I have a following scenario
I have a DMZ interface of a firewall configured as a promiscuous port on a 4500 switch with primary vlan being 100, isolated as 101 and community as 102-107. It covers a huge subnet of /21.
Now, I need to separate out the DMZ interface into 2 and one for http DMZ and the other for remote access DMZ each with a /22.
I am planning to change the mask on the existing interface on the firewall from /21 to /22 and bring up a new interface and assign an address on the next /22.
I also want to configure that new interface as a premiscuous port (this will be second promiscuous port ) and allocate vlan 108 for primary, 109 for isolated and 110-113 for community.
I think this config should not create any problems. Will this work?