Ok, i will find another subnet /24.

I do not have a spare interface on the firewall.

Doesn't matter whether he new servers to be in the same vlan as the existing ones.

Bledi

If you do not have a spare firewall interface where are you planning to route the vlan/IP subnet ?

Jon

I have no idea

What do you recommend?

Bledi

If you need to firewall then perhaps use the same interface.

Jon

Correct, i need to firewall.

You mean to create a sub-interface on firewall?

Bledi

Yes that is the only way to do it if you need to use a new vlan/IP subnet assuming your firewall supports it and it would mean some downtime while you configured it.

The alternatives are to increase the subnet mask of the existing server subnet but you have said you can't do that, to use a new subnet big enough for all servers but that would mean readdressing all servers which is impractical or using the same vlan for the new servers with a different IP subnet but this would mean your firewall would need to support secondary addressing on the interface and I doubt it would.

The secondary addressing solution would be the least disruptive and it would mean all servers were in the same vlan. I tend to think of it as a temporary measure though rather than a permanent one..

Those are all the choices I can think of.

Jon

I totally agree with you to use a new subnet big enough for all servers.
This would be a permanent solution.
But in this, i have some ambiguity.
Currently i use x.x.x.x / 23 and normally tend go to one bigger y.y.y.y / 22
1) y.y.y.y / 22 -> What problems will i have with the broadcast ?
                          What are the measures to manage it?
2) y.y.y.y / 22 -> Same layer interaction, how it can be run to work in this case?

                          ( this is my idea )
3) What else should i consider before i go to y.y.y.y / 22 ?