What is secondary ip address,why it is used?
i've learned somewhere that OSPF configured routers are known by their R-ID and EIGRP configured routers are known by there primary address,so why there is secondary addresses are used?
Say you have a DMZ appearing on a a Router Ethernet interface with 10.0.0.1/24 and you run out of IPs and you need to put more servers there and not impact anything else. You can use IP Secondary on that interface and bring up another range like 10.0.1.1/24.
Another ISP trick is the public IP could be a given block range and subnet but the ISPs first hop over the WAN has another private IP that is not exposed--except to your router in a narrow rage and tigher subnet and that lets you out to the backbone. So you want to advertise the correct IP.
OSPF and EIGRP both use Router-ID as the first choice. This is a configured value not the hostname. It select the highest available loopback address and the highest interface address. It use the primary not the secondary address.
UnderDesk#show ip ospf 123
Routing Process "ospf 123" with ID 188.8.131.52
UnderDesk#show run | section router ospf 123
router ospf 123
no passive-interface Loopback99
network 0.0.0.0 255.255.255.255 area 0
UnderDesk#show run int loopback 99
Current configuration : 126 bytes
ip address 184.108.40.206 255.255.255.255 secondary
ip address 220.127.116.11 255.255.255.255
Another use for the secondary IP address command on the router is to actually bind another subnet to the same interface. So, lets say that you have 192.168.105.1/24 bound to an ethernet interface of a router. 192.168.106.1/24 is used else where in your network. You outgrow your subnet and need more addresses, so you bind 192.168.107.1/24 to the interface. You would essentially have 2 different subnets, bound to the same interface and the router would route both subnets. However, these subnets would be on the same broadcast domain.
This isn't a best practice. It isn't recommended. It is possible. I have seen a few networks where this was done as a temporary measure until the sites were re-addressed with a more contigious addressing scheme.
I have a definition for 'secondary ip address' that I found in the 2nd Edition of Cisco. 'The second (or more) IP address configured on a router interface, using the secondary keyword on the ip address command.' It also gives an example -
ip address 10.1.7.252 255.255.255.0 secondary
ip address 10.1.2.252 255.255.255.0
The only side effect is when packets are sent between hosts on the LAN, it might be routed right. The sending host sends packet to router, which the router will send packet back into LAN.
I am with Jared on this one. That is the only reason I have used a secondary IP address, to multi-home a router interface. And I agree it is not recommended for long term use, but I have used it for migration purposes.
Server's often have multiple IP addresses, to host either different types of server on the same box, or different web-servers (there are other probably better ways to avoid this). But if you do .......does this force a router port into half-duplex ? Is this actually possibile ? Or is it just a really bad idea to do anything like that ?
The most piratical use of secondary IP addresses is to migrate to new IP block. I have also seen networks where admin used a secondary address to expand an existing vlan. It is not a practice that I would recomend as it is very messy and leads to more confusion.
I would suppose it gets even messier when you factor DHCP and IP helper statements into the mix...
In this case (helper address and dhcp) you should use ip dhcp smart-relay in global config mode.
It works in two way:
When a host send a dhcp discover router puts its primary address into dhcp request DG field and see whether any offer arrives to host. If not then router changes IP address in DG field of DHCP packet to its secondary address.
If dhcp server has a pool to primary than router will use primary address in dhcp field of dhcp packet while this pool has free ip address. If ip address pool for primary address exhausted than put secondary address into DG field.
If there is no pool for primary address in dhcp server than it put secondary address into dhcp field of packet.
For further information see this link.