Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sebastiaan_ij
New Contributor

Reasons to add a secondary IP address on a interface

Hello everybody, I have a question about the use of a second IP address on a interface. It basically is the why question, why would you do such a thing?? In this particularly case the main interface is part of a trunk, so it has a vlan ID configured. In my opinion if you add secondary IP addresses you also introduce different subnets (and different broadcast domains) in the same vlan, which is hardly a best practice. It will work I quess but it' s asking for trouble I think, the problem is I can' t think of a proper argument against it other than a gut feeling I have. What do you guys think? Am I overreacting or is there a real reason not to do it?
3 REPLIES 3
emnoc
Esteemed Contributor III

Your gut feeling is correct, one benefit of secondary tho.... is when you migrating a network from old to new ip space and you want the migration transparent. Outside of that, I prefer to go what you described earlier, separate collisions and broadcast domains and just craft a 802.1q sub-intf

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ddskier
Contributor

It is also useful when you want the port to have a rout-able IP and also the announced IP when using BGP.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Rick_H
New Contributor III

Staggered network address migrations are the primary reason I' ve had to use the feature so far. This goes for both Fortinet and other vendor gear. Being able to re-address devices on a network in stages is a real boon with even medium-sized networks. I' ve also had to use secondary addresses in a scenario relative to VPN: I wanted to use an IP address other than the interface address as the VPN terminator. In this case, though, it was a secondary IP address in the same subnet rather than a wholly new one.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors