so on our network we use ospf with vlan (x) and IP (x), at this time with vlan (X) the ip is already a little left, there is a need that there needs to be an additional IP with the condition of not needing to change the vlan, I am concentrated because if the IP widening will be done a lot of changes while if using a secondary ip only the vlan tag is automatically able to get the secondary ip is that right? and if I use a secondary ip only change the interface? if I do IP widening that means all IPs that use it need to have all their subnets changed is that right?

As @Richard Burts already noted, the better long term strategy is usually to move to a larger subnet.  Also, he correctly notes either can work.

What might not be obvious, a secondary subnet, rather than a long term solution, might be used to assist/stage a transition to a single larger subnet.

BTW, there are both OSPF and DHCP considerations when using secondary interface addresses.

What is considering BTW, there are both OSPF and DHCP considerations when using secondary interface addresses? If I use OSPF, is it true that I don't need to add the secondary IP to the OSPF network? Just the primary IP address, and the secondary IP will be automatically distributed to all OSPF networks?

What is considering BTW, there are both OSPF and DHCP considerations when using secondary interface addresses?.

I recall (?), by default, Cisco doesn't relay DHCP for secondary addresses.

I also recall (?) OSPF cannot use a secondary for establishing an OSPF neighbor adjacency.

I use OSPF, is it true that I don't need to add the secondary IP to the OSPF network? Just the primary IP address, and the secondary IP will be automatically distributed to all OSPF networks?

I recall (?) with traditional Cisco IPv4 OSPF, you needed an OSPF router process network statement that would "cover" a secondary IP address.

With the later Cisco OSPF interface option to activate OSPF on the interface, if that's being done, it very well may pick up all secondary IPs too.   I've used that later option, but haven't tried, or researched, how it works, or not, when secondary IPs are defined too.

If you wish, I can lab up both configurations in CML and see what happens.  At the moment, I'm responding on my phone, away from my PC, but I could try this later today.  Let me know if you desire that.

well, I would be very grateful if you are willing to help to simulate, or I actually want to try a simulation before implementing it, what I know is that trying in packet tracer does not support secondary ip addresses, in my office I have 3 sites, there is 1 production site that has implemented a secondary ip that I see does not need to add ospf, I also want to confirm that the secondary ip will not be made dhcp, this focuses because the primary ip address is almost used up and does not want to change the primary ip and does not want to change the new vlan, so the only way is to only use the secondary ip, right? and if it is like that, is it simple, just change int vlan (x) and add the secondary ip address and then it can be used? no need to add a route on the same network, right?

A secondary could be rather useless unless it's added to your routing domain.

Yes, adding it, as a secondary is simple, but besides potential routing and DHCP issues, other issues may arise, often security related, such as a new subnet being unknown to applicable ACLs to unknown to particular servers that care about what networks hosts reside on.

How I generally used secondaries for transition purposes, I define a new subnet to become a replacement for the existing subnet, use it as the primary, and make the former primary the secondary.

As it usually easy to get the secondary into OSPF, once that's accomplished, existing hosts usually continue to work fine until their IP is changed, but either that doesn't happen until a manual IP changbper host, or new DHCP IP assignment.  Both, usually, allow transition over some time.  Hopefully, long enough to insure new subnet works correctly.

If you find you have major issues with new subnet, swap it back as primary.

Later today, I'll soon up my CML, and check getting secondary into OSPF.

spun up CML - results:

As I recalled, "classical" Cisco OSPF IPv4 router process requires a network statement to include secondaries.

The newer OSPF interface command, by default (and as I suspected), includes all secondaries, but it also provides an optional parameter to excludes all secondaries.

So, it appears, only with the classical OSPF network statement, might you be selective in placing secondaries into OSPF and the network statement could also be selective in choosing area assignment too (haven't tested the latter with secondaries).

Joseph

Thanks for testing and letting us know the results (as expected need network statement for secondary addresses). I am a bit puzzled at your suggestion that perhaps the area for secondary might be different. How could that work? Since OSPF neighbor negotiation uses the primary address (and primary area) all neighbors would be in the first area. How would a second area function?

Rick, great question, and something I suspect but haven't tried.

However, as the adjacency is established on the primary, I would expect the secondary would be advertised, to OSPF, like just another edge interface, or perhaps like an edge sub interface.

Later today, I'll spin up CML again, and find out whether it appears to work or not.

Rick, again, good question and glad you brought it up.

Could not get secondary defined in a different area, than primary, advertised.  BTW, no error message shown during CLI configuration, on console or syslog.

I suspect the issue is, the secondary is "known" not to be its own interface, including logically, like in the case of a subinterface, so Cisco's OSPF won't allow it into any area other then the primary address's area.

I'm unsure whether allowing this would actually conflict with OSPF RFCs, or whether it's just a case that there's an assumption no one would ever need to do this.

As I mentioned in my "result" reply, if you use the newer interface OSPF assignment, including secondaries is an all or none option, so when using that option, you don't have an option to selectively choose what secondaries you want to place into OSPF, i.e. similar mindset.

As an aside, while looking over the OSPF commands, there's a (newer ?) OSPF interface command, ip ospf multi-area, which I never have used, and looking into it, made me wonder whether it might allow this to work.

Using that command, I was still unable to get a secondary IP advertised using a network statement's different area, but, interestingly, I was able to ping the secondary IP, on the other router, even though it didn't show in the local router's route table!!!

I thought those questions had been answered.  Possibility, the additional information I provided confused.

To recap:

Yes, you can add a secondary and have it advertised within OSPF.  However, this isn't recommended as a long term solution.

okay, thanks for the confirmation, there is one thing I might ask, if it is not good for the long term, what are the future concerns that cause it to be not good for the long term? and if it happens in the future is there a solution?