I want to make the following network-diagram. Is it possible?
A Cisco Nexus Paloalto
VRF-1 ----------------------> eth1/1.1 | 184.108.40.206 | VR : default | trust
tag 10 |
VRF-2 <--------------------- eth1/1.2 | 220.127.116.11 | VR : default | untrust
1. Traffics go into sub-interface eth1/1.1 with tag 10.
2. FW process routing and policing.
3. Traffics go out from sub-interface eth1/1.2 with tag 20.
Two sub-interfaces are on same physical interface.
Solved! Go to Solution.
I think it is possible to work because sub-interfaces are different interface logically with tag number. :smileyhappy:
Yes this is possible. You have to make sure the following are in place:
-Layer3 subinterface eth1/1.1 configured for tag 10 , zone-x, ip-18.104.22.168/netmask
-Layer3 subinterface eth1/1.2 configured for tag 20 , zone-y, ip-22.214.171.124/netmask
-Security rules allowing traffic between zone x and y as required.
-optional-any other policies like nat etc.
Its very much possible, too many customer has this implementation. Good thing is you dont have to configure any special routing because both the interfaces on PANW are on same VR.
Refer following document on sub-interfaces
Thank you very much~ Roh, dreputi, hshah, panos.
My worry is broken by you and get good energy.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!