Port Channel to Cisco Switch

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Port Channel to Cisco Switch

L0 Member

Hi,

I have Palo Alto 3020/5020 firewalls and I would like to configure a port channel (ether channel) between these devices and a Cisco switch.

I have configured an aggregate link on the Palo and added the interfaces. I have created the Port Channel on my Cisco but I am not seeing the AE interface coming up.

Has anyone got a guide on how this can be done or if it can be.

Many thanks in advance

SImon

1 accepted solution

Accepted Solutions

5 REPLIES 5

L5 Sessionator

Hello Simon,

PAN does not LACP aggregation with Cisco Switches. A static/manual port configuration is required for PAN - Cisco link aggregation.

Here is the document which might help you:

Cisco Link Aggregation Traffic Through a PAN Device

Regards,

Kunal Adak

L5 Sessionator

Palo Alto Networks firewalls currently support 802.3ad for link aggregation.

For load balancing:

  • Sessions originating from the firewall will be sent through the links using a round-robin method.
  • Device sending traffic to the firewall via the aggregated link also needs to be configured for load balancing.

LACP (Link Aggregation Control Protocol, 802.1ax) is not supported.

The above information can also be found at the following link

https://live.paloaltonetworks.com/docs/DOC-3594

If LACP is something that would be helpful in your environment. I would suggest request a feature with local Sales Engineer.

Hope this helps.
Thanks

Numan

Thanks for the info, managed to get this working now

Hello sjy2013,

Can you please tell, which documents helped you managing this task? Or even better, could you post your palo-config?

Thank you for your reply.

Best regards, Karl

  • 1 accepted solution
  • 23154 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!