Secondary IP Address [Explained & Configuration]
Secondary IPs are used to have multiple subnets in the same interface VLAN/Physical Interface.
The keyword secondary allows you to specify an unlimited number of secondary addresses. Secondary addresses are treated like primary addresses, except the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts and ARP requests are handled properly, as are interface routes in the IP routing table.
Secondary IP addresses can be used in a variety of situations. The following are the most common applications:
- There may not be enough host addresses for a particular network segment. For example, your subnetting allows up to 254 hosts per logical subnet, but on one physical subnet you need to have 300 host addresses. Using secondary IP addresses on the routers or access servers allows you to have two logical subnets using one physical subnet.
- Many older networks were built using Level 2 bridges. The judicious use of secondary addresses can aid in the transition to a subnetted, router-based network. Routers on an older, bridged segment can be easily made aware that there are many subnets on that segment.
- Two subnets of a single network might otherwise be separated by another network. This situation is not permitted when subnets are in use. In these instances, the first network is extended, or layered on top of the second network using secondary addresses.
Example:
In the following example, 131.108.1.27 is the primary address and 192.31.7.17 and 192.31.8.17 are secondary addresses for Ethernet interface 0:
interface ethernet 0
ip address 131.108.1.27 255.255.255.0
ip address 192.31.7.17 255.255.255.0 secondary
ip address 192.31.8.17 255.255.255.0 secondary
Ref:
https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/ip_address.html
Notes:
Both primary IP and secondary IP can be configured on an interface (VLAN interface or physical interface) and both primary IP and secondary IP can be the default gateway for clients in their respective subnets. In those senses they are equal. But if you do a ping or a traceroute from the interface it will always use the primary IP and not the secondary IP as the source address. If you run a routing protocol like EIGRP or OSPF on the interface it will use the primary address to form a neighbor relationship and not use the secondary IP. In those senses, they are not equal.
Ref: Richard Burts
This concept is well explained in this video: