Configure secondary IP address on Vyos

IvoC · December 28, 2017, 3:15pm

Hello everybody… networking is not my job so my simple question is aimed to the experts …
Can Vyos do the following? (copied from a Cisco router config)

interface FastEthernet4
ip address 1.2.3.4 255.255.255.0 secondary
ip address 1.2.3.5 255.255.255.0

In other words… handle a secondary ip on the same NIC ?

[color=#444444]I found this on the forum which only offers a partial instruction [/color][color=#13679a][font=-apple-system, BlinkMacSystemFont, Roboto,]forum.vyos.net/showthread.php?tid=6850[/font][/color][color=#444444] and eventually the problem was solved putting a second NIC which is not my requirement.[/color]

pirateghost · December 28, 2017, 4:40pm

It is as simple as “set interfaces ethernet eth1 address ‘192.168.0.1/24’”

IvoC · December 28, 2017, 5:33pm

Sorry… not so simple. Everything said in this link http://forum.vyos.net/showthread.php?tid=6850 is true but the solution is not my requirement. I need one nic to handle a secondary public IP.
Can someone post a detailed config to do this?

pirateghost · December 28, 2017, 6:53pm

Well, according to the VYATTA documentation that I have, it is that simple. You just add the second IP address on it. You asked if VyOS could do it, and it can. You haven’t even tried it? How do you know it won’t work? You are basing your claim off one old post? Weird.

IvoC · December 28, 2017, 7:15pm

Tried yesterday. The old post still rules.
Your quote ‘It is as simple as “set interfaces ethernet eth1 address ‘192.168.0.1/24’”’ works on a LAN. But I am talking about public IPs provided by my ISP.
Like this:

interfaces {
ethernet eth0 {
address 1.2.3.4/24
address 1.2.3.5/24
hw-id 00:0c:29:44:3b:0f
}
loopback lo {
}
}
system gateway-address 1.2.3.1

If you ping 1.2.3.4 from outer internet you have a reply from first adrress but nothing pinging on the second one.

pirateghost · December 29, 2017, 3:32am

shouldn’t those be 1.2.3.4/32 and 1.2.3.5/32?

IvoC · December 30, 2017, 6:40pm

No. CIDR is 24. IPs are assigned on MAC address basis.

chpalmer · December 30, 2017, 11:34pm

This is something Ive been trying to figure out myself… With pfSense this would be a Virtual Address… I have this successfully on my pfSense here.

From my config file-

ipalias
wan
59xxx3xx26xxx

single
<subnet_bits>32</subnet_bits>
24.xxx.xxx.000

How that translates Im not sure yet…

IvoC · December 31, 2017, 1:15pm

Thanks chpalmer.
On my Cisco 870 is even easier:

interface FastEthernet4
ip address 1.2.3.5 255.255.255.0 secondary
ip address 1.2.3.4 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto

Still waiting for someone showing how this could be achieved in Vyos.

netarchitect · January 5, 2018, 12:36am

It really depends upon what you’re looking for out of that secondary IP. VyOS only responds to pings on the first IP address without additional configuration. Additional IP addresses assigned are still available for use but you won’t get a ping response from them unless you explicitly add NAT rules to direct the traffic to something to respond. After adding additional IP addresses on the WAN facing nic you can still use those to NAT to/from various resources behind your vyos router. Here’s a sample config that I use from some production routers I run. Hopefully this helps.

interfaces ethernet eth0 {
address 1.1.1.2/24
address 1.1.1.3/24
address 1.1.1.4/24
firewall {
in {
name outside_in
}
local {
name router_in
}
}
}

protocols {
static {
route 0.0.0.0/0 {
next-hop 1.1.1.1 {
}
}
}
}

nat {
source {
rule 21 {
outbound-interface eth0
source {
address 10.100.100.13
}
translation {
address 1.1.1.3
}
}
rule 9999 {
outbound-interface eth0
source {
address 10.100.100.0/21
}
translation {
address masquerade
}
}
}

nat {
destination {
rule 1 {
destination {
address 1.1.1.2
}
inbound-interface eth0
translation {
address 10.100.100.4
}
}
rule 2 {
destination {
address 1.1.1.3
}
inbound-interface eth0
translation {
address 10.100.100.13
}
}
}
}

IvoC · January 5, 2018, 11:42pm

Solved.
For benefit of all you guys… Vyos does reply pings on every IP declared here…

interfaces ethernet eth0 {
address 1.1.1.2/24
address 1.1.1.3/24
address 1.1.1.4/24

The problem I had was simply a misconfiguration on my ISP’s side who didn’t reset the second IP to be assigned to the new MAC address of my newly installed box.
However system gateway-address must to be declared on Vyos configuration for internet access. After that no need to do something special on routes .
And NAT translations remain just the same as I had on my CISCO router.

Cheers

system · October 21, 2018, 7:04am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.