https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550159#M112191 <P>Hi there,</P> <P>The only way you will get this to work is to convert Eth1/1 to a Layer2 interface with sub-interfaces and create a VLAN interface for each of the VLANs carried on Eth1/1 and that you want the firewall to be gateway for.</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Thu, 20 Jul 2023 12:22:09 GMT seb_rupik 2023-07-20T12:22:09Z https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550033#M112182 <P>Are you able to have a device connected on a layer 2 interface be able to reach a layer 3 gateway on the same subnet? We are able to get this working with a vlan interface when its on a different subnet.</P> <P>&nbsp;</P> <P>Scenario:</P> <P>Sub interface ethernet1/1.100 with IP address 10.10.100.1/24 and tag 100</P> <P>Ethernet 1/2: Layer 2 interface</P> <P>Device with IP address 10.10.100.100 connected to ethernet 1/2</P> <P>&nbsp;</P> <P>We want device 10.10.100.100 to be able to reach its gateway at 10.10.100.1.&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Claw4609_0-1689782300039.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/51795i6DA91EE83AE1FDFE/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Claw4609_0-1689782300039.png" alt="Claw4609_0-1689782300039.png" /></span></P> <P>&nbsp;</P> Wed, 19 Jul 2023 16:00:58 GMT https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550033#M112182 Claw4609 2023-07-19T16:00:58Z https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550144#M112186 <P>Hi there,</P> <P>The topology you are describing isn't one I have ever seen implemented and begs the question why not use a VLAN interface and use the sub-interfaces as a trunk link?</P> <P>&nbsp;</P> <P>Looking at your config, I notice that the two interfaces in question do not belong to any VLAN. I suggest you create one and attach it to both Eth1/1.100 and Eth1/2 and repeat your testing.</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Thu, 20 Jul 2023 08:26:15 GMT https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550144#M112186 seb_rupik 2023-07-20T08:26:15Z https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550158#M112190 <P>Eth1/1.100 is a layer 3 interface and it doesnt look like I can attached a vlan to that. I have created vlan 100 and attached it to just eth1/2 to see if that would work but it didnt.&nbsp;</P> <P>&nbsp;</P> <P>The reasoning for the setup is we are looking to have a dedicated mgmt interface of the device have a separate port on the firewall. So in our case eth1/1 is the LAN interface which we have multiple sub interfaces on for our L3 gateways. One of those gateways is a management subnet. We would theoretically like an access port on the firewall for a device on the same subnet as the management subnet&nbsp;</P> Thu, 20 Jul 2023 12:12:23 GMT https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550158#M112190 Claw4609 2023-07-20T12:12:23Z https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550159#M112191 <P>Hi there,</P> <P>The only way you will get this to work is to convert Eth1/1 to a Layer2 interface with sub-interfaces and create a VLAN interface for each of the VLANs carried on Eth1/1 and that you want the firewall to be gateway for.</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Thu, 20 Jul 2023 12:22:09 GMT https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550159#M112191 seb_rupik 2023-07-20T12:22:09Z https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550160#M112192 <P>Sounds good, thanks for the help.</P> Thu, 20 Jul 2023 12:27:17 GMT https://live.paloaltonetworks.com/t5/general-topics/device-on-l2-interface-trying-to-reach-l3-interface-on-same/m-p/550160#M112192 Claw4609 2023-07-20T12:27:17Z