Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-27-2013 10:47 AM
Hello all,
Is it possible to create an L2 tagged sub-interface and an L3 tagged sub-interface on the same physical interface.
For example.
Ethernet 1/6
Ethernet 1/6.100 --- L2 Interface. Security Zone "IPS only". /* this sub-interface will be used to Content-ID scan servers sitting on the same subnet as this interface but connected to another L2 interface on the same PaloAlto */
Ethernet 1/6.100 --- L3 - IP 204.50.105.195 Security Zone Untrusted /* this sub- interface that will deliver/NAT traffic in and out to a Trusted security zone on another L3 interface which is connected to the same PaloAlto /*
Is this possible? Doesn't look like it to me, but maybe it is.
Please let me know if any additional information is needed.
Thanks,
Matt
08-27-2013 11:14 AM
Hello Matt,
Yes.It is not possible to configure a L2 and a L3 sub-interface under one physical interface. Because, when you create that physical interface initially, we have to select 'interface type' option. So we select layer 3 as interface type, all the sub-interfaces under that physical interface should be layer 3 only
Hope that helps!
Regards,
Kunal Adak
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
