?
Solved

subinterfaces Vs secondary interfaces

Posted on 2005-03-25
6
Medium Priority
?
476 Views
Last Modified: 2010-04-17
At my old place of employment , we had 2 VLANs. We used secondary interfaces on a cisco 4000 router to do intervlan routing.

My question is, why didnt the network admins use subuinterfaces instead? Whats the pros and cons of secondary vs sub?

ps: 4000 router was running Cat 0S (is Cat0S an older Cisco operating system? Is IOS replacing it???)

Thanks
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 11

Assisted Solution

by:-Leo-
-Leo- earned 800 total points
ID: 13635259
Cisco 4000 - switch, not the router.  CAT OS - old version of IOS for Cisco Catalyst switches.
You can read here about configuring VLAN trunking between switches running CAT OS: http://www.cisco.com/en/US/tech/tk389/tk390/technologies_configuration_example09186a0080094637.shtml
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1200 total points
ID: 13636014
There was a 4000 series router, but it cannot, never did, run Cat OS
Thre is a 4000 series Catalyst switch chassis, that you can put L3 capabilities into. This typically uses another card that you session into and actually runs IOS.
That said.....
Let's look at the two types of configurations:

<secondary>

  Interface Fast 0/0
    ip address 1.2.3.4 255.255.255.255
    ip address 4.5.6.7 255.255.255.255 secondary
    ip address 5.6.7.8 255.255.255.255 secondary
    ip address 192.168.111.1 255.255.255.255 secondary
 <etc>

<sub-interfaces>
   Interface Fast 0/0
    ip address 1.2.3.4 255.255.255.255
  Interface Fast 0/0.1
    encap dot1q 2
    ip address 4.5.6.7 255.255.255.255
  Interface Fast 0/0.2
   encap dot1q 3
    ip address 5.6.7.8 255.255.255.255
  Interface Fast 0/0.3
   encap dot1q 4
   ip address 192.168.111.1 255.255.255.255
   ip nat inside

<etc>

- While secondary addressing allows hosts on the same interface to communicate at Layer 3, it does nothing to stop broadcast or non-l3 protocols from communicating. You cannot put an access-list on the interface that would prevent one subnet from talking to another
- With sub-interfaces, you have to use VLAN's on the switch. VLANs are segregating traffic at layer 2 so not even broadcast protocols can communicate.
- Sub-interfaces act just like physical interfaces. You can use NAT on select interfaces, you can put access-lists in/out on select interfaces, and the interfaces actually go up/down as snmp trap events to help manage the network.

HTH!
0
 

Author Comment

by:dissolved
ID: 13636237
thanks!
0
Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

 
LVL 13

Expert Comment

by:Dr-IP
ID: 13636314
The only real advantages of secondary interfaces I see is almost every Cisco router supports it, and you don’t need a switch that does trunking and VLAN”s to use it. The real disadvantage as lrmoore pointed out, there really is no separation of networks, which creates both performance and security issues. So sub interfaces is the least desirable method and only should be used when there are no other choices.    
0
 

Author Comment

by:dissolved
ID: 13636435
"and you don’t need a switch that does trunking and VLAN”s to use it."

Can you elaborate on this?  Do you mean that you can have different hosts (in different subnets), connected to the same switch......and they will still be able to use the secondary interfaces without the need of trunking?

But... can the different subnets speak to each other using secondary interfaces?
thanks
0
 
LVL 13

Expert Comment

by:Dr-IP
ID: 13637721
Yes you can have hosts on two subnets and they can communicate between the two subnets using the secondary interfaces, and not trunking or VLAN's are needed.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question