This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

VLAN's with Palo Alto - Primer/Tutorial?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

VLAN's with Palo Alto - Primer/Tutorial?

networkadmin
L4 Transporter

‎04-18-2012 02:02 PM

One of our switches has a couple of untagged connections into our PAN.

Each connection is configured on the PAN as a regular L3 interface with an IP address assigned and the interface is in the appropriate zone.

I'm interested in reclaiming one of the NICs on the PAN so it would be nice to be able to run a trunk from the switch to the PAN.

Where I'm struggling a little is in making sense of the Admin Guide on how I do this - specifically how I tell the PAN that I have VLAN20 and VLAN30 coming into it, and I want to assign the PAN 192.168.1.254 on VLAN20 and .2.254 on VLAN30 and have the VLAN interfaces assigned to the zones that the L3 interfaces were in (as at this point I wouldn't be using those two L3 interfaces).

I'm sure my terminology is a bit off for which I apologise, but hopefully I've explained what I'm looking to do - are there any example white papers or tutorials please?

If there's any questions just ask.

Thanks.

0 Likes Likes
4 REPLIES 4

rmonvon
L6 Presenter

‎04-18-2012 02:31 PM

Hi...Please review Case 1 in this 'Securing Inter VLAN traffic' doc.  It has the configuration for multiple VLANs on one port.

https://live.paloaltonetworks.com/docs/DOC-1618

Thanks.

0 Likes Likes

networkadmin
L4 Transporter
In response to rmonvon

‎04-19-2012 08:58 AM 

rmonvon wrote:
Hi...Please review Case 1 in this 'Securing Inter VLAN traffic' doc.  It has the configuration for multiple VLANs on one port.
https://live.paloaltonetworks.com/docs/DOC-1618
Thanks.

That looks absolutely spot on thank you.

So in that scenario (Case 1) I wouldn't have any data going into the Palo Alto untagged on that interface, it would be a pure trunk port?

Presumably on the Palo Alto I would only need to create sub-interfaces for any VLANs that I wanted the Palo Alto to handle and anything else on that trunk would just be ignored by the PAN?

It looks like a 5 minute thing (plus changing the uplink from the switch from an access port to a trunk) so I'm suspicious as I assumed it would be more complicated than that?

0 Likes Likes

bentech
Not applicable
In response to networkadmin

‎05-06-2012 07:26 AM

i hadnt seen any documentation on this so i configured it a bit different - i configured a layer 2 interface with a layer 2 subinterface for each vlan - int 1/6 - 1/6.10 1/6.20 etc, than i created vlans and layer 3 vlan interfaces - everything seems to be working - any idea if theres a downside to keeping it this way?

0 Likes Likes

rmonvon
L6 Presenter
In response to bentech

‎05-06-2012 08:44 AM

Either method will work.  Thanks.

0 Likes Likes
  • 3174 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks