How to have multiple subnets on outside of CSS

mmedwid · ‎07-30-2007

For failover purposes we might want to have multiple routable /24 subnets at the outside of the CSS (facing the Internet.) But I understand that if you put a secondary IP address on a circuit/VLAN associated with an interface - the CSS will not be able to balance the secondary. Most of the configuration examples only go into having a single subnet at the outside and a single subnet on the inside. How could I have multiple subnets at the outside? Thanks.

Gilles Dufour · ‎07-31-2007

you can add more interfaces on the outside, and have a different subnet/vlan for each interface.

You can also use a single interface in trunk mode.

No need for secondary ip addresses.

However, this kind of config is more complex since traffic can come in on 1 interface and go out on another one.

It is better to put a single interface between CSS and servers vlan and another single interface between css and an external router which will have a connection to all your vlans if needed.

Let a router do the routing and the css do the loadbalancing.

Gilles.