Palo Alto Firewall | Layer 2 Interface With Subinterfaces VLAN Configuration

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
we are going to learn how to configure allow you to deployment in a Palo Alto firewall with sub interfaces which are basically villains so what we are going to be doing is we are going to add in this interface right here as a trunk this one is also going to be a trunk this interface is going to be the default VLAN this one is going to default VLAN and this one is going to have been in 100 and this one is also going to have belong 100 and and that is why we need to trunk this interface in this interface because there are going to be two different types of or two different VLANs going through this interface therefore we need to have a trunk in between them so let's go ahead and start this I am on the Palo Alto firewall and before we do anything let's go and create two zones which is going to be the end zone these two are going to be in and this one is going to the out so let's go into and say in it's going to be a lawyer too let's go in ok create another one and this one's going to be called out because it's going to be assigned to this one and it's continue for a later two department if you don't stay it for later - we won't be able to assign it to the interface so make sure that you do that then we can go ahead and create three minutes for every nine is going to be V nine home which is going to it for the drunken interface or we can just call it meaning trunk which is going to it for these two interfaces right here then the other villains are we going to have is VLAN out and this villain I was going through for this interface right here 1/3 and then the last one is going to be for the sub-interface one is going to the VLAN in 100 and those are going to be used for the sub interfaces okay so that is good now let's go ahead and go into interfaces let's go and configure 1/1 this one which is going to be a shrunken interface which between Palo Alto firewall and the Cisco switch so we have a layer 2 interface type that's good let's go ahead and select v9 trunk because she's going to be drunken and for the security zone it's going to be in so let's go ahead and add in advanced you got to make sure the link state says up and no I'll go just let's go ahead and save it as up that is good and then let's go ahead and create 1/2 and it's going to be the same configuration for 1/2 so it is type interface 2 we are going to add the VLAN trunk and for this one it's going to have the security zone of n good not as coding and configure the last interface which is going to be this one right here and this one's going to have VLAN out and it's going to have the zone of out good so before we create the sub interfaces or the v9 who need to go and configure the Cisco switches so it's going enable it's got in config to you let's just give it a hostname for this one and switch to now let's go and create a VLAN it's going to be nine 100 okay so after that villain is created we need to go quite an exit let's go into interface Ethernet 0 this one is going to be a switch sport mode trunking then it's going to be a switch port there's two trunk allow rename oh I want to allow all of them because to this interface we are going to the VLAN 100 and the default VLAN as well also we can do a switch port trunk encapsulation dot1q and let's go ahead and do the same for switch number three in a row config T hostname let's give it a hostname of s3 let's create VLAN 100 put an exit and also I forgot to add for interface 1/1 this one is to be assigned to so it's quite interface exercise one just once we export mode access and switch port access v9 only to VLAN 100 and then we're going to lose manager e port fast you come to enable poor fast so that's good now let's go heading to switch 3 let's finish that configuration we clear the VLAN now it's going to interface each service 5:03 sport mode trunk switch port trunk allow VLAN Oh and Swissport trunk encapsulation dot1q that is called the interface each slice one switchport mode access then switch port access VLAN 100 that will do spanning-tree portfast enable good so that is done configuring not let's go ahead and go into the palo alto and let's configure those sub interfaces so for 1/1 we are going to add let's go and select it and add a sub interface and for this this one is going to be some interface 100 the tag is going to also be 100 the vnn it's going to be VLAN 100 and for the security zone it's going to be in let's go ahead and select interface 1 / 1 / 2 this one is going to be also VLAN 100 and VLAN 100 because for this two needs to have VLAN 100 because we're done 100 it's configured right here and configure over here the default is a very configure the default Lina so we don't need to do that and then 100 securities