This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Aggregation interface on virtual wire

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Aggregation interface on virtual wire

Tician
L3 Networker

‎03-18-2015 02:09 PM

Hello All,

Is there supported to create virtual wire aggregate group ae1 with 3 physical interfaces and another ae2 with another 3 physical interfaces, then form virtual wire with ae1 and ae2. Point of this setup is to put PA between two switches with port channel group formed with 3 physical interfaces.

Regards,

Predrag

Labels:
0 Likes Likes
6 REPLIES 6

hshah
L6 Presenter

‎03-18-2015 03:17 PM

Hi Tician,

It is supported, be cautious about trunking protocol configuration on cisco.

Regards,

Hardik Shah

0 Likes Likes

pulukas
L7 Applicator

‎03-19-2015 02:48 AM

This tech note outlines the process for a two interface bundle, but the same procedure can be used for three.  Naturally, the two AE will be separate v-wires but you can put them into the same zones.

Cisco Link Aggregation Traffic Through a Palo Alto Networks Device

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Tician
L3 Networker
In response to pulukas

‎03-19-2015 07:44 AM

This doc is good, but I considering case where trunk with multiple vlan's are deployed a cross port channel. If you don't aggregate this links on pan, that's mean that you need deploy two vwire interfaces from one switch to same security zone. But how can I make policies to secure traffic between two vlan's on this particular formed vwire. Should I create subinterfaces with vlan tag membership, or just make policies by source and destination IP, users and so on...?

0 Likes Likes

pulukas
L7 Applicator
In response to Tician

‎03-19-2015 01:53 PM

If I understand you correctly, your AE bundle is also a Q tag trunk port.  In that case you simply create the subinterfaces on the AE interface and match the tags.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks