Multiple IP address affected to L3 interface

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Multiple IP address affected to L3 interface

L4 Transporter

Hello All

Somebody know why

When You add 2 ip address from the same subnet to the same interface Layer 3 ex ;

ip 1 : 12.52.36.2/29

ip 2: 12.52.36.3/29

you obtain an error lijke subnet overlaping

to solve that you need to declare one IP in the subnet /29 and the other in subnet /32

like IP 1: 12.52.36.2/29

and IP 2: 12.52.36.3/32

thank

1 accepted solution

Accepted Solutions

L5 Sessionator

Hello Greg,

That is an expected behavior. Actually, the only way to assign two IP addresses from the same over lapping subnet is by having their respective interfaces in different virtual routers. Let alone a single interface.....

"Normally" you don't need to configure multiple IP adress on your outside interface, if you've got a router connected on it, with gratuitous arp, all your traffic should be redirected to your outside fw interface. Exept if second IP will be used for GP portal / Gateway



Regards,

Kunal Adak

View solution in original post

3 REPLIES 3

L5 Sessionator

Hello Greg,

That is an expected behavior. Actually, the only way to assign two IP addresses from the same over lapping subnet is by having their respective interfaces in different virtual routers. Let alone a single interface.....

"Normally" you don't need to configure multiple IP adress on your outside interface, if you've got a router connected on it, with gratuitous arp, all your traffic should be redirected to your outside fw interface. Exept if second IP will be used for GP portal / Gateway



Regards,

Kunal Adak

L3 Networker

Hello Greg, when you assign IP with /29 mask - the interface will be listening for all IPs in that range.

Hence /32 is required if you want to put  another IP from same subnet.

If you simply need to use second IP for natting - there is no need to configure IP to the interface but only NAT, security policy should be enough

L4 Transporter

I found other method to configure that

you could use a loopback address with de /32 addresse affected

or the best for me

is to use this untagged subinterface

https://live.paloaltonetworks.com/docs/DOC-1884

  • 1 accepted solution
  • 7333 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!