on in then let's go ahead and do it for this one either cell interface let's also go ahead and just add VLAN 100 we don't know 100 window we're not really going to use it I'm just going to so you guys can see how it is configure security zone out and since we are have this zone as out we need to go ahead and create a policy if we want to reach out to this one and at this policy I'm going to call it into out so in to out source you want to add a source of in destination out actions we want to allow it and this is because the reason is whenever you go from one zone to another by default Palo Alto does not allow communication between two different zones but if they are in the same zone like this - by default there are allowed as you can see right here the intra zonal in the same zone the action is to allow it as you can see right here but if there are a Interzone which means going from one in from one zone to another the default action for the firewall is to deny and that's why I just configure one just to allow it so that's good everything is good let's go ahead and commit our changes if you don't commit it that it's not going to save into the running configuration so we need to just go ahead and commit it so it can be saved in the running configuration so let's just wait for it and there we go so that is done now let's go ahead and verify into switch 3 now that's going to end it and if we do a show interfaces trunk we don't have anything that's going to config T and let's go ahead and do a let's go and do it again so interface e0 say sport mode trunk switch port trunk to cancellation that one key then switch port trunk allow v9 all of them and that's let's go into the show from interfaces and you can see right here the allow interfaces is that V line number one which is a default villain this one right here and then we learn 100 um this is for switch 3 now so which is this is for real n1 and this is feeling 100 then if you do our show VN n you can see word VLAN 100 was assigned to which is interface 1/1 so that is correct not escorting going to switch to and do end so interfaces trunk we don't have any so that's going to complete at the trunk again exactly the network interfaces support trunk or switch for mode trunk switch port don't allow green and all of them switch port encapsulation asleep or drunk encapsulation dot1q and let's go ahead and do n so interfaces trunk and now we just sit over here so we have been 100 and it's on and if you do a show reel in we should see that VLAN 100 it's active and it was assigned to this workstation right here and default green line is for server sighs - and so sorry okay so let me verify that this is working correctly did I do it right let me see yep okay so now let's go ahead and go into this docker image and I see if we are able to ping from 102 to 103 ping 192 that one H dot 103 and there we go we are able to ping it so now let's go ahead and see so the VLAN 100 it is working now let's see if the default VLAN is working and it should be working because it is a default one let's go ahead and go into applications terminal ping 192 that one H that 1.3 and there we go I'm able to ping from over here to all the way over here with the default VLAN which is behind number one so they say for this video guys hope you guys enjoy it bye bye
Info
Channel: CCNADailyTIPS
Views: 13,757
Rating: undefined out of 5
Keywords: VLAN, Subinterfaces, Palo Alto, Firewall, Layer 2, Trunk, Cisco Switch, Eve-ng
Id: EYyiID30Vyw
Channel Id: undefined
Length: 12min 15sec (735 seconds)
Published: Mon Dec 16 2019
Related Videos
Types of interfaces in Palo Alto firewall | Interview question
Fresh Developer
3.8K
Let's Talk About Palo Alto - Layer 2 VLANs
Rob Riker's Tech Channel
7.4K
Virtual Router configuration in Palo Alto firewall | Static routes |Routing protocols
Fresh Developer
14K
Configuring Firewall Zones And Interfaces On A Palo Alto Networks Firewall | PART 3
Keith Barker - The OG of IT
26K
Palo Alto BGP Simple Configuration
Firewall Life
6.1K
How to Configure BGP on Palo Alto Firewall Like a Pro
Jan Blahuta - Network Architect
1.1K
Configuring VLANs, Firewall Rules, and WiFi Networks - UniFi Network Application
Techno Tim
208K
How to |Virtual-Wire | Palo Alto Networks FireWall | Conguration | Concept
Bikash's Tech
14K
Let's Talk About Palo Alto - Layer 3 Subinterfaces
Rob Riker's Tech Channel
8.9K
Configuring Cisco Trunk Ports - How to configure Trunk Port between Cisco Switch
Cisco Config
156K
How to use Palo Alto Ports as a switch port( Layer2)
Hamid Talebi
2.5K
Palo Alto Firewall Inter VLAN Configurations, DHCP Configurations and VLAN Routing
Networking Classroom
4.6K
Layer 3 interface - Palo Alto firewall Training | Lab explanation | Senior Network Engineer | 2023
Bikash's Tech
13K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.