Hi community,
See attached visio.
And supplied notes.
There is no reason this won't work ?
The reason for this is to,
- Capture east/west 'inter-vlan' traffic that would normally be routed by L3 switch carrying SVIs, aka move the 'SVIs' up to the PAN. But that can't be done by a standard .1q trunk on an A/A setup, because A/A will not support L2 interfaces. So these L3 legs are created between switch and PAN.
- Floating IP with the 'bound to a/p' for manual preference of active during fail event (https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/use-case-configure...)
- Routing on switch side (wide mask to catch all vlans) to send next hop to floating IP on PAN
- Want PAN to receive traffic of L3 interface -> send through packet flow/processing -> and egress it out one of the two L3 interfaces bound back to switch/aka probably the same interface really.... with a similar route (wide mask), back to L3 IP address end of switch.
(Question - One interface is on A/A member, one on the other. Anything I have to accommodate here ?.. i.e. would normally need routing to preference a leg.. floating static or dynamic (OSPF)) with a similar route (wide mask)
I get inter-vlan processing on PAN without needing to 'router on a stick' .1q backhaul all SVIs to PAN and maintain A/A.
That's the goal.
Thoughts ?
