Palo Alto Firewall | Layer 2 Interface With Subinterfaces VLAN

Get 30% off with: You can use promo code: OSCAROGANDO2

Follow Me on Twitter:


When your organization wants to divide a LAN into separate virtual LANs (VLANs) to keep traffic and policies for different departments separate, you can logically group Layer 2 hosts into VLANs and thus divide a Layer 2 network segment into broadcast domains. For example, you can create VLANs for the Finance and Engineering departments. To do so, Configure a Layer 2 Interface, Subinterface, and VLAN.

The firewall acts as a switch to forward a frame with an Ethernet header containing a VLAN ID, and the destination interface must have a subinterface with that VLAN ID in order to receive that frame and forward it to the host. You configure a Layer 2 interface on the firewall and configure one or more logical subinterfaces for the interface, each with a VLAN tag (ID).

Share the Post:

Related Posts

Help Us By Donating