Panorama CLI command to add a tunnel interface to a zone

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama CLI command to add a tunnel interface to a zone

L1 Bithead

Trying to use the Panorama CLI to edit a template and add a tunnel interface, and also assign it to an existing zone in the same template. Does anyone know the CLI command to do this?

 

I can add the tunnel interface and assign it to a virtual router like this:

 

configure
edit template myTemplate
set config network interface tunnel units tunnel.100 comment myTunnelInterface
set config network virtual-router default interface tunnel.100

But I cant find the CLI command to then assign a zone to this tunnel interface on the Panorama CLI. Any ideas?

 

 

1 accepted solution

Accepted Solutions

You need to add tunnel.100 to vsys1 before it can be assigned a zone.

set config network interface tunnel units tunnel.100

set config vsys vsys1 import network interface tunnel.100

set config vsys vsys1 zone myZone network layer3 tunnel.100

View solution in original post

4 REPLIES 4

L3 Networker

It's under the vsys config.

edit template myTemplate

set config vsys vsys1 zone .........

I tried that, but the options under the vsys command dont include tunnel interfaces - only has layer2, layer3, tap, virtual-wire.

 

 

#set config vsys vsys1 zone myZone network

+ log-setting               Log setting for forwarding scan logs
+ zone-protection-profile   Zone protection profile
> layer2                    Layer2 interfaces
> layer3                    Layer3 interfaces
> tap                       Tap mode interfaces
> virtual-wire              Virtual-wire interfaces
  <Enter>                   Finish input

 

 

Even if i select layer3, i only see loopback, vlan or an option to add a list of values, which also comes back with "invalid reference" if i list my tunnel interface there.

 

# set config vsys vsys1 zone myZone network layer3
  [          Start a list of values.
  loopback   loopback loopback
  vlan       vlan vlan
  <value>    member value


 

 

 

# set config vsys vsys1 zone myZone network layer3 [tunnel.100]
Server error :  layer3 '[tunnel.100]' is not a valid reference


 

 

 

You need to add tunnel.100 to vsys1 before it can be assigned a zone.

set config network interface tunnel units tunnel.100

set config vsys vsys1 import network interface tunnel.100

set config vsys vsys1 zone myZone network layer3 tunnel.100

That was it! Thanks a lot for your help!

  • 1 accepted solution
  • 7559 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!