This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

what's the difference between VLAN-interface and L3-subinterface?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

what's the difference between VLAN-interface and L3-subinterface?

stanislavm
Not applicable

‎05-12-2011 02:29 PM

hi all,

can you please explain exact difference between the VLAN-interface and L3-subinterface. i've read the forum and saw some docs but i'm still confused with it.

0 Likes Likes
5 REPLIES 5

mharding
L4 Transporter

‎05-13-2011 06:27 AM

The L3 subinterface is for router-on-a-stick/trunking configurations. You could use one switch with three different VLANs and trunk them all back to one interface using an ethernet cable. The alternative would be to buy three switches and use three different interfaces on your firewall. It's cost savings/easy configuration/less cabling.

I haven't done anything with a PAN devices in L2 yet. I think you can group interfaces together that way.

0 Likes Likes

stanislavm
Not applicable
In response to mharding

‎05-13-2011 06:39 AM

i knew it! Smiley Wink

the Q is still open. is VLAN-interface analog to SVI interface in cisco catalysts or not? so i can point two or more phisical ports (L2 type) to ONE vlan and make VLAN-interface for routing. am i right?

0 Likes Likes

stanislavm
Not applicable
In response to stanislavm

‎05-16-2011 08:16 AM

someone! explain, plz

0 Likes Likes

bpappas
L6 Presenter
In response to stanislavm

‎05-16-2011 10:43 AM

You can do this, BUT we do not recommend it for most environments.

Debugging traffic flows is more involved when you set up multiple L2 interfaces and use VLAN interfaces.

Let's take a look at the two scenarios:

scenario 1:

L3 interface with multiple 802.1q tagged subinterfaces

sessions on the firewall show up with the subinterfaces as ingress and egress (via the show session info command or via the details on the web UI).

scenario 2:

L2 interfaces and VLAN interfaces

sessions on firewall show up with the L2 interfaces as the ingress and egress interface. VLAN interfaces do not show up as ingress or egress interface.

In scenario 1 when you want to verify a traffic flow you check the details on a session to validate that the ingress and egress interfaces are correct.

In scenario 2 you must use the debug commands to debug traffic flow. Using the debug commands is a non-trivial activity and if done improperly can cause resource exhaustion on the dataplane.

stanislavm
Not applicable
In response to bpappas

‎05-16-2011 12:55 PM

many thks for clear answer.

0 Likes Likes
  • 8464 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks