 Re: Secondary IP on VLAN interface
What platform are you on. I have done this on a Nokia before so it is possible on a Nokia, just manually configured the VRRP and then manual NAT using the cluster IP address. I didn't actually define a cluster address in the object. I needed to add the cluster interface manually into the VRRP rule as well to make that work. I was however only routing via that additional subnet I did not do anything where it actually needed to talk to the firewall or VPN.
You need to manually configure the anti-spoofing for that VLAN interface however as topology update will not retrieve anything other then the first interface as you are aware. This forces you to either manually configure the anti-spoofing or make sure that only use 1 IP address for an interface.
You can still get the other interfaces using the get interfaces with topology, you just need to manually do the one interface. |