current router with the switch without having to re-ip the machines. Obviously, this is no where near the ideal solution, but mgmt wants this done ASAP.




Re: Workaround for Secondary IPs

Not Cisco? Well, you can create an SVI, assign an address, and then change your devices gateway to point to it. I'm not sure what you're trying to do though.


HTH, John *** Please rate all useful posts ***
New Member

Re: Workaround for Secondary IPs


What I am trying to do is to have two separate machines on two different subnets be able to get to communicate. Seems simple and basic, but I do not know what ports on the L2 switches need to be in what VLAN(s), since the ports on the L2 switches goto both subnets with no documentation. Currently, the L2 switches uplink to another L2 switch, that uplinks to the EOL firwall/router on one port. That one port is using secondary IP addresses.

I don't know exactly what I want to do, but I need to be able to have the machines on the separate ip schemes to be able to communicate with each other.

I have thought about using the PVID, however, that will only work for one of the subnets, since the SVI only supports a primary IP address.

I hope this clarifies more than confuses,


New Member

Re: Workaround for Secondary IPs

If you create SVIs you will need to add proper routing in the firewall/router, but other than that, it should work.

The other option would be to buy some better equipment, you can get things on ebay for next to nothing that would better address your needs.


Re: Workaround for Secondary IPs

oops, misunderstood the question. i proposed to use a cisco, but obviosly you don't have a cisco. well, you can try the solution of pkaretnikiv: create all vlans on the L3 switch (SVI or L3), for example 6 vlans, then configure 6 ports for each vlan and just plug those 6 ports on your L2 network. each device will arp for its own default gateway, you connect the (new) firewall in a dedicated seperate vlan and put static routes on the firewall for each vlan you have. should work , but is messy. be sure to NOT run a L3 routing protocol on any of the vlans (no routing protocol hellos)