• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 525
  • Last Modified:

subinterfaces Vs secondary interfaces

At my old place of employment , we had 2 VLANs. We used secondary interfaces on a cisco 4000 router to do intervlan routing.

My question is, why didnt the network admins use subuinterfaces instead? Whats the pros and cons of secondary vs sub?

ps: 4000 router was running Cat 0S (is Cat0S an older Cisco operating system? Is IOS replacing it???)

Thanks
0
dissolved
Asked:
dissolved
2 Solutions
 
-Leo-Commented:
Cisco 4000 - switch, not the router.  CAT OS - old version of IOS for Cisco Catalyst switches.
You can read here about configuring VLAN trunking between switches running CAT OS: http://www.cisco.com/en/US/tech/tk389/tk390/technologies_configuration_example09186a0080094637.shtml
0
 
lrmooreCommented:
There was a 4000 series router, but it cannot, never did, run Cat OS
Thre is a 4000 series Catalyst switch chassis, that you can put L3 capabilities into. This typically uses another card that you session into and actually runs IOS.
That said.....
Let's look at the two types of configurations:

<secondary>

  Interface Fast 0/0
    ip address 1.2.3.4 255.255.255.255
    ip address 4.5.6.7 255.255.255.255 secondary
    ip address 5.6.7.8 255.255.255.255 secondary
    ip address 192.168.111.1 255.255.255.255 secondary
 <etc>

<sub-interfaces>
   Interface Fast 0/0
    ip address 1.2.3.4 255.255.255.255
  Interface Fast 0/0.1
    encap dot1q 2
    ip address 4.5.6.7 255.255.255.255
  Interface Fast 0/0.2
   encap dot1q 3
    ip address 5.6.7.8 255.255.255.255
  Interface Fast 0/0.3
   encap dot1q 4
   ip address 192.168.111.1 255.255.255.255
   ip nat inside

<etc>

- While secondary addressing allows hosts on the same interface to communicate at Layer 3, it does nothing to stop broadcast or non-l3 protocols from communicating. You cannot put an access-list on the interface that would prevent one subnet from talking to another
- With sub-interfaces, you have to use VLAN's on the switch. VLANs are segregating traffic at layer 2 so not even broadcast protocols can communicate.
- Sub-interfaces act just like physical interfaces. You can use NAT on select interfaces, you can put access-lists in/out on select interfaces, and the interfaces actually go up/down as snmp trap events to help manage the network.

HTH!
0
 
dissolvedAuthor Commented:
thanks!
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Dr-IPCommented:
The only real advantages of secondary interfaces I see is almost every Cisco router supports it, and you don’t need a switch that does trunking and VLAN”s to use it. The real disadvantage as lrmoore pointed out, there really is no separation of networks, which creates both performance and security issues. So sub interfaces is the least desirable method and only should be used when there are no other choices.    
0
 
dissolvedAuthor Commented:
"and you don’t need a switch that does trunking and VLAN”s to use it."

Can you elaborate on this?  Do you mean that you can have different hosts (in different subnets), connected to the same switch......and they will still be able to use the secondary interfaces without the need of trunking?

But... can the different subnets speak to each other using secondary interfaces?
thanks
0
 
Dr-IPCommented:
Yes you can have hosts on two subnets and they can communicate between the two subnets using the secondary interfaces, and not trunking or VLAN's are needed.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now