Sometimes it is neccesary to configure a network interface to listen on more than one IP (for example, web servers containing multiple SSL certificates…)

Add secondary IP addresses to interface



After adding the new secondary IPs, If not explicitly avoided, outgoing traffic can be generated also by these instead of only by the primary. These can lead to connection errors (for example firewall receiving unexpected IPs instead of the primary).

Add secondary IP addresses to interface


There are multiple methods to add new IPs to an interface:

Network configuration GUI

The usual method in the “Network and sharing center” – “Change adapter settings” section.
Inside the interface properties, “Internet Protocol Version 4 (TCP/IPv4)” properties, “Advanced…”

Add secondary IP addresses to interface

But this method creates the interface with the “SkipAsSource” attribute as “false” by default. That means this IP can be used for outgoing traffic.

CMD Command (Netsh)

Netsh int ipv4 add address <Interface> <IP Addr> [<Netmask>] [skipassource=true]

As you can see, the value of the skipassource attribute can be configured, avoiding outgoing traffic. For example:

C:\> Netsh int ipv4 add address Ethernet1 10.0.1.50 255.255.255.0 skipassource=true

Powershell Commands (Get_Set_New-NetIPAddress)

Get-NetIPAddress

The Get-NetIPAddress can show the list of IPAddresses and their attributes:

PS C:\> Get-NetIPAddress | ft IPAddress, InterfaceAlias, SkipAsSource

IPAddress       InterfaceAlias                SkipAsSource
---------       --------------                ------------
10.0.0.50       Ethernet1                     False
10.0.1.50       Ethernet1                     False
127.0.0.1       Loopback Pseudo-Interface 1   False

This command was executed on a computer with a primary IP (10.0.0.50) and a secondary one (10.0.1.50) created using the GUI (so the SkipAsSource parameter value is False):

Set-NetIpAddress

The Set-NetIpAddress allow to change attributes of the configured IP addresses.
For example, to change the attribute of the secondary one:

PS C:\> Get-NetIPAddress 10.0.1.50 | Set-NetIPAddress -SkipAsSource $True

New-NetIpAddress

The New-NetIpAddress is used to add additional IP addresses to an interface and allows setting the SkipAsSource value during creation:

New-NetIPAddress –IPAddress <IP Addr> –InterfaceAlias “<Interface>” <–SkipAsSource $True>

For example:

PS C:\> New-NetIPAddress –IPAddress 10.0.2.50 –InterfaceAlias “Ethernet1” –SkipAsSource $True