L2 trunk and subinterfaces to Cisco

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

L2 trunk and subinterfaces to Cisco

Not applicable

I am trying to configure a L2 trunk from a Cisco 3750 to a Palo 5020

I cannot find any info on how to configure the Palo, as the terminology is different to me.

As a side note we are also running two 5020's in an Active/Active configuration

I have tried configuring it but getting errors saying L2 interfaces not supported in HA active/active

I need to run OSPF to the Palo so have to have L3 interfaces

Can anyone provide any assistance.

If we can start with the Trunk and sub interfaces on the Palo and take it from there.

Thanks

Roger

7 REPLIES 7

L5 Sessionator

Hello Roger,

Configure Layer3 sub-interfaces for physical interface that connects to the Trunk port as exhibited in the following documents

How to Create Tagged Sub-Interfaces

(section For PAN-OS 4.1)

You may also use following tech note for reference :

Securing Inter VLAN Traffic

Thanks,

We are running 5 so the config is a bit different, I have configured the L3 subinterfaces.

However I want this to trunk to a Cisco switch and if you make e1/1 a L2 interface then you cannot make the sub-interfaces L3?

I just need to know:

How to make a port a trunk port

What do I configure the Cisco end as

Then create sub interfaces to be able to ping.

Thanks

You can configure eth1 as L2,create L2 sub-interfaces foe eth1 with tags needed and assign these to a VLAN.

An L3 vlan interface can then be created to terminate OSPF .

Ref :Layer 2 Networking

OK I have managed to get it working now L3 subinterfaces.JPG.jpg

L3 interface which is trunking to a Cisco 3750 and L3 subinterfaces which I can ping from the Cisco

Cisco 3750 Configuration

interface FastEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

end

SwitchTEST#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan

Fa1/0/1     on               802.1q         trunking      1

Thanks for the help

Is there any documentation about how the Palo's form a trunk?

I just set the Cisco to mode trunk and it works so assume that is the best thing to do?

Roger

Currently studying for my CCIE in R&S!

latest updates on my CCIE Blog - www.rogerperkin.co.uk/ccie

You said it is working?  On the cisco it appears Fa1/0/1 is set to use vlan tag=1.  While on the PA eth1/1.2 and eth1/1.4 are set to VLAN tags=2 and 4, respectively.  There seems to be a mismatch.

The trunk on the PA is using 802.1q standard and the packets are marked with vlan tag just like the Cisco.  Thanks.

It is working!

The 1 on the Cisco output refers the the Native Vlan

The port is running as a trunk and any traffic that comes into the trunk that is not tagged will be put into Vlan 1

Roger

thanks for the confirmation.

  • 8748 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!