cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
400
Views
0
Helpful
4
Replies

Workaround for Secondary IPs

rsvensson
Level 1
Level 1

I have some equipment that does not support secondary IPs (not Cisco [sorry didn't know where else to go]). Is there a possible workaround for this? The device is a L3 switch, so I can create SVIs, but I am afraid that may not work...Any thoughts?

Here's the situation:

Currently using an EOL (POS) firewall/router as the corporate routing device. I want to replace, however, the current device is using numerous secondary IP addresses (ran out of the primary), and the L3 switch that I have does not support secondary IPs (at least not that I have noticed from the CLI and from looking online). I was looking for a way to replace the current router with the switch without having to re-ip the machines. Obviously, this is no where near the ideal solution, but mgmt wants this done ASAP.

Thanks,

Richard

4 Replies 4

John Blakley
VIP Alumni
VIP Alumni

Not Cisco? Well, you can create an SVI, assign an address, and then change your devices gateway to point to it. I'm not sure what you're trying to do though.

--John

HTH, John *** Please rate all useful posts ***

John,

What I am trying to do is to have two separate machines on two different subnets be able to get to communicate. Seems simple and basic, but I do not know what ports on the L2 switches need to be in what VLAN(s), since the ports on the L2 switches goto both subnets with no documentation. Currently, the L2 switches uplink to another L2 switch, that uplinks to the EOL firwall/router on one port. That one port is using secondary IP addresses.

I don't know exactly what I want to do, but I need to be able to have the machines on the separate ip schemes to be able to communicate with each other.

I have thought about using the PVID, however, that will only work for one of the subnets, since the SVI only supports a primary IP address.

I hope this clarifies more than confuses,

Richard

If you create SVIs you will need to add proper routing in the firewall/router, but other than that, it should work.

The other option would be to buy some better equipment, you can get things on ebay for next to nothing that would better address your needs.

oops, misunderstood the question. i proposed to use a cisco, but obviosly you don't have a cisco. well, you can try the solution of pkaretnikiv: create all vlans on the L3 switch (SVI or L3), for example 6 vlans, then configure 6 ports for each vlan and just plug those 6 ports on your L2 network. each device will arp for its own default gateway, you connect the (new) firewall in a dedicated seperate vlan and put static routes on the firewall for each vlan you have. should work , but is messy. be sure to NOT run a L3 routing protocol on any of the vlans (no routing protocol hellos)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: