07-10-2018 06:45 PM
Is below configuration possible?
1. 1 layer3 interface act as gateway and DHCP
2. 1 layer2 interface interconnect to the layer3 interface above. The computer connected to this interface can reach the layer3 gateway and IP address receive from its DHCP
In short, 2 interfaces use the same gateway and DHCP.
07-10-2018 07:35 PM
Hello BPry,
Correct. I'm now testing a PA-220.
Due to lack of network switch (in testing env). I want to use 2 interfaces connect to 2 computers. And these 2 computers need connect to the same gateway and receive IP address from the same DHCP.
Of course I've plenty of switch in production environment. I just want to see if this kind of configuration is possible on PA-220.
07-10-2018 07:42 PM
Ya I don't think what you are trying to do here is going to work at all. As soon as you attempt to configure the second interface you'll get validation errors due to the interfaces sitting on the same subnet.
07-10-2018 07:51 PM
BPry
So far my attempt either not work or even can't pass validation.
I thought PAN-OS 8 can emulate a virtual cable connect between layer3 (as router) and layer2 (as switch).
Maybe I go find a spare network switch instead.
07-16-2018 02:47 PM
Hello,
How about using a VLAN interface as the layer 3 and the physical as layer 2?
Just a thought.
07-16-2018 07:36 PM
Hello Otakar,
In pan-os 8. I can't select a layer 3 interface when create VLAN
09-07-2018 09:41 AM
Hi guys,
I'm trying a similar setup, I'm installing a new pa820 replacing our old pa500, but currently the pa500 is acting as a router/gateway to clients and servers, but users are experiencing slow intervlan performance(the pa sub int seems to not run at 1gb wire speed). So I'm making the pa820 have layer2 sub int that will bridge to our layer3 cisco svi int and use the svi int as gateways, I'm trying to find the best plan of attack before making changes, thanks in advanced.
09-07-2018 12:38 PM
See my reply on your discussion topic.
The PA-500 wouldn't achieve wire speed as soon as you enabled either app-id or Threat Prevention, and you likely have both enabled. If you were even getting this to work with a PA-500 in a somewhat respectable manner the PA-820 should perform without issue in the same exact configuration.
09-07-2018 01:04 PM
Thanks for the reply Bpry, we do have threat prevention and app-id on, and had to move any dbase users to the same vlan cause of the slowdowns, so with the pa820 it should resolve that, I actually went and did the import export already to the pa820, and will change the cables at the end of the day to test.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
