Assigning Public IP to a VLAN
Is it possible to assign a public IP address to a VLAN that uses a separate router?
We manage service offices and at the moment, we use VLANs to manage the network. If a client wants to use their own router and have a public IP address, we create a policy to forward all traffic to an IP address within their VLAN and get them to set up their router this way.
Example: Client A
Static IP: 113.234.2.4 (made up IP)
VLAN: 10.0.0.1/24
Incoming Policy
ANY traffic to 113.234.2.4, route to 10.0.0.2
The client sets up their router IP to 10.0.0.2 with the gateway as 10.0.0.1 and everything works perfectly fine.
My question is, how can I set this up so that the client will use the public IP address on their routers WAN interface as opposed to using the VLAN Internal IP?
Comments
Another possible option is to use drop-in mode.
There are a number of limitations to drop-in mode, but it does support non-tagged VLANs.
With drop-in mode, you can assign a unused public IP addr to an internal device, such as a server or internal firewall.
Review this:
Drop-In Mode
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/net_config_dropin_about_c.html
The Drop-In mode doesn't really work because we need to be able to assign VLANs to customers who doesn't want static public IPs.
As for supernetting, I wonder if adding the supernetted subnet as a secondary IP to the VLAN would allow me to achieve what I want. Otherwise, I think an L3 switch may be required for this.