cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2972
Views
4
Helpful
4
Replies

What is the use of IP alias on firewalls?

Pratyush Sinha
Level 1
Level 1

I have a firewall with one WAN port and two LAN ports.

Say the IP on the WAN port is 115.115.115.115. Then the IP address on the LAN ports are 172.16.16.16.1/24 and 192.168.1.1/24. the firewall is in gateway mode (it does NAT ing).Now i have connected four computers to the network 172.16.16.1 via a switch.If i create an alias on the LAN port which has 172.16.16.1 /24 ip and give the alias an ip 172.16.17.1 then what does it do in the network behind switch. Will i have 3 LANs now. Or will the computers behind the switch get an optiopn to choose the ip address from both the range i.e 172.16.16.1 /24 and 172.16.17.1/24..Will I be able to ping 172.16.17.1 from any computer in the network 172.16.16.1/24 network. I do know that if we use alias on WAN interface then we can accesss the device on two ip addresses. But my question is related to ip alias in LAN.


So what does an alias do from start to end.

4 Replies 4

Shahzad Arain
Level 1
Level 1

Hello Pratyush,

IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface.You can ping 172.16.17.1/24 from any computer in the network 172.16.16.1/24. But when you use IP alias and want communication between them, you need to configure firewall rules to allow access(route) between the LAN's logical networks (subnets).

Shahzad

Thank you for the answer . Now I have  some more questions related to alias.

1.How many broadcast domain would be present ?

2.In the ARP for the 17.16.16.1/24 will i get any response from 172.16.17.1/24?

3.Can an alias port act as a DHCP server.

4.If the hosts in the 172.16.16.1/24 fail to ping 172.16.16.1 will it have any effect on the 172.16.17.1 network ?

Hi Pratyush,

3.Can an alias port act as a DHCP server.

Yes, Alias port can communicate and broadcast for DHCP negotiation.

4.If the hosts in the 172.16.16.1/24 fail to ping 172.16.16.1 will it have any effect on the 172.16.17.1 network ?

There will be no effect until unless port/NIC is down or malfunction.

Regards

Shahzad

Also Pratyush,

1.How many broadcast domain would be present ?

One broadcast doman.

2.In the ARP for the 17.16.16.1/24 will i get any response from 172.16.17.1/24?

You can ping both IPs. Multiple domain name can point to single IP in same manner multiple IPs can point to single MAC address, MAC address table is maintained by switch.

Regards,

Shahzad

-----Please remember to rate useful posts, by clicking on the stars below------

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: