This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Use PA-500 ports as additional access ports (switch ports)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Use PA-500 ports as additional access ports (switch ports)

Go to solution
adam_plaid
L0 Member

‎08-20-2014 10:35 AM

I was hoping to get some direction.  I have deployed a PA500 in a small office using a standard L3 deployment (one trusted (LAN) and one untrusted (WAN) interface) and need a few switch-ports on the LAN side for access points.  Is it possible to add additional interfaces to the trusted zone and use them as switch ports in the same subnet and virtual router as my current L3 trusted interface?

I found the document in the KB explaining how to connect L2 and L3 networks but I don't think that is what I need to do.

I really don't want to put a cheap 8-port switch in front of my nice firewall 🙂

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
pulukas
L7 Applicator

‎08-20-2014 11:23 AM

You can create a vlan group for this purpose and replace your current L3 interface with a vlan interface.

  • On the desired interfaces set them to L2 type
    under Networks->interfaces->Ethernet
  • Create a vlan "inside" and put all the L2 interfaces into that vlan
    under Networks->VLANS
  • Remove your L3 interface
  • Create a VLAN interface and place into the trust zone and your L3 ip address.  Add the new vlan to this interface
    under Networks->Interfaces->VLANS
Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
pulukas
L7 Applicator

‎08-20-2014 11:23 AM

You can create a vlan group for this purpose and replace your current L3 interface with a vlan interface.

  • On the desired interfaces set them to L2 type
    under Networks->interfaces->Ethernet
  • Create a vlan "inside" and put all the L2 interfaces into that vlan
    under Networks->VLANS
  • Remove your L3 interface
  • Create a VLAN interface and place into the trust zone and your L3 ip address.  Add the new vlan to this interface
    under Networks->Interfaces->VLANS
Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

Go to solution
hshah
L6 Presenter
In response to pulukas

‎08-21-2014 12:31 PM

Hello Adam,

Here I have taken Example for  Ethernet1/9 as a port to be in VLAN1.

1. Delete Configuration for L3 Ethernet Port.

2. Create L3 VLAN, as mentioned bellow.

L3.png

2. Change Etherenet 1/9 into Layer 2 Port.

Change to L2 Port.png

3. Add Etherenet 1/9 into VLAN

Add_Ports_L3.png

Likewise you can add more ports to same VLAN.

Let me know if this helps.

Regards,

Hardik Shah

  • 1 accepted solution
  • 4215 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks