diff --git a/pkg/asset/installconfig/nutanix/nutanix.go b/pkg/asset/installconfig/nutanix/nutanix.go
index 02999e3aab0..f85d1c046af 100644
--- a/pkg/asset/installconfig/nutanix/nutanix.go
+++ b/pkg/asset/installconfig/nutanix/nutanix.go
@@ -14,8 +14,11 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 
+	"github.com/openshift/installer/pkg/types"
+	"github.com/openshift/installer/pkg/types/defaults"
 	"github.com/openshift/installer/pkg/types/nutanix"
 	nutanixtypes "github.com/openshift/installer/pkg/types/nutanix"
+	"github.com/openshift/installer/pkg/types/validation"
 	"github.com/openshift/installer/pkg/validate"
 )
 
@@ -266,6 +269,14 @@ func getSubnet(ctx context.Context, client *nutanixclientv3.Client, peUUID strin
 func getVIPs() (string, string, error) {
 	var apiVIP, ingressVIP string
 
+	defaultMachineNetwork := &types.Networking{
+		MachineNetwork: []types.MachineNetworkEntry{
+			{
+				CIDR: *defaults.DefaultMachineCIDR,
+			},
+		},
+	}
+
 	//TODO: Add support to specify multiple VIPs (-> dual-stack)
 	if err := survey.Ask([]*survey.Question{
 		{
@@ -274,7 +285,11 @@ func getVIPs() (string, string, error) {
 				Help:    "The VIP to be used for the OpenShift API.",
 			},
 			Validate: survey.ComposeValidators(survey.Required, func(ans interface{}) error {
-				return validate.IP((ans).(string))
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
 			}),
 		},
 	}, &apiVIP); err != nil {
@@ -291,7 +306,11 @@ func getVIPs() (string, string, error) {
 				if apiVIP == (ans.(string)) {
 					return fmt.Errorf("%q should not be equal to the Virtual IP address for the API", ans.(string))
 				}
-				return validate.IP((ans).(string))
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
 			}),
 		},
 	}, &ingressVIP); err != nil {
diff --git a/pkg/asset/installconfig/ovirt/network.go b/pkg/asset/installconfig/ovirt/network.go
index 08dba5c8d46..0e09efb93b1 100644
--- a/pkg/asset/installconfig/ovirt/network.go
+++ b/pkg/asset/installconfig/ovirt/network.go
@@ -9,7 +9,11 @@ import (
 	ovirtsdk4 "github.com/ovirt/go-ovirt"
 	"github.com/pkg/errors"
 
+	"github.com/openshift/installer/pkg/types"
+	"github.com/openshift/installer/pkg/types/defaults"
 	"github.com/openshift/installer/pkg/types/ovirt"
+	"github.com/openshift/installer/pkg/types/validation"
+	"github.com/openshift/installer/pkg/validate"
 )
 
 func askNetwork(c *ovirtsdk4.Connection, p *ovirt.Platform) error {
@@ -107,6 +111,15 @@ func askVNICProfileID(c *ovirtsdk4.Connection, p *ovirt.Platform) error {
 func askVIPs(p *ovirt.Platform) error {
 	//TODO: Add support to specify multiple VIPs (-> dual-stack)
 	var apiVIP, ingressVIP string
+
+	defaultMachineNetwork := &types.Networking{
+		MachineNetwork: []types.MachineNetworkEntry{
+			{
+				CIDR: *defaults.DefaultMachineCIDR,
+			},
+		},
+	}
+
 	err := survey.Ask([]*survey.Question{
 		{
 			Prompt: &survey.Input{
@@ -114,7 +127,13 @@ func askVIPs(p *ovirt.Platform) error {
 				Help:    "This is the virtual IP address that will be used to address the OpenShift control plane. Make sure the IP address is not in use.",
 				Default: "",
 			},
-			Validate: survey.ComposeValidators(survey.Required),
+			Validate: survey.ComposeValidators(survey.Required, func(ans interface{}) error {
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
+			}),
 		},
 	}, &apiVIP)
 	if err != nil {
@@ -129,7 +148,16 @@ func askVIPs(p *ovirt.Platform) error {
 				Help:    "This is the virtual IP address that will be used to address the OpenShift ingress routers. Make sure the IP address is not in use.",
 				Default: "",
 			},
-			Validate: survey.ComposeValidators(survey.Required),
+			Validate: survey.ComposeValidators(survey.Required, func(ans interface{}) error {
+				if apiVIP == (ans.(string)) {
+					return fmt.Errorf("%q should not be equal to the Virtual IP address for the API", ans.(string))
+				}
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
+			}),
 		},
 	}, &ingressVIP)
 	if err != nil {
diff --git a/pkg/asset/installconfig/vsphere/vsphere.go b/pkg/asset/installconfig/vsphere/vsphere.go
index 5fb22ddf392..a8b9ee1f0c3 100644
--- a/pkg/asset/installconfig/vsphere/vsphere.go
+++ b/pkg/asset/installconfig/vsphere/vsphere.go
@@ -15,6 +15,9 @@ import (
 	"github.com/vmware/govmomi/vim25"
 	"k8s.io/apimachinery/pkg/util/sets"
 
