PPPoE Support on a Subinterface (VDSL VLAN Tagging)

Showing results for 
Search instead for 
Did you mean: 

PPPoE Support on a Subinterface (VDSL VLAN Tagging)

L1 Bithead

here there,


little question: any known plan's to support PPPoE on a subinterface?



since fiber to the building (FTTB) isn't something usual over here, we are stuck with xDSL (FTTC) for the years to come.


and this is where we have a problem with our pa2x0 installations right now, because pan-os doesn't support PPPoE on a subinterface (a common thing with VDSL).

right now there are 4 possible solutions for this missing feature (as far as i know)


1) waste a few interfaces (http://www.limvuihan.com/2018/06/palo-alto-pppoe-with-vlan-tag-its.html)

2) let a switch do the tagging (kinda like 1)

3) get a xdsl modem that is able to do the tagging

4) get a router that does all the internet connection stuff (downside: public ip is on the routers side and one more nat router-> pa)


all those workarounds are kinda meeee... with 3 being the most common one, but this also includes the need to configure the vlan tag on the modems side (different vlan tags depending on the isp)


thanks in advance,



Cyber Elite
Cyber Elite

hi @ADK999 (Andy)


there's a feature request for this: FR ID: 3183

if you reach out to your sales team, you can have them add your vote and then they can keep you posted on any news regarding this



Tom Piens
PANgurus - (co)managed services and consultancy

I voted for this feature request: FR ID: 3183 with my sales manager 2 or 3 years ago.  I would really like to use a Palo Alto for my use case but I couldn't wait.  It seems like a simple enough request for a common issue. If Network Engineers have to use a different solution when configuring VDSL they may find that other solution acceptable for their other use cases as well.  I see potential in not addresses this request leading to lost business.




A business with branch offices in areas where the only option is VDSL have to use a firewall at that branch that isn't a PA. The business makes a decision to standardize on one platform. At this point PA is out of the running. To standardize all the firewalls would be a vendor other than PAN.

L0 Member


is still the same situation? I am also facing this issue and all soloutions so far are not really satisfying. Thanks.

hey holger,


nothing changed. it's one of the things where pan is a bit out of touch with reality, also ipv6 dhcp client on a interface is to new...


i migrated the small office branches partial to sophos and if not possible to paloalto and a draytek vigor 165 vdsl modem.




L1 Bithead

3 years later, still no vlan tagging + PPPoE possible on a Palo Alto. 😞

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!