1. Mục đnch bai viết
This article describes how to configure VLAN aggregation on Palo Alto devices in conjunction with a switch for use in systems with multiple LANs.
2. Diagram
Details:
The figure shows a Palo Alto PA-220 firewall device connected to IP 14.169.x.x via an Ethernet1/1 interface over PPPoE.
Next, we connected an Ethernet1/6 port to port Gi0/2, the trunk line between the Palo Alto Firewall device and the Cisco 2960 switch.
From the Cisco 2960 switch we have port 3 of VLAN 1 assigning the IP to the 172.16.20.0/24 network connected to PC 1.
We have port 1 of VLAN 20, which assigns the IP to network 172.16.30.0/24, which is connected to PC 2.
Port 2 VLAN 20, which assigns an IP to the 172.16.40.0/24 network connected to PC 3.
3. Configuration situations
We will configure VLAN trunking on ethernet1/6 and the Cisco switch so that when PCs 1,2,3 connect to the ports as shown in the diagram, they get the correct IP from the corresponding network.
4. Configuration steps
- IP configuration for Ethernet 1/6 port
- Configure the sub-interface for the Ethernet1/6 port
- Create virtual routers
- Create DHCP for Ethernet1/6 and the sub-interface port
- Configuring VLANs on a Cisco Switch
- VLAN port assignment
- Configuring trunking for the Gi0/2 connection
- Check the result
5. Configuration
5.1. IP configuration for Ethernet1/6
To configure the IP address of the Ethernet1/6 interface, go to Network > Interface > Click on the interface name.
The configuration table appears, which we will configure according to the following specifications.
Config tab.
- Interface type : Layer 3
- Safety Zone: LAN
IPv4 tab :
- Type: Choose Static
- Click Add IP Table and enter the IP address of the interface 172.16.20.1/24.
- Click OK to save.
Click the Commit button to save your configuration changes.
5.2. Subinterface configuration forEthernet 1/6 port
To configure the subinterfaces, go to Network > Interfaces.
Click on Ethernet1/6 and click on Add Interfaces.
The configuration table appears, we configure the 2 VLANs with the following information:
VLAN Configuration Tab 30 :
- Interface name: ethernet1/6.30
- Tag: 30
- Safety Zone: LAN
VLAN 30 tab IPv4 :
- Type: Static
- Click Add in the IP table and enter the IP of the 172.16.30.1/24 subinterface.
- Click OK to save.
VLAN configuration tab 40 :
- Interface name: ethernet1/6.40
- Tag: 40
- Safety Zone: LAN
VLAN 40 tab IPv4 :
- Type: Static
- Click Add in the IP table and enter the IP of the 172.16.40.1/24 subinterface.
- Click OK to save.
With this we have successfully created subinterfaces for the Ethernet1/6 port.
5.3. Creating virtual routers
To create virtual routers, go to Network > Virtual Routers.
Click the Add button and configure the following information.
Configuring the router :
- Click Add in the general table and add 3 interfaces ethernet1/6, ethernet1/6.30, ethernet1/6.40.
- Click OK to save.
Click the Commit button to save your configuration changes.
5.4. Create a DHCP server for Ethernet1/6 and sub-interface port
To create a DHCP, go to Network > DHCP.
Click Add and configure DHCP for the Ethernet1/6 port with the following settings.
Rental signage :
- Select the interface: ethernet1/6
- Fashion: A place
- Location: Unlimited
- IP pools : Click Add and enter the assigned IP range 172.16.20.2-172.16.20.100.
Options tab :
- Objective: 172.16.20.1
- Subnet mask : 255.255.255.0
- Primary DNA: 8.8.8.8
- Secondary DNA: 8.8.4.4
- Press OK to save.
Click Add and configure DHCP for the Ethernet1/6.30 subinterfaces according to the following setting.
Rental signage :
- Select the interface: ethernet1/6.30.
- Fashion: A place
- Location: Unlimited
- IP pools : Click Add and enter the assigned IP range 172.16.30.2-172.16.30.100.
