Create a Post
Showing results for 
Search instead for 
Did you mean: 

SPLAT R75.40 - Two VIP on the same cluster interface

Hello all.
Another question on the good old R75.40.
The customer has two subnets (let's say and used by the WIFI clients. At this moment the Default Gateway assigned by the DHCP server to the WIFI clients are two core switches in LAN (VLAN 100, with an HSRP IP for each subnet).
In the core switch the VLAN has a primary address (on the 136) and a secondaty on the 141 and, as said, two HSRP IPs as clients gateway.

Now the customer wan to logically place those subnets behind an interface of a CP cluster and make it work as DGW.
I tried to think to some solutions but I have several doubts.

1. I could configure two IPs (primary and secondaty) to a cluster member interface but CP does not support VIP on a secondary IP (sk89980)
2. The two subnets could be placed in two different VLANs (i.e. VLAN 100 for the 136 and VAN101 for the 141). in ths way the CP cluster could manage two VIPs on the same IF but the changes needed in the general configuration (switches, dhcp server...) would be really complex (on a production environment)
3. Yes, I could configure the two subnets on two different FW phisycal interfaces, but consuming all the available FW interfaces

Following solution (1) and:
* configuring the IF with primary and a secondary IP
* assigning a cluster VIP only on the primary 136 subnet (subnet 141 probably hidden to the cluster, not sure)
* manual ARP on each cluster member with the 141 requested VIP and MAC of the physical (or virtual?) interface (of course all cluster features would not work for this address, for example the failover)

Would the cluster see the 10.0.141 subnet as locally connected network and forward traffico to and from the manually natted IP?
Or do you know another way to achieve this goal?

Thanks to everybody, especially to ones that lost their time reading this a little  confused post.


0 Kudos
4 Replies

I would rather upgrade - an unsupported version will leave the customer alone in times of trouble, and every greater change (like the one above) could make it stop working. Contemplating a R80.10 upgrade would be the best you can do here...

0 Kudos

Hello Gunther, you're absolutely right but the customer decide. We could deny the support but they pay for it, so I have to find a solution inside this environment....

Thanks anyway....


0 Kudos

As you noted ClusterXL does not support more than one VIP/CIP on a single interface.  VRRP does support more than one address per interface, but I wouldn't recommend migrating to VRRP just to solve this problem.  You can try to monkey around with ARP and such to make two IP subnets work on the same VLAN/segment, but keep in mind that ClusterXL controls ARP so even if you somehow make that work it won't be a supported configuration and could suddenly break at any time, especially during a version upgrade or HFA application.

Can you just expand the subnet to for 1022 hosts total and get rid of entirely?  Are there fixed IP assignments in the subnet not subject to DHCP assignment?

Second Edition of my "Max Power" Firewall Book
Now Available at

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at
0 Kudos

Hello Timothy, thanks for your comment.

Unfotunately I cannot expand the 136 subnet.  I'll try to play with manual ARP.

I know that is not a standard/supported configuration but that cluster already have other "less" standard configs, so we're aware of this....!

Thanks again.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events