Cisco routers have long offered different ways of addressing their interfaces. In this tip, we'll look at the differences, and when you might or might not want to use these.
The first method is the one with which everyone is familiar. Simply using the ip address command from the interface configuration prompt assigns a single IP address to the interfaces, and the mask parameter lets the router know what the subnet is.
The second method, often called multinetting is when you put two or more IP subnets in the same broadcast domain. This is accomplished by using the same ip address command, but adding the secondary keyword at the end of the second and following statements. (i.e. if you have 3 subnets on the same broadcast domain, you still use secondary at the end of the third statement, and not third or tertiary)
The last method we'll discuss is the subinterface. Long ago, this was useful for Frame-relay and ATM PVCs on the WAN, where the layer 2 technology provided virtual circuits that needed to be in separate IP subnets, but were physically connected to a single interface. Later, this became popular on LAN interfaces with the advent of VLAN trunking. It is the same concept. These are usually configured like regular interfaces, but you go into the interface by using a "." and choosing a number. For instance, interface Serial0.1. In VLAN trunking, the number after the "." corresponds to the VLAN.
As to when you'd want to use these, the vast majority of interfaces are going to be configured with a single IP subnet. But, in the past, it would be common to find a regular router with one trunked interface routing between VLANs, but due to high performance and the relatively low price of layer 3 switches (which commonly use the interface vlan configuration instead), this is rare today. Still, it may be useful in small offices, or in places you need Access-control lists more than performance.
Multinetting has traditionally been used as a path-of-least-resistance upgrade option when you size a subnet wrong. For instance, you assign a /28 IP subnet to a group of servers, and then the number of servers doubles. Rather than reassigning a /27 and giving all the servers new IP addresses, you can easily assign another /28 to the same interface using the secondary keyword. Generally speaking though, this is a very bad idea and multinetting in this instance is frowned upon.
There are three gotchas here. Years ago, when this was common practice, it was discouraged because of the large number of broadcasts. Remember, we're just adding logical subnets to the same broadcast domain in both instances. That means, a PC on one subnet will receive and process broadcasts from both subnets, even though broadcasts from the other subnet will be quickly discarded. With IPX and Appletalk mostly history, broadcasts aren't much of a problem anymore, but it bears watching. Today, just remember that your port buffers are finite. It's the total amount of traffic that you have to watch. Finally, remember that some routing protocols don't work using secondary addresses, so if you're trying to do a migration after your company acquired another, you'll want to thoroughly test to make sure you can form neighbor relationships.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.
