Clients Cannot Communicate Through Different Layer 2 Interfaces on the Same VLAN

Clients Cannot Communicate Through Different Layer 2 Interfaces on the Same VLAN

19020
Created On 09/25/18 17:15 PM - Last Modified 06/13/23 04:26 AM


Resolution


Issue

The Palo Alto Networks Firewall is configured with multiple L2 interfaces belonging to the same VLAN. End clients are located behind these interfaces, but they cannot communicate with each other.

Cause

This issue is encountered when the layer 2 interfaces have not been assigned to layer 2 zones. On the Palo Alto Networks firewall, the Security Policies permit or deny traffic to pass between the same or different zones. Whether the interfaces are configured as Layer 3, Layer 2, VWire or tap, traffic will not pass through these interfaces unless they are bound to zones. So even if they are Layer 2 interfaces, you have to assign them to layer 2 zones and configure a policy, as needed.

Resolution

Assign the interfaces to Layer 2 zones and commit the changes. Configure a policy if the interfaces are not assigned to the same zone or if a default deny rule has been configured.

owner: kprakash
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClDyCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language