Re: IP Secondary vs Vlans

rbacct123 · ‎01-24-2005

Right now I am going back and forth with a coworker on this issue - use ip secondary or use vlans.

Can anyone provide me information regarding the pros and cons of both? Right now we have a 4006 switch and a 3550 router.

Thanks for any information!

-J

smif101 · ‎01-24-2005

Using VLAN's would be the better option because then you will be segmenting your traffic with your subnets. How many total users will there be?

steve · ‎01-24-2005

I've had some routing issues when using secondary addressing. I'd stick with VLANs whenever possible.

Regards,

Steve

http://www.cisco-forum.com

hdommath · ‎01-24-2005

I would go with vlans. That way you will be isolating the traffic between the subnets.

By using secondaries, you will create a flat network.

rbacct123 · ‎01-24-2005

Thanks for teh info. we currently have a 4006 with a sup2. would that work with vlans ok? my coworker is saying i would need a sup4 to properly use vlans.

dbellaze · ‎01-24-2005

Your SUP will support VLANs just fine.

Back to your original question.

If you go with VLANs you are creating broadcast domains for each VLAN, so in order to talk to a server/host in another VLAN the traffic will be routed NOT layer 2 switched. This is beneficial because you can control traffic at Layer 3 and 4 with ACLs, and broadcast domains are generally smaller. Also packet sniffing is isolated to the VLAN.

If you go with just using secondary addresses then every one is still on thes same broadcast domain and the only thing that seperates them is the IP header in the packet. If a user plugs in a sniffer he will capture all broadcast/multicast/unknownunicast information (assuming all switches) transmitted on the network.

Also like mentioned in a previous posting there are potential routing problems when using secondary addresses.

Daniel

rbacct123 · ‎01-24-2005

Great answers! thank you so much!

hdommath · ‎01-24-2005

cat4000 sup2 is EOL.