May I set the same ip in different interface between two virtual system?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

May I set the same ip in different interface between two virtual system?

L1 Bithead

I  set ip address 192.168.1.254/24 in the ethernet1 which belong default router in the vsvy1.

I try to set the same ip address in the ethernet2 which belong another VR in the vsvy2.

When I commit, it will display duplicate address.


I just do some lab about vistual system for my client.

But I want to sure may I set the same ip in different interface between two virtual system?

1 accepted solution

Accepted Solutions

L7 Applicator

Hello Kylelee,

I don't think we can configure the exact same IP address on 2 different interfaces, even though they are part of 2 different VSYS. It will throw you below mentioned error:

Error: duplicate address for interface ethernet1/xx and ethernet1/yy

Error: interface configuration error

(Module: device)

Commit failed

View solution in original post

13 REPLIES 13

L7 Applicator

Hello Kylelee,

I don't think we can configure the exact same IP address on 2 different interfaces, even though they are part of 2 different VSYS. It will throw you below mentioned error:

Error: duplicate address for interface ethernet1/xx and ethernet1/yy

Error: interface configuration error

(Module: device)

Commit failed

Thanks for your support.

But it's strange, I originally thought that different virtual system shouble be independent system.

Hello Kylelee,

Could you please give me some time, i will try to get in touch with product-management team and provide you a valid explanation.

Thanks

Hi all,

It's a known limitation for Vsys. You can't have same IP on different interface (member of diff Vsys).

V.

L5 Sessionator

As per my understanding you can not have the same ip address on two different interfaces. That is the limitation of the system.

However,

Overlapping IP address space requires separate VR/vsys

Ethernet interface can not have same ip interface even in different vsys.


Hope this help.

Numan

This answer is crazy.

Virtual routers exist because we want separation in routing between the devices.  Why cripple this ability by preventing a basic function like ip address assignment in different virtual routers.

I hope this is on the near term roadmap to fix.  I would classify is buggy behavior.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

HI, does anyone know if there is a change regarding this?

Just confirmed today. This behavior still exists.  IP@ space can overlap between multiple VR's but no two interfaces can have the same IP@...  Does not require multiple VSYS, though.

In addition: the behaviour still exists in 8.0.2

in addition vol2: same behaviour in 9.0, 9.1 and 10.0

Still seeing same issue. No fix.

Cyber Elite
Cyber Elite

Hello,

 

I think if you want PA to fix it, you should give a valid reason.  Separate VRs do allow interfaces in the same subnet, which you cannot do on a single VR.  For my separate vsys customers, we never assign the same IP address because the vsys are not on an isolated network.  We use different IP addresses to route to different firewalls (vsys).

 

I assume you have a valid design proposed for using the same IP address.  I just can't think of any examples now.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

L2 Linker

For us, we have multiple segmented systems that we setup using the same script for IP addressing, but then leverage NAT going into the main network.  This way we don't utilize more addresses and the scripts are easier.  With this limitation I have to allocate unique addresses for each backend environment with no useful impact to the main network since those addresses aren't visible/published to the main network.  

  • 1 accepted solution
  • 12593 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!