10 Replies Latest reply: Oct 18, 2012 10:38 PM by borzol CCNP (CCIE R&S candidate) RSS

    Secondary IP Address

    Nilesh Agnihotri

      What is secondary ip address,why it is used?

      i've learned somewhere that OSPF configured routers are known by their R-ID and EIGRP configured routers are known by there primary address,so why there is secondary addresses are used?






      Nilesh Agnihotri

        • 1. Re: Secondary IP Address

          changing IP addressing schema is one reason for secondary IP address.

          • 2. Re: Secondary IP Address

            Say you have a DMZ appearing on a a Router Ethernet interface with and you run out of IPs and you need to put more servers there and not impact anything else. You can use IP Secondary on that interface and bring up another range like


            Another ISP trick is the public IP could be a given block range and subnet but the ISPs first hop over the WAN has another private IP that is not exposed--except to your router in a narrow rage and tigher subnet and that lets you out to the backbone.  So you want to advertise the correct IP.




            • 3. Re: Secondary IP Address

              Hi Nilesh


              OSPF and EIGRP both use Router-ID as the first choice. This is a configured value not the hostname. It select the highest available loopback address and the highest interface address. It use the primary not the secondary address.


              Regards Conwyn


              UnderDesk#show ip ospf 123
              Routing Process "ospf 123" with ID


              UnderDesk#show run | section router ospf 123
              router ospf 123
              passive-interface default
              no passive-interface Loopback99
              network area 0


              UnderDesk#show run int loopback 99
              Building configuration...

              Current configuration : 126 bytes
              interface Loopback99
              ip address secondary
              ip address

              • 4. Re: Secondary IP Address

                Another use for the secondary IP address command on the router is to actually bind another subnet to the same interface.  So, lets say that you have bound to an ethernet interface of a router. is used else where in your network.  You outgrow your subnet and need more addresses, so you bind to the interface.  You would essentially have 2 different subnets, bound to the same interface and the router would route both subnets.  However, these subnets would be on the same broadcast domain.


                This isn't a best practice.  It isn't recommended.  It is possible.  I have seen a few networks where this was done as a temporary measure until the sites were re-addressed with a more contigious addressing scheme.

                • 5. Re: Secondary IP Address

                  I have a definition for 'secondary ip address' that I found in the 2nd Edition of Cisco. 'The second (or more) IP address configured on a router interface, using the secondary keyword on the ip address command.' It also gives an example -

                  ip address secondary

                  ip address


                  The only side effect is when packets are sent between hosts on the LAN, it might be routed right. The sending host sends packet to router, which the router will send packet back into LAN.

                  • 6. Re: Secondary IP Address
                    Steven Williams

                    I am with Jared on this one. That is the only reason I have used a secondary IP address, to multi-home a router interface. And I agree it is not recommended for long term use, but I have used it for migration purposes.

                    • 7. Re: Secondary IP Address
                      oliver-learning net

                      Server's often have multiple IP addresses, to host either different types of server on the same box, or different web-servers (there are other probably better ways to avoid this). But if you do .......does this force a router port into half-duplex ? Is this actually possibile ? Or is it just a really bad idea to do anything like that ?

                      • 8. Re: Secondary IP Address
                        Jason Robbins

                        The most piratical use of secondary IP addresses is to migrate to new IP block. I have also seen networks where admin used a secondary address to expand an existing vlan. It is not a practice that I would recomend as it is very messy and leads to more confusion. 

                        • 9. Re: Secondary IP Address

                          I would suppose it gets even messier when you factor DHCP and IP helper statements into the mix...

                          • 10. Re: Secondary IP Address
                            borzol CCNP (CCIE R&S candidate)

                            Lou wrote:


                            I would suppose it gets even messier when you factor DHCP and IP helper statements into the mix...

                            In this case (helper address and dhcp) you should use ip dhcp smart-relay in global config mode.


                            It works in two way:


                            When a host send a dhcp discover router puts its primary address into dhcp request DG field and see whether any offer arrives to host. If not then router changes IP address in DG field of DHCP packet to its secondary address.




                            If dhcp server has a pool to primary than router will use primary address in dhcp field of dhcp packet while this pool has free ip address. If ip address pool for primary address exhausted than put secondary address into DG field.


                            If there is no pool for primary address in dhcp server than it put secondary address into dhcp field of packet.


                            For further information see this link.