PA supports 802.1ad QinQ?

L4 Transporter

PA supports 802.1ad QinQ?

Hi,

 

I would like to know if PAs support 802.1ad (QinQ? any info about this?

Tags (1)
L7 Applicator

Re: PA supports 802.1ad QinQ?

@jesuscano,

802.1ad was rolled into the 802.1Q standard in 2011, so the firewall should support this without issue as they have full 802.1Q compliance. 

 

L7 Applicator

Re: PA supports 802.1ad QinQ?

Depends on your definition of "support". 

 

My understanding is that today, if you use 0x88A8 ethertype, PAN-OS will treat that as an unknown ethertype and the traffic will receive the same action as any other non-IP protocol (ie: v-wire/L2 will flood w/o setting up flows).  In 8.0, PAN-OS gained the ability to block this using Zone Protection.  There is some limited support when using nested 0x8100 tags, but only for using the outer VLAN.  

 

If you're looking for more functionality than this, please contact your Palo Alto Networks SE and request to be added to the QinQ feature request, along with the specific functionality required.  

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!