Palo Alto: How to Implement a Virtual Wire between trunked interfaces

When implementing a Virtual Wire between trunked interfaces:

  1. Specify which Tags are allowed to pass through the Virtual Wire:Network Tab > Virtual WiresSelect the Virtual Wire
  2. There is an option called Tag Allowed which by default, only permits 0 (untagged traffic).  If you have VLAN’s 2, 3, 4, 5, etc…, they will need to be included with Tag Allowed, otherwise tagged traffic will not be permitted.
  3. An easy option is to permit Tags 0-4094, though the recommended option would be to specify only the required tags. The Palo Alto Networks device will consume a logical interface for each tag specified on each Virtual Wire, though this would be more resource related than performance impacting.

Image

Advertisements