Jump to content
Welcome to our new Citrix community!

How do I move a VIP to a different VLAN?

Ryan Kellerman

Recommended Posts

I've got a VIP that was setup by using the "Integration with Citrix Products" wizard for "XenApp and XenDesktop". However it's not on my DMZ network (which has its own network interface) and is configured on my secured network. I created a new VLAN (2) and bound it to the adapter connected to the DMZ. In VLAN (2) I created a additional new SNIP ( But for the life of me I cannot figure out how to get the VIP ( onto that DMZ interface/VLAN.


Also, how do I configure the default route of to go to on that interface instead of using the default IP route out of the secured network (


Please help and thank you.

Link to comment
Share on other sites

IPs are associated to interfaces via the vlan bindings.


add vlan 10

bind vlan 10 -ifnum <int#>

bind vlan 10 -ipaddress x.x.x.x  << where this identifies your IP/netmask aka "the subnet" of Ips that you want associated with this vlan and therefore its interface (or channel)


However, the IP/netmask you specify most correspond to a SNIP you've created OR a VIP range (which is just a VIP with a subnet mask other than /32)>

Once the subnet is bound to the vlan, then all IPs on the netscaler in that subnet (now and in future) are owned by this vlan's interfaces/chanels.

So, if you created the SNIP: and it is the same subnet as your VIP in question ( for example), then after the binding, your IPs are part of this vlan/interface association.

If you don't need a SNIP in that network, you can do the same thing with a VIP range:

A SNIP:  add ns ip -type SNIP

A VIP Range:  add ns ip -type VIP

Then if you assign any VIPs to verservers from this range, it will be owned by this vlan and it's interfaces/channels.


regarding the routes:

If you already have a default route

then what you need to specify is a specific route: <gateway>


If needed. Usually, though if you use a SNIP, this route will be created already.  







  • Like 3
Link to comment
Share on other sites

Regarding the routes ...

First, create a PBR (Policy-based route) so you don't lose connection to the ADC when you remove the current default route:

add ns pbr Mgt_Subnet_PBR ALLOW -srcIP = -destIP "!=" -nextHop -priority 10 -kernelstate SFAPPLIED61
apply ns pbrs

Then you should be able to remove the old default route, and add the new one:

rm route
add route


  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...