Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6765
Views
0
Helpful
1
Replies

Secondary IP address on vlan interface

lateefwalana
Level 1
Level 1

‎11-21-2013 06:58 AM - edited ‎03-07-2019 04:43 PM

Hi folks,

If i take off secondary ip address of interface vlan 1, most PCs looses network connection.

All the PC's/Servers are pointing to 172.17.0.250 for their default gateway and have ip address from the same range 172.17.0.0/16

here is what we got.

Two 3750 stacks, serving as core switches for our network. All the workstations (1000) and some servers (20) are on VLAN 1 (I know how this sounds but beleive me it wasn't me who designed it and i am currentlly in a process to segment that).Sswitch1, under interface vlan 1 we  two address. Please find config below

Switch 1

interface Vlan1

ip address 195.69.0.253 255.255.255.0 secondary

ip address 172.17.0.234 255.255.0.0

ip helper-address 10.0.17.2

ip helper-address 10.8.4.1

no ip redirects

ip directed-broadcast 101

ip pim dense-mode

ip igmp query-interval 125

ntp broadcast client

standby 11 ip 172.17.0.250

standby 11 ip 195.69.0.250 secondary

standby 11 priority 110

standby 11 preempt

end

Switch 2

interface Vlan1

ip address 172.17.0.233 255.255.0.0

ip helper-address 10.8.4.6

ip helper-address 10.0.17.62

no ip redirects

ip pim dense-mode

ntp broadcast client

standby 11 ip 172.17.0.250

standby 11 ip 195.69.0.250 secondary

standby 11 preempt

end

Thank you in advance for comments and suggestions

Walana

"Love is the bridge between you and everything" - Rumi
Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎11-25-2013 11:48 AM

Walana

If most PCs lose their network connection when you remove the secondary address then it makes me think that the statement that all hosts have addresses in 172.17.0.0 is probably not true. Or if it is not true then there must be some service that they require that is in 195.69.0.0/24. the output of show arp | include 195.169.0 might be helpful in figuring this out.

I also find it very odd to have a primary address in private address space and to have a public registered address as secondary address on the same interface. This sort of suggests that inside and outside are both on the same interface.  And maybe that suggests some reason why PCs lose connection if you remove the secondary address.

I also note that having a secondary address on the vlan interface of one switch and not having the address on the vlan interface of the other switch is not a good practice.

Perhaps if you post the output of how ip route we might learn something useful about this problem.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card