Sometimes it is neccesary to configure a network interface to listen on more than one IP (for example, web servers containing multiple SSL certificates…)
After adding the new secondary IPs, If not explicitly avoided, outgoing traffic can be generated also by these instead of only by the primary. These can lead to connection errors (for example firewall receiving unexpected IPs instead of the primary).
There are multiple methods to add new IPs to an interface:
Network configuration GUI
But this method creates the interface with the “SkipAsSource” attribute as “false” by default. That means this IP can be used for outgoing traffic.
CMD Command (Netsh)
Netsh int ipv4 add address <Interface> <IP Addr> [<Netmask>] [skipassource=true]
As you can see, the value of the skipassource attribute can be configured, avoiding outgoing traffic. For example:
C:\> Netsh int ipv4 add address Ethernet1 10.0.1.50 255.255.255.0 skipassource=true
Powershell Commands (Get_Set_New-NetIPAddress)
The Get-NetIPAddress can show the list of IPAddresses and their attributes:
PS C:\> Get-NetIPAddress | fl IPAddress, InterfaceAlias, SkipAsSource IPAddress InterfaceAlias SkipAsSource --------- -------------- ------------ 10.0.0.50 Ethernet1 False 10.0.1.50 Ethernet1 False 127.0.0.1 Loopback Pseudo-Interface 1 False
This command was executed on a computer with a primary IP (10.0.0.50) and a secondary one (10.0.1.50) created using the GUI (so the SkipAsSource parameter value is False):
The Set-NetIpAddress allow to change attributes of the configured IP addresses.
For example, to change the attribute of the secondary one
PS C:\> Get-NetIPAddress 10.0.1.50 | Set-NetIPAddress -SkipAsSource $True
The New-NetIpAddress is used to add additional IP addresses to an interface and allows setting the SkipAsSource value during creation:
New-NetIPAddress –IPAddress <IP Addr> –InterfaceAlias “<Interface>” <–SkipAsSource $True>
PS C:\> New-NetIPAddress –IPAddress 10.0.2.50 –InterfaceAlias “Ethernet1” –SkipAsSource $True