So I configured Link Aggregation on my PA5260 running 8.1.
The first pair of links in ae1.8 comes up perfectly using 192.168.255.3/25 as the IP address. The second pair of links in ae2.9, however, refuse to respond on 192.168.255.131/25. The second pair is in a different security zone and there are no policies in place to block the ping requests to that address. I've also got a management profile running on it to allow pings. For the most part (other than the zone and VID) it is setup exactly as the first pair. LACP is not configured either.
Only once I change the second pair to 192.168.254.3/25 does it start responding to pings as expected. Is this a design requirement (completely seperate subnets?) or have I missed something. Any input is greatly appreciated. Thanks!
I would double check the logs and filter by source and desitnation IP's to verify. If you have the proper policies and management profiels applied tothe interfaces, it should work.
Agreed, I would imagine it should work. But it doesn't.
I'm pretty sure all the policies and profiles are correct as it works perfectly
once I change to another subnet - no other changes. Strange.
I looked at the monitor log as well, and I don't see any of the traffic.
I think it's because there is no specific policy allowing the pings but instead
a management profile.
If there is no log and no policy, I would create a policy that logs and allows ping. By default new policies dont log :(. Best is to set it to log at session end.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!