I’ve got a 1700 configured with a secondary interface, not a subinterface, ala;
conf t
int f0
ip add 192.168.1.1 255.255.255.0
ip add 192.168.2.1 255.255.255.0 secondary
Basically, I didn’t know what the hell I was doing when I originally set it up, and I’ve since been informed that this configuration is probably a Bad Idea. To wit, the secondary address doesn’t show up if you do a sh int, and somebody else looking at the configuration would never know about it unless they happened to look at the routing table.
Oh well. At the time, getting it to work was more important than getting it right.
In the intervening few months, I’ve learned a bit more IOS, and I’d like to reconfigure it to use subinterfaces. It’s important to maintain uptime on the primary (.1).
So I’ve got a few questions:
[ul]
[li]How the hell do I delete/shut down the secondary interface without taking down the primary? Or, for that matter, how do I just view the running config on the secondary?[/li][li]Will I have problems leaving the primary alone as a parent interface (f0), and just creating my new subinterface (f0.1) underneath it? In Linux, having eth0 and eth0:1 is supposed to be okey-dokey, but I dunno about Cisco.[/li][/ul]
First things first: The “IP address x.x.x.x x.x.xx secondary” command doesn’t actually add an interface, it just gives the existing interface one or more additional IP address(es) to respond to. Which is why the “show interface” doesn’t list it as a separate interface.
So, to answer the first question: You should be able to remove the additional IP address safely by using the “no” form of the command: "no ip add 192.168.2.1 255.255.255.0 secondary ". I just tried it on a lab router and I’m reasonably sure, but no guarantees are offered…
As for the second question: Yeah, you’ll run into problems. Cisco assumes that when you start configuring a router with Ethernet subinterfaces with separate IP addresses, it’s because you want to terminate a VLAN trunk on the interface - each subinterface will correspond to a VLAN on the trunk. I assume this is not the intention here - I guess it could be made to work, depending on the network topology and the type of switch connecting to the router, but that’s a bit of redesign and the primary would definitely not stay connected.
If the original config works, I’d leave it be. It’s not the Best Practice, but Cisco made the command available for a reason. As long as it’s understood that it’s not a new interface, just an additional IP address on the existing one.
Doh! Most of the tutorials I’ve read are pretty good about getting you up and running, but they don’t offer much guidance when you screw up. Thanks.
Gotcha. This is an edge router for one of our T1’s, for which we’ve been given two /28’s by the ISP. We’re currently only really using one in production, but we wanted to bring the second up for testing purposes. I was just trying to split out the test subnet to route it through a seperate firewall. We’re not VLANing; we’ve got an old HP switch sitting between (among?) the router, the production PIX, and the test iptables box.
That’s the kind of answer I like to hear. I assume the Best Practice is not to buy your production router off of eBay, and don’t cheap out on the interfaces, but try telling that to my boss. We’ve got some downtime scheduled in a couple of weeks, so I may go ahead and poke at it, knowing as I do now that I can roll it back. Thanks.