- Enterasys Security Router User's Guide
General IP Features
5-8 Configuring IP
An XSR interface can support one primary IP address and multiple secondary IP addresses.
Including all XSR interfaces, the total of supported secondary IP addresses allowed depends on
the amount of the installed memory, although at present ten secondary IP addresses are
supported despite the memory size. All system interfaces share the pool of secondary addresses.
For example, if FastEthernet 1 uses eight secondary addresses, FastEthernet 2 is allowed no more
than two secondary addresses.
Secondary IP is subject to the following rules:
• Primary and secondary IP addresses on the same interface are not allowed to exist in the same
subnet, nor allowed to exist in the same subnets already occupied by other interfaces.
• Packets generated by the XSR, except the route update packet, are always sourced by the IP
address of the outgoing interface which is in the same subnet as the IP address of the next-hop
the packet should be forwarded to.
• All routers on the same segment should share the primary network number or some
protocols, such as OSPF, may not work properly.
• If any router on a network segment uses a secondary address, all other devices on the same
segment must also use a secondary address from the same network or subnet. Inconsistent use
of secondary addresses on a network segment can quickly cause routing loops.
• Specify the primary IP address before any secondary IP addresses on the same interface.
Conversely, before deleting a primary address, all secondary IP addresses should be removed.
• You can configure OSPF, RIP or static routes on each primary and secondary IP address.
• A secondary IP address is configured using the
ip address secondary command.
ARP & Secondary IP
For each IP address configured on the interface, including primary and secondary IP addresses,
the corresponding static ARP entry should be maintained in the static ARP table. Primary and
secondary IP addresses on the same interface share the same MAC address of the interface.
When an ARP request is received, the destination IP address in the ARP packet will be checked
against the primary IP and all secondary IP addresses. If found, an ARP reply will be sent back
with the MAC address of the interface. When sending an ARP request, the source IP address used
in the ARP packet should be on the same subnet as the destination IP.
ICMP & Secondary IP
When ICMP Echo packets are received by the XSR, the destination IP address is checked against
all configured IP addresses including primary and secondary addresses. Any ICMP Echo packet
addressed to the subnet broadcast addresses will be dropped without returning a response.
ICMP Echo Replies are generated by swapping the destination and source IP addresses in the
received ICMP Echo packets.
By default, ICMP Echo packets generated by the XSR’s
ping command will be sourced by the IP
address of the outgoing interface which is in the same subnet as the IP address of the next-hop the
ICMP packet should be forwarded to.
When ICMP Mask request packets are received, the destination IP address will be matched
against the entire subnet network associated with the primary and secondary IP addresses. The
matched IP address will then be used as the source IP address of the reply packet.