See attached visio.
And supplied notes.
There is no reason this won't work ?
The reason for this is to,
- Capture east/west 'inter-vlan' traffic that would normally be routed by L3 switch carrying SVIs, aka move the 'SVIs' up to the PAN. But that can't be done by a standard .1q trunk on an A/A setup, because A/A will not support L2 interfaces. So these L3 legs are created between switch and PAN.
- Floating IP with the 'bound to a/p' for manual preference of active during fail event (https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/use-case-configure...)
- Routing on switch side (wide mask to catch all vlans) to send next hop to floating IP on PAN
- Want PAN to receive traffic of L3 interface -> send through packet flow/processing -> and egress it out one of the two L3 interfaces bound back to switch/aka probably the same interface really.... with a similar route (wide mask), back to L3 IP address end of switch.
(Question - One interface is on A/A member, one on the other. Anything I have to accommodate here ?.. i.e. would normally need routing to preference a leg.. floating static or dynamic (OSPF)) with a similar route (wide mask)
I get inter-vlan processing on PAN without needing to 'router on a stick' .1q backhaul all SVIs to PAN and maintain A/A.
That's the goal.
Solved! Go to Solution.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!