When implementing a Virtual Wire between trunked interfaces:
- Specify which Tags are allowed to pass through the Virtual Wire:Network Tab > Virtual WiresSelect the Virtual Wire
- There is an option called Tag Allowed which by default, only permits 0 (untagged traffic). If you have VLAN’s 2, 3, 4, 5, etc…, they will need to be included with Tag Allowed, otherwise tagged traffic will not be permitted.
- An easy option is to permit Tags 0-4094, though the recommended option would be to specify only the required tags. The Palo Alto Networks device will consume a logical interface for each tag specified on each Virtual Wire, though this would be more resource related than performance impacting.