PPPoE Support on a Subinterface (VDSL VLAN Tagging)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PPPoE Support on a Subinterface (VDSL VLAN Tagging)

L1 Bithead

here there,

 

little question: any known plan's to support PPPoE on a subinterface?

 

reason:

since fiber to the building (FTTB) isn't something usual over here, we are stuck with xDSL (FTTC) for the years to come.

 

and this is where we have a problem with our pa2x0 installations right now, because pan-os doesn't support PPPoE on a subinterface (a common thing with VDSL).

right now there are 4 possible solutions for this missing feature (as far as i know)

 

1) waste a few interfaces (http://www.limvuihan.com/2018/06/palo-alto-pppoe-with-vlan-tag-its.html)

2) let a switch do the tagging (kinda like 1)

3) get a xdsl modem that is able to do the tagging

4) get a router that does all the internet connection stuff (downside: public ip is on the routers side and one more nat router-> pa)

 

all those workarounds are kinda meeee... with 3 being the most common one, but this also includes the need to configure the vlan tag on the modems side (different vlan tags depending on the isp)

 

thanks in advance,

andy

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

hi @ADK999 (Andy)

 

there's a feature request for this: FR ID: 3183

if you reach out to your sales team, you can have them add your vote and then they can keep you posted on any news regarding this

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

7 REPLIES 7

Cyber Elite
Cyber Elite

hi @ADK999 (Andy)

 

there's a feature request for this: FR ID: 3183

if you reach out to your sales team, you can have them add your vote and then they can keep you posted on any news regarding this

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

I voted for this feature request: FR ID: 3183 with my sales manager 2 or 3 years ago.  I would really like to use a Palo Alto for my use case but I couldn't wait.  It seems like a simple enough request for a common issue. If Network Engineers have to use a different solution when configuring VDSL they may find that other solution acceptable for their other use cases as well.  I see potential in not addresses this request leading to lost business.

 

Scenario:

 

A business with branch offices in areas where the only option is VDSL have to use a firewall at that branch that isn't a PA. The business makes a decision to standardize on one platform. At this point PA is out of the running. To standardize all the firewalls would be a vendor other than PAN.

L1 Bithead

Hi,

is still the same situation? I am also facing this issue and all soloutions so far are not really satisfying. Thanks.

hey holger,

 

nothing changed. it's one of the things where pan is a bit out of touch with reality, also ipv6 dhcp client on a interface is to new...

 

i migrated the small office branches partial to sophos and if not possible to paloalto and a draytek vigor 165 vdsl modem.

 

servus,

andy

L1 Bithead

3 years later, still no vlan tagging + PPPoE possible on a Palo Alto. 😞

Disappointing for sure, most of Bell Canada fiber to the premise is PPPoE over VLAN35, Bell Multicast over VLAN36... Basically unable to use a brand new PA-460.

 

Edit: potential work around? Will give this a try...

https://www.bitstrom.nl/post/paloalto-pppoe/

L1 Bithead

I'll post an update here as it's the first search result, but it looks like this feature is available from PAN-OS 11.0.

 

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-release-notes/features-introduced-in-pan-os/net...

 

bgre033_0-1680576555224.png

 

  • 1 accepted solution
  • 12151 Views
  • 7 replies
  • 6 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!