Options tab :
- Objective: 172.16.30.1
- Subnet mask : 255.255.255.0
- Primary DNA: 8.8.8.8
- Secondary DNA: 8.8.4.4
- Press OK to save.
Click Add and configure DHCP for the Ethernet1/6.40 subinterfaces according to the following settings.
Rental signage :
- Interface: chọn ethernet1/6.40
- Fashion: A place
- Location: Unlimited
- IP pools : Click Add and enter the assigned IP range 172.16.40.2-172.16.40.100.
Options tab :
- Objective: 172.16.40.1
- Subnet mask : 255.255.255.0
- Primary DNA: 8.8.8.8
- Secondary DNA: 8.8.4.4
- Press OK to save.
Now that we have successfully configured the DHCP ports.
Click the Commit button to save your configuration changes.
5.5. Configuring a VLAN on a Cisco switch
I will first show you that all current ports are in VLAN 1.
To configure a VLAN on a Cisco switch, you must connect to the switch through the console line and gain access using the Putty software.
Enter the following command after entering configuration mode.
To create VLAN 30, type vlan 30 and press Enter. After vlan 30 is created successfully, press exit and type vlan 40 to create VLAN 40.
To check whether a vlan has been created, you can enter the show vlan command to see.
5.6. Assigning VLAN Ports
To assign a VLAN port, do the following
According to the diagram, port 3 is currently in VLAN 1, so we do not need to configure port 3.
We will configure port 1 to vlan 30 and port 2 to vlan 40.
We will configure port 1 on vlan 30 with the following command:
- Go to the configuration mode and enter the FastEthernet0/1 command to enable this port
- Enter switch access port vlan 30 to assign this port to VLAN 30.
As with port 1, we will configure port 2 as follows.
- Enter configuration mode and connect to this port using the interface command FastEthernet0/2.
- Enter switch access port vlan 40 to assign this port to VLAN 30.
To verify that the ports are assigned, enter the show vlan command.
5.7. Configuring the communication circuit
According to the diagram, the Gi0/2 port will be the trunk port.
To configure trunking, we need to go into configuration mode and enter the GigabitEthernet 0/2 command interface to access this port.
Then enter the switch mode trunk command to configure this port as a trunk port.
To verify that this port is in multiplexing mode after configuration, run the show run-config command.
5.8. Check result
Finally, we will connect 3 PC devices 1,2,3 to 3 ports 1,2,3 respectively.
The result of the connection from PC 1 to port 1 of vlan 30 was assigned by the Palo Alto device to the network class IP 172.16.30.0/24, just like the vlan configuration we performed earlier.
PC 2 received a dedicated IP of network class 172.16.40.0/24 from the Palo Alto device when connected to port 2 vlan 40.
Finally, PC 3, which is connected to port 3 and operating on vlan 1, receives the IP network class 172.16.20.0/24 from the Palo Alto device.
YOU MAY ALSO BE INTERESTED IN
frequently asked questions
How do you transport VLVS?
To enable trunks, the ports at both ends of the physical link must be configured with parallel command sequences. To configure a switch port on one side of a trunk line, use the switchport command in trunk mode. This command switches the interface to permanent trunking mode.
How do I configure a VLAN?
support ‘ docs ‘ smb ‘ switch
What is a VLAN boot with an example?
VLAN trunking allows traffic to be distributed to different parts of a network configured with VLAN. A trunk is a point-to-point connection between two network devices with more than one VLAN. VLAN trunking allows the configured VLAN to be extended to the entire network.
Related Tags:
switchport trunk allowed vlanconfiguring vlans and trunking pdfvlan configurationswitchport trunk allowed vlan allswitchport trunk encapsulation dot1qvlan trunk configuration cisco packet tracer,People also search for,Feedback,Privacy settings,How Search works,vlan trunk configuration cisco packet tracer,switchport trunk allowed vlan,configure trunk between switch and router,how to configure trunk port on cisco switch 2960,configuring vlans and trunking pdf,vlan configuration,switchport trunk allowed vlan all,switchport trunk encapsulation dot1q
