Layer 3 Sub-Interface Question

D.Callahan — Mon, 20 Jan 2025 22:25:04 GMT

All,

I have recently set up a test lab with a PA440. In the lab I have created a WAN and LAN zone from two different physical interfaces.

In addition, I have created a sub-Interface from the physical ethernet port 1/3. This is what the ethernet port 1/3 looks like:

Ethernet 1/3 (Physical Port)

- Sub-Interface Eth1/3.25 ~ L3 (IP = 10.10.25.1/24)

- Sub-Interface Eth1/3.35 ~ L3 (IP = 10.10.35.1/24)

- Sub-Interface Eth1/3.55 ~ L3 (IP = 10.10.55.1/24)

Each Sub_interface has its own zone and mgmt profile with the service to ping. Each interface has a tag of its interface number.

I have taken a laptop and assigned it to Ip address: {10.10.25.55/24 with gateway 10.10.25.1} and connected directly to Port1/3.

I have another latop on another port that does not have an sub-interface, just the physcial (Eth1/6) port with IP = 12.12.12.124.

My issue is that I can ping my gateway (12.12.12.1) on my laptop (12.12.12.12) from a Physcial interface (Eth1/6). From the same laptop I can ping all the IP's gateways from each sub-interface {10.10.25.1, 10.10.35.1, 10.10.55.1} but I cannot reach any device behind those IP's. I have no switch, just testing connection from one laptop to another each, directly connected to its ports. The laptop that is connected to the eth1/3 port cannot ping any none of its own sub-Interface IP's nor the eth1/6 IP address.

Not sure what I am missing?

Re: Layer 3 Sub-Interface Question

OtakarKlier — Wed, 22 Jan 2025 21:52:56 GMT

Hello,

Check the unified logs to see if/where the traffic is getting blocked. Since you have the different IP's in different zones, you'll need security policies. I prefer to make my physical interfaces layer 2 and have a layer 3 vlan. This can be tricky for external interfaces however.

Regards,

topic Re: Layer 3 Sub-Interface Question in General Topics

Layer 3 Sub-Interface Question

Re: Layer 3 Sub-Interface Question