Configuring Interface Management Profile and Assign it to Agg Interface

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Configuring Interface Management Profile and Assign it to Agg Interface

L2 Linker

Hi All,

 

I have a customer that looses it's access to the Web GUI of the PAN Firewall except console connection. Aggregate Interface is configured. Can I assign an interface management profile via CLI on the aggregate interfaces? E.g. ae1.100? When i type set network interface aggregate-ethernet and hit the "?" I can't see tha aggregate interfaces configured except ae1. I want to configured an interface management profile and assigned it to ae1.100 but on the cli it does not show except the ae1.

2 accepted solutions

Accepted Solutions

L1 Bithead

Hi, 

You are half-way to reach your sub-interface to configure in your syntax.

network interface aggregate-ethernet ae1 layer3 unit 100 ?

After this you can configure required settings on the sub-interface.

View solution in original post

Cyber Elite
Cyber Elite

 

Hi,

 

So you do not have dedicated management interface of the firewall?

Normally we access firewall via Management interface ip address.

 

If you want to use Agg Interface and apply Management profile you can do this via GUI also.

In our setup we have say aggregate interface ae1 and we have applied management profile to ae1.100

 

From CLI  you can do this way 

 

 

set network interface aggregate-ethernet ae3 layer3 units
ae3. ae3.
ae3.3849 ae3.3849
<value> name value

MP

Help the community: Like helpful comments and mark solutions.

View solution in original post

7 REPLIES 7

L1 Bithead

Hi, 

You are half-way to reach your sub-interface to configure in your syntax.

network interface aggregate-ethernet ae1 layer3 unit 100 ?

After this you can configure required settings on the sub-interface.

Cyber Elite
Cyber Elite

 

Hi,

 

So you do not have dedicated management interface of the firewall?

Normally we access firewall via Management interface ip address.

 

If you want to use Agg Interface and apply Management profile you can do this via GUI also.

In our setup we have say aggregate interface ae1 and we have applied management profile to ae1.100

 

From CLI  you can do this way 

 

 

set network interface aggregate-ethernet ae3 layer3 units
ae3. ae3.
ae3.3849 ae3.3849
<value> name value

MP

Help the community: Like helpful comments and mark solutions.

Will try your suggestion once we resume the support tomorrow. How about sub-interfaces? I also try on my virtual labs, I can't see on the CLI the sub-interfaces that I created.

They access the firewall via management interface but they only restrict it to one pc, unfortunately they forgot the password to that machine and can't login that's the only pc they use to access the firewall management interface.

I will try this tomorrow. I try to do a sub-interface on my virtual lab and it seems that I can't also see the sub-interfaces on the CLI when I try to apply an interface management profile

We have below sub interfaces on the PA 5220

 

a3.3749

a3.3756

 

Where A3 is Aggregate Interface

 

IF you use the command which I mention earlier you should see sub interfaces  as I see on my PA.

IF you have Virtual PA in lab then as per my knowledge the VM does not support sub interfaces

 

 

MP

Help the community: Like helpful comments and mark solutions.

I try the units on my sub-interfaces instead of aggregate interface and it works. I change the sub-interface interface management profile. I hope this will work tomorrow on our clients production networks. Will update once it works

Hi,

 

This resolves the issue. thanks a lot.

  • 2 accepted solutions
  • 6764 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!