Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Secondary IP address limitation

I have configured one of the cisco 2600 router ethernet port with two IP address. I connected this port to two WAN links and the connection works as long as the Pimary IP network is up. If the WAn link for the primary IP network fails, the secondary IP network cannot communicate with the other WAN link.

Can someone please help me solve the problem

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Secondary IP address limitation

Tigist,

That's correct the only config required was

on the router and the switch.

Glad it is working now.

Thanks,

OW

20 REPLIES

Re: Secondary IP address limitation

HI,

Do you mean by Single Router Port to 2-WAN Links - how ?

Can you please post the Configuration. It depends upon the Routing Protocol you use.

Regards, Guru Prasad R

Hall of Fame Super Gold

Re: Secondary IP address limitation

Tigist

I agree with Guruprasad that we need more information about your environment so that we can understand it and be able to give better answers to your question.

From your description I would guess that the problem may be that whatever is connected on the second WAN link does not have a route to the subnet of your secondary address. It may also be a possible problem with the configuration of the default gateway on the devices in the subnet of the secondary address.

So if you can provide more information about the situation we may be able to find better answers.

HTH

Rick

New Member

Re: Secondary IP address limitation

Rick, Guruprasad,

I have a 2600 router with two ethernet ports. One of the ports is configured with the branches network IP. The second ethernet port is configured with two IP addresses, primary and secondary.

I have subscribed two WAN links from an ISP (one of the link is redundant) to connect to the Head Office Network. My intention is to enable the branch to use both WAN links with load sharing and be able to work if one of the WAN links fail.

The WAN link is broadband network and the devices of the ISP at the branch is cisco UBR and Cisco SOHO ADSL.

The problem I am having is that when one of the WAN links fail (the primary IP addressed link), the secondary IP address configured at the Router cannot communicate with the WAN link.

below is the configuration of the cisco 2600 router

Building configuration...

Current configuration : 911 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname XXXXXX

!

boot-start-marker

boot-end-marker

!

enable secret

!

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

ip cef

!

!

!

no ftp-server write-enable

!

!

!

!

interface FastEthernet0/0

ip address 172.31.12.221 255.255.255.0

ip helper-address 192.168.0.2

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.31.22.2 255.255.255.0 secondary

ip address 172.31.2.2 255.255.255.0

duplex auto

speed auto

!

router rip

version 2

network 172.31.0.0

!

ip classless

ip http server

!

!

line con 0

line aux 0

end

Tigist

Re: Secondary IP address limitation

HI Tigist,

2 - Ways of Load Balancing using RIP:

a. Per Destination Based

b. Per Packet Based

If 2 WAN Links to Head Office is of Equal Cost Links means it is easy to Load Balance.

a.Per-destination load balancing means the router distributes the packets based on the destination address. Given two paths to the same network, all packets for destination1 on that network go over the first path, all packets for destination2 on that network go over the second path, and so on.

b.Per-packet load-balancing means that the router sends one packet for destination1 over the first path, the second packet for (the same) destination1 over the second path, and so on.

load balancing is on a per-destination basis:

Router# config t

Router(config)# interface Ethernet 0/1

Router(config-if)# ip route-cache

load balancing is on a per-packet basis:

Router# config t

Router(config)# interface Ethernet 0/1

Router(config-if)# no ip route-cache

Rate the Answers if this Helps ! !

Thanks & Regards, Guru Prasad R

New Member

Re: Secondary IP address limitation

Guru Prasad R,

My problem is not load balancing but that the secondary IP address doesnot communicate with the redundant WAN link When the Primary WAN link fails.

Primary IP address 172.31.2.2 and the UBR link IP address 172.31.2.1

Secondary Ip address 172.31.22.2 and ADSL link IP 172.31.22.1

When the UBR link fails, the Secondary IP address does not communicate with ADSL link. meaning when I ping 172.31.22.1 from my router no response when the Primary WAN link fails.

do you have any Idea how I can solve this

Thank you

Tigist

New Member

Re: Secondary IP address limitation

try the no auto-summary option

ciao flash

New Member

Re: Secondary IP address limitation

flash

I have already configured no auto-summary option

tigist

Re: Secondary IP address limitation

Hi,

Have you tried to work with individual links ?

connect individual link1 and link2 to individual desktops and make sure that you are able to browse in both.

I suspect your ISP has routed your secondary IP also on your Primary WAN IP.

Regards

S. Shantharam

New Member

Re: Secondary IP address limitation

S.Shantharam

Link1 and Link2 work fine when I configure the cisco ethernet port as primary IP.

The links also work fine with the secondary address if the primary line is ok.

The problem is the secondary IP address is not functional if the Primary IP network WAN link fails.

Tigist

Re: Secondary IP address limitation

Hi Tigist,

I am attaching two images

1. your present Network

2. My view to check the links

You are doubting about secondary IP dependent on Primary address. The same I conveyed in a different way. Because we also assign IP blocks to customers depending on their requirement, and I have come across many similar situation.