+	"github.com/openshift/installer/pkg/types"
+	"github.com/openshift/installer/pkg/types/defaults"
+	"github.com/openshift/installer/pkg/types/validation"
 	"github.com/openshift/installer/pkg/types/vsphere"
 	"github.com/openshift/installer/pkg/validate"
 )
@@ -347,6 +350,14 @@ func getNetwork(ctx context.Context, datacenter string, cluster string, finder F
 func getVIPs() (string, string, error) {
 	var apiVIP, ingressVIP string
 
+	defaultMachineNetwork := &types.Networking{
+		MachineNetwork: []types.MachineNetworkEntry{
+			{
+				CIDR: *defaults.DefaultMachineCIDR,
+			},
+		},
+	}
+
 	if err := survey.Ask([]*survey.Question{
 		{
 			Prompt: &survey.Input{
@@ -354,7 +365,11 @@ func getVIPs() (string, string, error) {
 				Help:    "The VIP to be used for the OpenShift API.",
 			},
 			Validate: survey.ComposeValidators(survey.Required, func(ans interface{}) error {
-				return validate.IP((ans).(string))
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
 			}),
 		},
 	}, &apiVIP); err != nil {
@@ -371,7 +386,11 @@ func getVIPs() (string, string, error) {
 				if apiVIP == (ans.(string)) {
 					return fmt.Errorf("%q should not be equal to the Virtual IP address for the API", ans.(string))
 				}
-				return validate.IP((ans).(string))
+				err := validate.IP((ans).(string))
+				if err != nil {
+					return err
+				}
+				return validation.ValidateIPinMachineCIDR((ans).(string), defaultMachineNetwork)
 			}),
 		},
 	}, &ingressVIP); err != nil {
diff --git a/pkg/types/defaults/installconfig.go b/pkg/types/defaults/installconfig.go
index b26374c04d0..64f455917f9 100644
--- a/pkg/types/defaults/installconfig.go
+++ b/pkg/types/defaults/installconfig.go
@@ -20,7 +20,8 @@ import (
 )
 
 var (
-	defaultMachineCIDR    = ipnet.MustParseCIDR("10.0.0.0/16")
+	// DefaultMachineCIDR default machine CIDR applied to MachineNetwork.
+	DefaultMachineCIDR    = ipnet.MustParseCIDR("10.0.0.0/16")
 	defaultServiceNetwork = ipnet.MustParseCIDR("172.30.0.0/16")
 	defaultClusterNetwork = ipnet.MustParseCIDR("10.128.0.0/14")
 	defaultHostPrefix     = 23
@@ -34,7 +35,7 @@ func SetInstallConfigDefaults(c *types.InstallConfig) {
 	}
 	if len(c.Networking.MachineNetwork) == 0 {
 		c.Networking.MachineNetwork = []types.MachineNetworkEntry{
-			{CIDR: *defaultMachineCIDR},
+			{CIDR: *DefaultMachineCIDR},
 		}
 		if c.Platform.Libvirt != nil {
 			c.Networking.MachineNetwork = []types.MachineNetworkEntry{
diff --git a/pkg/types/defaults/installconfig_test.go b/pkg/types/defaults/installconfig_test.go
index c736e970511..65cf2731367 100644
--- a/pkg/types/defaults/installconfig_test.go
+++ b/pkg/types/defaults/installconfig_test.go
@@ -27,7 +27,7 @@ func defaultInstallConfig() *types.InstallConfig {
 		AdditionalTrustBundlePolicy: defaultAdditionalTrustBundlePolicy(),
 		Networking: &types.Networking{
 			MachineNetwork: []types.MachineNetworkEntry{
-				{CIDR: *defaultMachineCIDR},
+				{CIDR: *DefaultMachineCIDR},
 			},
 			NetworkType:    defaultNetworkType,
 			ServiceNetwork: []ipnet.IPNet{*defaultServiceNetwork},
diff --git a/pkg/types/validation/installconfig.go b/pkg/types/validation/installconfig.go
index 7f31a36c7ee..ad06a748a31 100644
--- a/pkg/types/validation/installconfig.go
+++ b/pkg/types/validation/installconfig.go
@@ -578,7 +578,7 @@ func validateAPIAndIngressVIPs(vips vips, fieldNames vipFields, vipIsRequired bo
 				}
 			}
 
-			if err := validateIPinMachineCIDR(vip, n); err != nil {
+			if err := ValidateIPinMachineCIDR(vip, n); err != nil {
 				allErrs = append(allErrs, field.Invalid(fldPath.Child(fieldNames.APIVIPs), vip, err.Error()))
 			}
 
@@ -621,7 +621,7 @@ func validateAPIAndIngressVIPs(vips vips, fieldNames vipFields, vipIsRequired bo
 				allErrs = append(allErrs, field.Invalid(fldPath.Child(fieldNames.IngressVIPs), vip, err.Error()))
 			}
 
-			if err := validateIPinMachineCIDR(vip, n); err != nil {
+			if err := ValidateIPinMachineCIDR(vip, n); err != nil {
 				allErrs = append(allErrs, field.Invalid(fldPath.Child(fieldNames.IngressVIPs), vip, err.Error()))
 			}
 
@@ -657,7 +657,8 @@ func validateAPIAndIngressVIPs(vips vips, fieldNames vipFields, vipIsRequired bo
 	return allErrs
 }
 
-func validateIPinMachineCIDR(vip string, n *types.Networking) error {
+// ValidateIPinMachineCIDR confirms if the specified VIP is in the machine CIDR.
+func ValidateIPinMachineCIDR(vip string, n *types.Networking) error {
 	var networks []string
 
 	for _, network := range n.MachineNetwork {