Assign a second IP to a LAN

michmoor

The business merger is occurring and there are a few vlans with IP overlap. So one statergy thats been done is for example on the routers we assign 2x gateways. One for the current vlan and the other for the migration vlan.

Is it possible to assign a second IP subnet to an interface on a pfSense?
So for example, igc1 has 10.28.128.1/24 and 10.207.33.1/24

johnpoz

@michmoor yeah your example is one of the valid reasons for running multiple layer 3 on the same layer 2.. You can add the 2nd IP on the interface via a vip.

I hope your goal is to after the migration to remove the vip.

michmoor

@johnpoz Ahhhhhh the VIP. Dang, your right. i overlooked that while crafting this post.
Just use an IP Alias for this.

The VIP will be removed and igc1 will be assigned that IP.

Thanks John!

michmoor

@johnpoz Does the IP Alias work with setting up a dhcp scope for the LAN as well?

johnpoz

@michmoor said in Assign a second IP to a LAN:

setting up a dhcp scope for the LAN as well?

hmmm - I wouldn't think so, how would you determine what dhcp scope got used. Are you talking about turning off the dhcp on the native IP, and then enable it on the vip? I don't think - mind you never looked into that but, I don't think you can run dhcp server on the vip.

But normally how you would change over an IP range from X to Y... Is you would change the IP on the interface to Y, and this would change the dhcp scope now to Y.. then you would add a vip of X (its old IP) to the interface. So now clients that are dhcp would get the new IP range.

Devices that are not dhcp would still be using their old IPs, and would go about fixing them to either the new Y range, or changing them to dhcp so they get an IP from Y.

michmoor

@johnpoz said in Assign a second IP to a LAN:

@johnpoz said in Assign a second IP to a LAN:

But normally how you would change over an IP range from X to Y... Is you would change the IP on the interface to Y, and this would change the dhcp scope now to Y.. then you would add a vip of X (its old IP) to the interface. So now clients that are dhcp would get the new IP range.

So i just got the scope of the work and this is a server vlan. No DHCP is needed here. So the IP Alias is still needed and outbound NAT rules are already created. Just need to update the Firewall rules.

Now if this was a client vlan, i dont know if having an IP Alias would help or even be needed. At least thats how i see it. Why keep the old IP as an Alias unless theres that one client that cant be moved to the new IP range for some reason.

johnpoz

@michmoor said in Assign a second IP to a LAN:

Why keep the old IP as an Alias unless theres that one client that cant be moved to the new IP range for some reason.

Agree - the only reason for the old IP address as a vip, is if there is going to be something on the network that you can not get to for a bit, and you need to run in a mode where the new and the old IP ranges have to run at same time..

But if you have a change window, and can move all the servers to the new IP range - there would be no need for a vip.. Unless you were trying to make the changes remote and needed to be able to get to devices from another network to change them. If your local or on the same network then no reason..