10-10-2014 01:19 PM
Hi there,
I'd like to set up a PA-5060 with an aggregate Layer 3 ethernet interface with no address:
Aggregate Interface
Name: ae1
Type: Layer 3
Address: (none)
Virtual Router: (none)
Tag: (none)
Security Zone: (none)
and then add subinterfaces to it, each of which have their own IP address ranges and VLAN tags:
Subinterface
Name: ae1.100
Type: Layer 3
Address: 10.10.100.1/24
Virtual Router: default
Tag: 100
Security Zone: Trust
Subinterface
Name: ae1.200
Type: Layer 3
Address: 10.10.200.1/24
Virtual Router: default
Tag: 200
Security Zone: Trust
Is this a valid configuration?
Thank you,
--
Rick Rutherford
10-10-2014 02:42 PM
Hello Rick,
PAN supports sub-interfaces on aggregate interfaces.
An excerpt from Panos Admin guide:
"Aggregate interface groups allow you to generate more than 1 Gbps aggregate throughput by
using 802.3ad link aggregation of multiple 1 Gbps links. Aggregation of 10Gbps XFP and
SFP+ is also supported. The aggregate interface that you create becomes a logical interface.
Interface management, zone profiles, VPN interfaces, and VLAN subinterfaces are all
properties of the logical aggregate interface, not of the underlying physical interfaces.
Each aggregate group can contain several physical interfaces of the type Aggregate Ethernet.
After the group is created, you perform operations such as configuring Layer 2 or Layer 3
parameters on the Aggregate Group object rather than on the Aggregate Ethernet interfaces
themselves."
Yes, the config is good and will work.
Regards,
Dileep
10-10-2014 02:42 PM
Hello Rick,
PAN supports sub-interfaces on aggregate interfaces.
An excerpt from Panos Admin guide:
"Aggregate interface groups allow you to generate more than 1 Gbps aggregate throughput by
using 802.3ad link aggregation of multiple 1 Gbps links. Aggregation of 10Gbps XFP and
SFP+ is also supported. The aggregate interface that you create becomes a logical interface.
Interface management, zone profiles, VPN interfaces, and VLAN subinterfaces are all
properties of the logical aggregate interface, not of the underlying physical interfaces.
Each aggregate group can contain several physical interfaces of the type Aggregate Ethernet.
After the group is created, you perform operations such as configuring Layer 2 or Layer 3
parameters on the Aggregate Group object rather than on the Aggregate Ethernet interfaces
themselves."
Yes, the config is good and will work.
Regards,
Dileep
10-13-2014 06:44 AM
Excellent -- thank you very much!
05-26-2022 11:31 AM
I set up exactly like Rick_Rutherford but I would to set up DHCP for ae1.100 (10.10.100.2 -250) but it doesn't let me create the DHCP.
Any one know why?
thanks,
Le
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
