09-17-2013 12:18 PM - edited 03-03-2019 07:10 AM
Can someone provide a bit of substance on the reasoning behind using these various methods of creating networks on a router?
I've often seen routers configured that have an interface configured with the 'secondary' command to add additional networks (additional IPs to be used as gateways) when it would seem that a sub-interface (or VLAN interface) would have done the trick. What are the differences in these configuration methods and some of the reasoning behind them?
Thanks in advance!
09-17-2013 01:26 PM
It can be for a couple of reasons. The first would be that maybe the primary native vlan has run out of address space and a new subnet needs to be spun up pretty quickly. The second may be a management issue of the person that is configuring the device and may not know how to configure vlans.
The best way is to create vlans, but sometimes it's just put as a secondary address on the router to get by.
HTH,
John
*** Please rate all useful posts ***
09-19-2013 06:49 AM
I might add that if both subnets coexist in the same Network Segment there is no separation between the two, both physical and Logical.
When instead they are separated into different VLANs, there is much more control on what flows between the two VLANs.
However, this second scenario requires at least a Manageable Switch and, when used with Router on a Stick has got very poor performance since the router has to first receive the package and then send it back onto the other VLAN, thus reducing the throughput by 50%.
When instead everything ends up on the same interface, by means of secondary IP addresses, there is no need for Manageable Switch, even a regular cheap device will work.
Francesco
*** Please rate all useful posts ***
09-21-2013 04:55 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Frankaviglia wrote:
I might add that if both subnets coexist in the same Network Segment there is no separation between the two, both physical and Logical.
Actually there is some logical separation. NICs should logically ignore packets not part of their subnet; much as NICs should logically ignore packets that don't have their IP. The latter would also handle the former except in cases of directed/subnet broadcasts.
On a router, having traffic in different subnets, even on the same interface, allows ACLs to also distinguish between packets from different subnets, another case of logical separation.
PS:
Historically, before there were VLANs, you might use secondary addressing for the above reasons when weren't able to use different physical interfaces. As also noted in John's post, secondaries then, and still now, can be very useful for address space migrations. It allows both an "old" and "new" network while performing the migration. When using DHCP, if you make the "new" network the primary interface address, DHCP clients will seamlessly migrate their host IPs from the old to the new network when they renew their DHCP lease.
09-22-2013 11:57 AM
Perhaps another way to look at this question is to think of broadcast domains, which is the group of devices that will receive each others broadcasts. A broadcast domain is one way to understand the boundary of the network. And essentially a broadcast domain is a VLAN and a VLAN is a broadcast domain. So if you create a different VLAN you have created a new and entirely separate network from the one that existed. And creating a subinterface is the same because a subinterface is how you handle a VLAN on a router interface.
So if you want to create a new network with its own address space then you would use VLAN or subinterface. And if you want to increase the size of the address space within a network (or to accommodate another network/subnet within that network) then you would use secondary addresses.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide