Secondary IP address

[Carpua]

Hi all

can someone explain to me the concept of secondary ip address on router interface. are the two ip address active after setting the secondary ip address or the secondary is just stanby?

 

[VinceWhirlwind]

They are both active.

It's not something you would ever want to design into a network, but it can be a get-out-of-jail-free card if it solves a problem you're stuck with.

Essentially it gives you two subnets on the same broadcast domain.

 

[Carpua]

my ISP has given me a second range of public IPs on the different subnet as the first range. the first range 196.40.172.84/29 and now they have given me 196.40.162.48/28. the router interface 196.40.172.85/29 is connected to the firewall interface 196.40.172.86/29. if i add the new range 196.40.162.49/28 as a secondary ip on the router do i need to do anything on the firewall?

 

[unclerico]

yes, on the firewall side of things you will need to do something. you don't state what make/model you are using but in any case you typically have two options; 1) static arp statements for a proxy-arp setup or 2) if your firewall supports it then use a subinterface on the router and configure a trunk/tagged interface to your firewall and configure each range of ip's on one of the VLANs.

 

[Carpua]

the make is cisco ASA 5510 and i have never heard of option 1, how does it work. and option 2 does the nat work the same way and do i have to change the name of the interface from outside to something else or the physical interface stays as outside without an IP address and the names are applied to the sub-interface?

 

[Carpua]

hi guys

just for interest sake, this it what i did. i added the new range as a secondary IP address on the router and routed the ips to the firewall. on the firewall i have them natted to the inside.