topic Re: L3 vlans and devices/systems that don't support vlanning issue. in General Topics

L3 vlans and devices/systems that don't support vlanning issue.

cmateam — Thu, 11 Oct 2012 19:58:49 GMT

Hello all,

I've recently setup our PAN-2020's with L3 sub-interfaces presenting VLANS to our core switches (per this discussion: ). However, I've run into a problem that I can't manage or connect to devices, like our SAN, KVM, and even the PAN Firewall (management port) because they are on the same switch and use the default vlan of the switch. If I define an available L3 port as a management network, and leave it untagged, it creates headaches and breaks the L3 vlanning.

My question is, can I create a L3 interface with a network and untagged, attach it to another VR and route management traffic to that VR, and then present that interface to the switch with the untagged network. I don't think that should cause any issues, but wondered if anyone's had experience with this, or ran into similar issues? I've also found this discussion, but they've not complete given me any insight into if this is possible or not:

- can I define an untagged L3 sub-interface on top of the main untagged interface with a network without causing issues? This would be a lot better of a solution then having to setup another VR.

Thanks for any help you can give.

Re: L3 vlans and devices/systems that don't support vlanning issue.

mikand — Tue, 16 Oct 2012 03:18:36 GMT

If the switch interface supports both tagged and untagged on the same interface you should be able to have both tagged and untagged traffic on the PA connected to this interface if I fully understand your question 😃

Re: L3 vlans and devices/systems that don't support vlanning issue.

cmateam — Fri, 19 Oct 2012 19:48:15 GMT

I guess my question is... in L3 vlanning, since the physical port is untagged with no defined network, and L3 sub interfaces are added with defined networks, can I define a subinterface untagged with a network without any problems?