Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Layer 2 network extension

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Layer 2 network extension

L1 Bithead

Is it possible to extend the layer 2 network over the layer 3 network to the other site using Palo Alto

Basically I am trying to extend the VLAN to other site. Not sure if this can be achieved with Palo Alto. Any suggestion are welcome

6 REPLIES 6

Cyber Elite
Cyber Elite

just put the interfaces into layer2 mode and add them to a vlan (not a vlan interface, that's like a VRF)

add subinterfaces for each vlan tag you want to stretch if you're attaching trunk interfaces

 

below is a very basic example, in case you're not using trunk interfaces:

I have a small internet facing switch, and 2 internal switches. it's all a 'single vlan' so i'm not using tagged subinterfaces

reaper_0-1713194423704.png

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Just because you can doesn't mean you should. Why do you want to extend L2 across sites?

Thank you for your response Reaper,

you are using the vlan on the same site but i want to extend this layer 2 vlan to the far end site using layer 3 network. Which seems to be difficult using Palo Alto 

That is the exceptional requirement for the user, hence wanted to check if it is feasible on Palo Alto

Please find the attached for the better understanding of the requirement

Cyber Elite
Cyber Elite

ah you want to stretch L2 across sites over a VPN connection. This is not a function offered by Palo Alto (or any firewall AFAIK), this would be something that is handled by network equipment or a Telco/ISP/WAN operator

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1254 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!