PA-220 Aggregate Interface with LACP supported?

cancel
Showing results for 
Search instead for 
Did you mean: 

PA-220 Aggregate Interface with LACP supported?

L1 Bithead

Hi,

 

I need to confirm whether the PA-220 is able to aggregate 2 interfaces or more in a LAG (LACP).

 

I was able to find out that the PA-200 does not support aggregating interfaces with LACP, but the PA-220 is rather new and I have not been able to find a definitive statement about it. The product comparison indicates that it should be suported on up to four interfaces. Meanwhile the datasheet does not list LACP support.

 

Product comparison:

https://www.paloaltonetworks.com/products/product-comparison.html?chosen=pa-220,pa-200

 

PA-220 datasheet:

https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resour...

 

 

8 REPLIES 8

Cyber Elite
Cyber Elite

@R.Borgmaster,

I'm not positive but I'm also actually pretty interested to know the answer. I'll ask one of the hardware guys here at ignite17 today to let you know what I find out if someone else doesn't answer your question before then. 

@R.Borgmaster,

 

It is possible to aggregate them using LACP I have done that and it works well.

@R.Borgmaster,

I forgot to update this and I thought the hardware guy that I talked to said he would post about it. @PAN-Expert is correct and I've verified it with one of the hardware guys at Ignite17, this will function perfectly fine and is fully supported. 

@R.Borgmaster,

Let me know if you need any parts of the configuration from the PA-220 for LACP.

L1 Bithead

Thank you both! I have no need to implement this at this stage. I only needed to confirm whether it was an actual feasible option to at all list it in an internal decision meeting. 

@PAN-Expert,

Out of curiosity, because it was something that we were talking about when I was chatting with the hardware engineer, what was your use case for actually using Aggregated LACP interfaces on a PA-220? The only use cases that we could come up with were better answered by PBF considering the devices throughput limitations. 

The objective would in that case have been to provide maximal availability. Terminating the LAG over both switches in the below (distributed LAG) would tolerate a switch loss without even triggering a PA FW failover, and could also even tolerate that one switch is down in combination with that also one PA FW is down.

 

 

 

 

Branch office L2 Setup Concept (Dual Switch with LAG).png

FYI: Probably not that important on a PA-220 but LACP prenegotiation is not supported on this platform (the same as with the PA-800 series)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!