09-19-2013 01:37 AM
I am trying to configure a L2 trunk from a Cisco 3750 to a Palo 5020
I cannot find any info on how to configure the Palo, as the terminology is different to me.
As a side note we are also running two 5020's in an Active/Active configuration
I have tried configuring it but getting errors saying L2 interfaces not supported in HA active/active
I need to run OSPF to the Palo so have to have L3 interfaces
Can anyone provide any assistance.
If we can start with the Trunk and sub interfaces on the Palo and take it from there.
Thanks
Roger
09-19-2013 02:28 AM
Hello Roger,
Configure Layer3 sub-interfaces for physical interface that connects to the Trunk port as exhibited in the following documents
How to Create Tagged Sub-Interfaces
(section For PAN-OS 4.1)
You may also use following tech note for reference :
09-19-2013 03:18 AM
Thanks,
We are running 5 so the config is a bit different, I have configured the L3 subinterfaces.
However I want this to trunk to a Cisco switch and if you make e1/1 a L2 interface then you cannot make the sub-interfaces L3?
I just need to know:
How to make a port a trunk port
What do I configure the Cisco end as
Then create sub interfaces to be able to ping.
Thanks
09-19-2013 03:36 AM
You can configure eth1 as L2,create L2 sub-interfaces foe eth1 with tags needed and assign these to a VLAN.
An L3 vlan interface can then be created to terminate OSPF .
Ref :Layer 2 Networking
09-19-2013 04:19 AM
OK I have managed to get it working now 
L3 interface which is trunking to a Cisco 3750 and L3 subinterfaces which I can ping from the Cisco
Cisco 3750 Configuration
interface FastEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
end
SwitchTEST#sh int trunk
Port Mode Encapsulation Status Native vlan
Fa1/0/1 on 802.1q trunking 1
Thanks for the help
Is there any documentation about how the Palo's form a trunk?
I just set the Cisco to mode trunk and it works so assume that is the best thing to do?
Roger
Currently studying for my CCIE in R&S!
latest updates on my CCIE Blog - www.rogerperkin.co.uk/ccie
09-19-2013 04:56 AM
You said it is working? On the cisco it appears Fa1/0/1 is set to use vlan tag=1. While on the PA eth1/1.2 and eth1/1.4 are set to VLAN tags=2 and 4, respectively. There seems to be a mismatch.
The trunk on the PA is using 802.1q standard and the packets are marked with vlan tag just like the Cisco. Thanks.
09-19-2013 05:00 AM
It is working!
The 1 on the Cisco output refers the the Native Vlan
The port is running as a trunk and any traffic that comes into the trunk that is not tagged will be put into Vlan 1
Roger
09-19-2013 05:25 AM
thanks for the confirmation.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
