L2 subinterface + L3 subinterface on the same interface

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

L2 subinterface + L3 subinterface on the same interface

L0 Member

Hello all,

Is it possible to create an L2 tagged sub-interface and an L3 tagged sub-interface on the same physical interface.

For example.

Ethernet 1/6

    Ethernet 1/6.100 --- L2 Interface.    Security Zone "IPS only".      /* this sub-interface will be used to Content-ID scan servers sitting on the same subnet as this interface but connected to another L2 interface on the same PaloAlto */

    Ethernet 1/6.100 --- L3 - IP  Security Zone Untrusted         /* this sub- interface that will deliver/NAT traffic in and out to a Trusted security zone on another L3 interface which is connected to the same PaloAlto /*

Is this possible?  Doesn't look like it to me, but maybe it is.

Please let me know if any additional information is needed.




L5 Sessionator

Hello Matt,

Yes.It is not possible to configure a L2 and a L3 sub-interface under one physical interface. Because, when you create that physical interface initially, we have to select 'interface type' option. So we select layer 3 as interface type, all the sub-interfaces under that physical interface should be layer 3 only

Hope that helps!


Kunal Adak

  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!