Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CPRQ
Collaborator

double vlan IP addresses

We are on R80.20 on VSX platform.
when we add a new vlan with specific IP 10.x.x.x it also automatically assigned a new IP 192.168.x.x to same vlan as shown below.
What is the purpose of those IPs 192.168.x.x ?
Also when firewall try to resolve DNS, why it use source IP those 192.168.x.x. addresses Not real IP (10.x.x.x) assigned to vlan .
How firewall can use its real IP 10.x.x.x as a source IP to resolve DNS?


1> show interface bond0.300
ipv4-address 10.10.2.1/24

1> show interface bond0.301
ipv4-address 10.10.3.1/24


1> show interface bond0.302
ipv4-address 10.10.4.1/24

set interface bond0.300 state on
set interface bond0.300 mtu 1500
set interface bond0.300 ipv4-address 192.168.192.50 mask-length 28
set interface bond0.301 state on
set interface bond0.301 mtu 1500
set interface bond0.301 ipv4-address 192.168.192.34 mask-length 28
set interface bond0.302 state on
set interface bond0.302 mtu 1500
set interface bond0.302 ipv4-address 192.168.192.18 mask-length 28

0 Kudos
2 Replies
Wolfgang
Authority
Authority

CPRQ,

adding these 192.168.xx.xx addresses are normal behaviour.

this the VSX internal network used for internal communication. You can see the configuration of this network here:

SmartDashboard - open VSX cluster object - go to "Cluster Members" pane - refer to section "Cluster members internal communication network"

For outgoing connections from the VSX-cluster they should be NATed behind the configured IP of the interface. The behaviour of this NAT is described in Outgoing connections from Virtual System in VSX cluster are sent with source IP address that belongs... 

Wolfgang

CPRQ
Collaborator

Thank you. We are going through the SK, it seems exactly what we are seeing and looking answer for it. Thanks
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events