7 Replies Latest reply: Feb 15, 2012 11:28 PM by sokandetta RSS

    Understanding issue with secondary IP and dot1q

    DrMxxxxx

      Hello guys,

       

      I'm lerning for the CCNA exam and I'm confused a littel bit.

       

      On a Router I have the possibility to configure an Ethernet port with a primary and a secondary IP address. For example to larger the address space in this segment.

      But I have also have the possibility to configure it like Fa0/0.1, Fa0/0.2, and so on.

       

      What is the difference between this two possibilities?!?

       

      Thanks a lot!

       

      Regards,

      DrMxxxxx

        • 1. Re: Understanding issue with secondary IP and dot1q
          Brian

          You would use the sub-interfaces (Fa0/0.1, Fa0/0.2) if you had multiple VLANs on a switch. I don't think the secondary IP is used much. Also as I remember it the secondary IP is there for the traffic to route to but the primary IP is actually the one recognized if that makes sense. If you use the secondary IP for your second VLAN it shouldn't work because when you are doing those sub interfaces you will be defining the encapsulation as well which should match up to a VLAN on your switch.

          • 2. Re: Understanding issue with secondary IP and dot1q
            Brian

            I forgot to say that yes it would work to have two IP's if everything was in the same vlan but I don't see that being a best practice. Each scenario has its reasons though.

            • 3. Re: Understanding issue with secondary IP and dot1q
              DrMxxxxx

              Hello Brian,

               

              thanks for the answer.

               

              When I'm understanding correctly, than is the sub-interface command for connecting differnet VLANs to one Ethernet port on the router. And the alternative to configure a secondary IP address is an "old" method which is not used very often today.

               

              Greetings,

              DrMxxxxx

              • 4. Re: Understanding issue with secondary IP and dot1q
                Brian

                Adding the sub interfaces is referred to as router on a stick. That is what you should be familiar with for the CCNA. The secondary IP I'm sure has many applications, I just haven't come across many. At a previous job we used it to change from 192.168.x.x to 10.x.x.x subnets. That way we could configure the equipment ahead of time before we went onsite to do the swap. That way we could changover the live network and not have as many issues.

                • 5. Re: Understanding issue with secondary IP and dot1q
                  tnewshott

                  Secondary IP address simply associates another IP range to the same Layer 2 VLAN. Nothing more, nothing less.  For IPv4, only primary addresses participate in routing, are advertised, etc.  Quick and dirty way to add IPs to a VLAN.  Not recommended. 

                   

                  Dot1q is an encapsulation used for trunking, and is typically seen on routers only when setup for VRF or Router-On-A-Stick.  You can break-out a physical interface to multiple sub-interfaces which are treated as separate networks from a logical perspective.

                  • 6. Re: Understanding issue with secondary IP and dot1q
                    Mehdi

                    Travis,

                     

                    I don't get this part of your post "For IPv4, only primary addresses participate in routing, are advertised, etc."

                    Let's say I have the following configuration:

                     

                    int vlan10

                    ip address 192.168.100.1 255.255.255.0

                    ip address 10.10.10.1 255.255.255.0 secondary

                    !

                    router ospf 10

                    net 192.168.100.0 0.0.0.255 area0

                    net 10.10.10.0 0.0.0.255 area0

                    !

                     

                    What you mean is the network 10.10.10.0/24 does not participate in OSPF?

                    • 7. Re: Understanding issue with secondary IP and dot1q
                      sokandetta

                      that is a quite good question ..

                      i'll tell you my belief

                       

                       

                      if i have multiple subnets connected to a switch let's say 192.168.1.0/24 and 10.10.10.0/24

                       

                      and i have only 1 router with 1 interface, and i need to set it as a default gateway to the 2 networks, wht should i do ?

                       

                      i'll implement secondry ip address or subinterfaces .. both are okay with this  ..

                       

                      but what if those 2 networks where mapped to Vlan 10 and Vlan 20 ?

                      will the secondary address automatically work as gateway for vlan in the same subnet and the primary address work as gateway for vlan in its subnet ?

                       

                      The answer is NO because there is a single ACCESS link between the router and the swich and the ACCESS link carries only one Vlan ..
                      so the solution is to turn this single link to the TRUNK mode on the switch and to the dot1.Q encapsulation mode on the router ..

                      but the command "Encapsulation dot1.Q <vlan id>" is not a valid command on the main interface .. you can implement the dot1.q encapsulation only on subinterfaces ..


                      so if you've vlans .. you are obligated to the subinterfaces to be able to implement the dot1.Q encapsulation method so you can use the single link for multiple vlans traffic

                       

                      if they are just 2 subnets in the same default vlan then you've the choice to use subinterfaces technique or the secondary ip technique and recommende to use subinterfaces