Regards

S. Shantharam

New Member

Re: Secondary IP address limitation

Shantharam.suryanarayana,

the attachement tigist.jpg is my senario. while searching the forum, I came accross thi post that I think answers my question that the secondary IP address is indeed dependant on the Primary.

Posted by: medan - Senior Consultant, NCS Pte. Ltd. - Mar 9, 2007, 11:48pm PST

Topic: function of Secondary

"Note: If any router on a network segment uses a secondary address, all other routers on that same segment must also use a secondary address from the same network or subnet. "

Thank You

Tigist

Re: Secondary IP address limitation

HI,

Here i don't agree with shantharam.

Because, when we look into the Configuration posted:

ip address 172.31.22.2 255.255.255.0 sec

ip address 172.31.2.2 255.255.255.0

Primary & Secondary IP Address are from 2 Different Subnet Ranges. So, there will not be a chance of routing the Secondary IP Adress via Primary WAN IP.

But, Did you check the Individual Links seperately before doing this Configuration (or) Can you check with ISP for the routing details of Traffic on their Routers.

Thanks & Regards, Guru Prasad R

New Member

Re: Secondary IP address limitation

guruprasadr,

I have checked the individual links and both links work fine. I am wondering if the secondary IP address is dependant on the primary address.

Tigist

Hall of Fame Super Gold

Re: Secondary IP address limitation

Tigist

I do not understand the topology or I do not understand what you are trying to do. Your posts talk about 2 WAN links. Are both WAN links connected to the same address that has primary and secondary IP addresses? Perhaps you can explain the connectivity of how both WAN links are connected to the router?

In looking further at your config I may have an idea of the problem. I notice that you are running RIP version 2 and that it includes both of the interfaces. The RIP updates sent out the WAN interface will have the source address set as the primary IP address. Even when the primary link is down the router will be sending RIP updates with source address of the primary address. I suspect that the remote device does not accept the routing updates because it considers them to be from an invalid next hop address. It might be helpful to post the output of show ip protocol and of show ip route from both routers when the primary link is down. I suspect that it will show that the remote router does not have routes from this router (and I am not 100% sure that this router will have routes from the remote router).

HTH

Rick

New Member

Re: Secondary IP address limitation

Rick,

I have attached the connectivity and the IP addresses of the WAN link devices are:

Link1 IP address 172.31.2.1/24

Link2 IP address 172.31.22.1/24

f0/1 primary IP address 172.31.2.2/24

f0/1 secondary IP address 172.31.22.2/24

*My problem is when Link1 is down due to so many reasons; LAN users cannot communicate with the head office.

My intention is to enable LAN users to be able to use both links to communicate with the head office and If WAN link fails LAN uses must be able to communicate with the head office.

Tigist

Hall of Fame Super Gold

Re: Secondary IP address limitation

Tigist

I have looked at the drawing and it is somewhat helpful. It would be even more helpful if it showed the connections on the remote side of the WAN.

But I believe that the drawing is sufficient to confirm my theory of the problem in my previous post. Running RIP on f0/1 with primary and secondary addresses will send RIP updates with a source address of the primary address. RIP updates going over Link2 will be received by a device with address 172.31.22.1 and have a source address of 172.31.2.2. I believe that these RIP updates will be rejected because of the mismatch of the source address. Is it possible to get the output of show ip route from the remote when Link1 is down? This would be the best analysis of the problem and I believe that it would show that there are no routes learned from your router. If that is a problem, then the output of show ip route with both links up might be helpful. I suspect that if it was working as you want there would be routes learned over Link1 and a second route learned over Link2. But I suspect that you will only have the route learned over Link1.

HTH

Rick

New Member

Re: Secondary IP address limitation

Rick

There is no RIP updates when Link1 fails. But when both links are up then there is RIP update as in the following:

FastEthernet0/1

C 172.31.22.0 is directly connected, FastEthernet0/1

C 172.31.2.0 is directly connected, FastEthernet0/1

R 172.31.1.0 [120/2] via 172.31.2.1, 00:00:12, FastEthernet0/1

[120/2] via 172.31.22.1, 00:00:18, FastEthernet0/1

what configuration can I make to enable the my cisco router to be able to communicate with the head office when link1 fails?

Thank you

Tigist

New Member

Re: Secondary IP address limitation

Tigist,

I think I've already seen similar setup here

on the forum. I suggest, to avoid secondary

IP limitations associated with RIP routing,

try to configure you fastethernet interface

that facing the switch as a trunk, which will

allow you to have two separate subinterfaces

on the router. Then your RIP announcements will work normally. Switch port facing the router should be configured as trunk too.

Let me know if you need any help with that.

HTH,

OW

New Member

Re: Secondary IP address limitation

owaisberg HTH,

Thank you for your response. I did configure the router with subinterfaces and VLANs I configured VLANs on the switch.

Nothing needs to be configured on the WAN devices.

Finally, the branch can communicate with the Head office when either one of the links fail.

Thank you

Tigist

New Member

Re: Secondary IP address limitation

Tigist,

That's correct the only config required was

on the router and the switch.

Glad it is working now.

Thanks,

OW

2007
Views
5
Helpful
20
Replies
CreatePlease to create content