Reasons to add a secondary IP address on a interface

Forum|Forum|13 years ago
February 18, 2013
3 replies
6172 views

Hello everybody, I have a question about the use of a second IP address on a interface. It basically is the why question, why would you do such a thing?? In this particularly case the main interface is part of a trunk, so it has a vlan ID configured. In my opinion if you add secondary IP addresses you also introduce different subnets (and different broadcast domains) in the same vlan, which is hardly a best practice. It will work I quess but it' s asking for trouble I think, the problem is I can' t think of a proper argument against it other than a gut feeling I have. What do you guys think? Am I overreacting or is there a real reason not to do it?

emnoc

New Member

Your gut feeling is correct, one benefit of secondary tho.... is when you migrating a network from old to new ip space and you want the migration transparent. Outside of that, I prefer to go what you described earlier, separate collisions and broadcast domains and just craft a 802.1q sub-intf

ddskier

New Member

It is also useful when you want the port to have a rout-able IP and also the announced IP when using BGP.

Rick_H

New Member

Staggered network address migrations are the primary reason I' ve had to use the feature so far. This goes for both Fortinet and other vendor gear. Being able to re-address devices on a network in stages is a real boon with even medium-sized networks. I' ve also had to use secondary addresses in a scenario relative to VPN: I wanted to use an IP address other than the interface address as the VPN terminator. In this case, though, it was a secondary IP address in the same subnet rather than a wholly new one.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded