PA500 and Avaya Switches using MLT

Reply
L0 Member

PA500 and Avaya Switches using MLT

I have 4 Avaya switches (A,B,C,D) that are in a MLT configuration, I need to inject a PA-500 between. Will V-wire and AE work connect the switch "A,B" to switch "C,D", A/B & C/D are stacked and each set would be considered 1 switch. AE is needed to provide more through-put.

Tags (3)
Highlighted
L7 Applicator

Re: PA500 and Avaya Switches using MLT

As I recall MLT in Avaya is an LACP based aggregation.  So I believe this will work across v-wire similar to how a Cisco LAG is connected.

Assuming a two port LAG you would create two v-wire using the same two zones on each v-wire

Then you connect switch stack A/B ports to the "trust" side of v-wire 1 & v-wire 2

Then connect switch stack C/D ports to the "untrust side of v-wire 1 & v-wire 2

The switches will behave as if they are directly connected not seeing the PA.

the traffic will be visible to the PA on the v-wire interfaces and you can create your rules as in any other v-wire deploy.

You could also add more v-wire and ports as needed up to the traffic capacity of the Palo Alto.

This document describes the similar situation with Cisco switches.

Cisco Link Aggregation Traffic Through a PAN Device

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!