Solved: Secondary VLAN IP

Johnson_Mo · ‎01-21-2024

dear Team,

I have configured secondary vlan ip on sw -1

vlan 11

ip add 1.1.1.1/24

ip add 2.2.2.1/24 secondary

on sw2:

vlan 14

ip add 3.3.3.1/24

switches are connected via OSPF

I have a PC on vlan 11 (sw1) with secondary IP 2.2.2.2/24 2.2.2.1

2.2.2.2 is not pingable and reachable from vlan 14 unless I adv secondary net under ospf.

is this normal behavior?

thanks

liviu.gheorghe · ‎01-21-2024

Both your switches are also L3 devices running OSPF on interface Gi0/0 of both switches and interface Vlan11 on SW1 and interface Vlan14 on SW2.

If you want to advertise in OSPF the secondary ip subnet from interface Vlan11, 2.2.2.0/24, you would have to enable it specifically on interface Vlan11 with the interface command: "ip ospf 1 area 0".

Otherwise, OSPF is enabled by the network command only on primary IP's of an interface.

This is the normal behaviour of OSPF.

Regards, LG
*** Please Rate All Helpful Responses ***

View solution in original post

liviu.gheorghe · ‎01-21-2024

Hello @Johnson_Mo ,

Vlans are a Layer 2 technology designed to segment a network into smaller broadcast domains.

In order for 2 vlans to communicate, you need a router - a Layer 3 device, with interfaces connected in both vlans in order to facilitate communication between vlans.

Without a router, the normal behaviour is to not have communications between vlans.

Regards, LG
*** Please Rate All Helpful Responses ***

Joseph W. Doherty · ‎01-21-2024

I suspect/believe it's normal behavior. Secondary IPs don't work the same, for some situations, as the primary IP does. For example, I recall, you cannot form an OSPF adjacency using a secondary IP.

By default, traditionally, you needed to have an OSPF network statement cover the primary IP to have it advertised in OSPF. (Of course, there are a couple of other methods to get the primary IP into OSPF, for example redistribute connected or the later interface "ip ospf # area #" command.) You're not using an OSPF network statement for the primary IP?

liviu.gheorghe · ‎01-21-2024

You are correct about how OSPF forms adjacencies and how you enable an OSPF process on different interfaces/IP's.

Looking at the topology you provided, I see only a L2 network - a couple of L2 switches with SVI's configured. I don't see any L3 device capable of routing between vlans. It probably is there somewhere, but I don't know where.

Regards, LG
*** Please Rate All Helpful Responses ***

Johnson_Mo · ‎01-21-2024

it is L3 switch with OSPF enabled.

Johnson_Mo · ‎01-21-2024

I do have the network adv for the primary network. however the secondary net is not pingable or reachable, but when adding net adv statement under ospf for the seondary ip, it works.

liviu.gheorghe · ‎01-21-2024

Can you provide an updated topology for your network to reflect where is your L3 device running OSPF?

Regards, LG
*** Please Rate All Helpful Responses ***

Johnson_Mo · ‎01-21-2024

SW1:
interface GigabitEthernet0/0
no switchport
ip address 192.168.1.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/1
switchport access vlan 11
switchport mode access
media-type rj45
negotiation auto
!

interface Vlan11
ip address 2.2.2.1 255.255.255.0 secondary
ip address 1.1.1.1 255.255.255.0
!
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0

SW2:
interface GigabitEthernet0/0
no switchport
ip address 192.168.1.2 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/1
switchport access vlan 14
switchport mode access
media-type rj45
negotiation auto
!
interface Vlan14
ip address 3.3.3.1 255.255.255.0
!
router ospf 1
network 3.3.3.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0

liviu.gheorghe · ‎01-21-2024

Both your switches are also L3 devices running OSPF on interface Gi0/0 of both switches and interface Vlan11 on SW1 and interface Vlan14 on SW2.

If you want to advertise in OSPF the secondary ip subnet from interface Vlan11, 2.2.2.0/24, you would have to enable it specifically on interface Vlan11 with the interface command: "ip ospf 1 area 0".

Otherwise, OSPF is enabled by the network command only on primary IP's of an interface.

This is the normal behaviour of OSPF.

Regards, LG
*** Please Rate All Helpful Responses ***

Johnson_Mo · ‎01-21-2024

thanks for info boss. I though anything in and out traffic regarding secondary network will be routed via primary.

Joseph W. Doherty · ‎01-21-2024

@Johnson_Mo wrote:

I do have the network adv for the primary network. however the secondary net is not pingable or reachable, but when adding net adv statement under ospf for the seondary ip, it works.

Now, possibly, an unnecessary response, but yes, that's expected behavior.

OSPF network statements match interface IPs (like ACLs).

However, as an OSPF network statement matches interface IPs, you need to match the secondary IP(s) too, but the doesn't mean you need additional OSPF network statements, as a single OSPF network statement can match multiple interface IPs.

I mention this, because often sometimes some engineers believe the OSPF network statement mask needs to match the interface's IP mask.

For example, this is fine:

interface GigabitEthernet0/0
 ip address 192.168.1.2 255.255.255.0

interface Vlan14
 ip address 3.3.3.1 255.255.255.0

router ospf 1
 network 3.3.3.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 0

But the following would do the same:

interface GigabitEthernet0/0
 ip address 192.168.1.2 255.255.255.0

interface Vlan14
 ip address 3.3.3.1 255.255.255.0

router ospf 1
 network 3.3.3.1 0.0.0.0 area 0
 network 192.168.1.2 0.0.0.0 area 0

And the following should work on either L3 switch and pick up the secondary IP too!

router ospf 1
 network 0.0.0.0 255.255.255.255 area 0