About girvin

the problem I am having might be the same. though its domain\username and domain.com\username. support ticket has been open for a week now, we've spent 12 hours on it so far, and no resolution ... View more

I have been successful in deploying this type of setup and communicating between secondary vlans that were associated with different primaries.  What girvin is talking about is something I was trying to accomplish as well and was unsuccessful.  I wanted to have 2 secondary vlans associated to the same primary and regulate communication between the two.  The issue seems to be something to how the Palo Alto responds to proxy arp or lack thereof.  My setup was like this: Cisco Nexus: interface e1/1 promiscuous trunk with correct mappings PAN: int e1/1 (tried with aggregate ethernet as well) > layer 2 > associate to a vlan I called vlan-bridge int e1/1.100 > layer 2 > Tag 100 > vlan vlan.100 --> vlan.100 was then assigned an IP address. Now that I think about it, the physical and subinterfaces were in the same security zone.  I ran out of time and had to go a different route.  I wonder if having them in different security zones would be the issue? If anyone out there has some insight, please share. ... View more