Port Channel to Cisco Switch

Reply
Highlighted
L0 Member

Port Channel to Cisco Switch

Hi,

I have Palo Alto 3020/5020 firewalls and I would like to configure a port channel (ether channel) between these devices and a Cisco switch.

I have configured an aggregate link on the Palo and added the interfaces. I have created the Port Channel on my Cisco but I am not seeing the AE interface coming up.

Has anyone got a guide on how this can be done or if it can be.

Many thanks in advance

SImon


Accepted Solutions
Highlighted
L6 Presenter

All Replies
Highlighted
L5 Sessionator

Hello Simon,

PAN does not LACP aggregation with Cisco Switches. A static/manual port configuration is required for PAN - Cisco link aggregation.

Here is the document which might help you:

Cisco Link Aggregation Traffic Through a PAN Device

Regards,

Kunal Adak

Highlighted
L6 Presenter
Highlighted
L5 Sessionator

Palo Alto Networks firewalls currently support 802.3ad for link aggregation.

For load balancing:

  • Sessions originating from the firewall will be sent through the links using a round-robin method.
  • Device sending traffic to the firewall via the aggregated link also needs to be configured for load balancing.

LACP (Link Aggregation Control Protocol, 802.1ax) is not supported.

The above information can also be found at the following link

https://live.paloaltonetworks.com/docs/DOC-3594

If LACP is something that would be helpful in your environment. I would suggest request a feature with local Sales Engineer.

Hope this helps.
Thanks

Numan

Highlighted
L0 Member

Thanks for the info, managed to get this working now

Highlighted
L0 Member

Hello sjy2013,

Can you please tell, which documents helped you managing this task? Or even better, could you post your palo-config?

Thank you for your reply.

Best regards, Karl

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!