Configure Layer 3 Interfaces
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 9.1 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Configure Banners, Message of the Day, and Logos
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
-
- Apply Tags to an Application Filter
- Create Custom Application Tags
- Workflow to Best Incorporate New and Modified App-IDs
- See the New and Modified App-IDs in a Content Release
- See How New and Modified App-IDs Impact Your Security Policy
- Ensure Critical New App-IDs are Allowed
- Monitor New App-IDs
- Disable and Enable App-IDs
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions
- Set Up Antivirus, Anti-Spyware, and Vulnerability Protection
- Set Up File Blocking
- Prevent Brute Force Attacks
- Customize the Action and Trigger Conditions for a Brute Force Signature
- Enable Evasion Signatures
- Monitor Blocked IP Addresses
- Threat Signature Categories
- Create Threat Exceptions
- Custom Signatures
- Threat Prevention Resources
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Decryption Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- High Availability Support for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
-
- How Decryption Broker Works
- Layer 3 Security Chain Guidelines
- Configure Decryption Broker with One or More Layer 3 Security Chain
- Transparent Bridge Security Chain Guidelines
- Configure Decryption Broker with a Single Transparent Bridge Security Chain
- Configure Decryption Broker with Multiple Transparent Bridge Security Chains
- Activate Free Licenses for Decryption Features
-
- About Palo Alto Networks URL Filtering Solution
- How Advanced URL Filtering Works
- URL Filtering Use Cases
- Plan Your URL Filtering Deployment
- URL Filtering Best Practices
- Activate The Advanced URL Filtering Subscription
- Configure URL Filtering
- Test URL Filtering Configuration
- Log Only the Page a User Visits
- Create a Custom URL Category
- URL Category Exceptions
- Use an External Dynamic List in a URL Filtering Profile
- Allow Password Access to Certain Sites
- URL Filtering Response Pages
- Customize the URL Filtering Response Pages
- HTTP Header Logging
- Request to Change the Category for a URL
-
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure an Aggregate Interface Group
- Use Interface Management Profiles to Restrict Access
- Virtual Routers
- Service Routes
- RIP
- Route Redistribution
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
- Dynamic DNS Overview
- Configure Dynamic DNS for Firewall Interfaces
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 11.2
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
End-of-Life (EoL)
Configure Layer 3 Interfaces
The following procedure is required to configure Layer
3 Interfaces (Ethernet, VLAN, loopback, and tunnel interfaces)
with IPv4 or IPv6 addresses so that the firewall can perform routing
on these interfaces. If a tunnel is used for routing or if tunnel
monitoring is turned on, the tunnel needs an IP address. Before
performing the following task, define one or more Virtual
Routers.
You would typically use the following procedure
to configure an external interface that connects to the internet
and an interface for your internal network. You can configure both
IPv4 and IPv6 addresses on a single interface.
PAN-OS
firewall models support a maximum of 16,000 IP addresses assigned
to physical or virtual Layer 3 interfaces; this maximum includes both
IPv4 and IPv6 addresses.
If you’re using IPv6 routes,
you can configure the firewall to provide IPv6
Router Advertisements for DNS Configuration. The firewall
provisions IPv6 DNS clients with Recursive DNS Server (RDNS) addresses
and a DNS Search List so that the client can resolve its IPv6 DNS
requests. Thus the firewall is acting like a DHCPv6 server for you.
- Select an interface and configure it with a security
zone.
- Select NetworkInterfaces and either Ethernet, VLAN, loopback, or Tunnel, depending on what type of interface you want.
- Select the interface to configure.
- Select the Interface Type—Layer3.
- On the Config tab, for Virtual Router, select the virtual router you are configuring, such as default.
- For Virtual System, select the virtual system you are configuring if on a multi-virtual system firewall.
- For Security Zone, select the zone to which the interface belongs or create a New Zone.
- Click OK.
- Configure the interface with an IPv4 address.You can assign an IPv4 address to a Layer 3 interface in one of three ways:
- Static
- DHCP Client—The firewall interface acts as a DHCP client and receives a dynamically assigned IP address. The firewall also provides the capability to propagate settings received by the DHCP client interface into a DHCP server operating on the firewall. This is most commonly used to propagate DNS server settings from an Internet service provider to client machines operating on the network protected by the firewall.
- PPPoE—Configure the interface as a Point-to-Point Protocol over Ethernet (PPPoE) termination point to support connectivity in a Digital Subscriber Line (DSL) environment where there is a DSL modem but no other PPPoE device to terminate the connection.
- Select NetworkInterfaces and either Ethernet, VLAN, loopback, or Tunnel, depending on what type of interface you want.
- Select the interface to configure.
- To configure the interface with a static IPv4 address, on the IPv4 tab, set Type to Static.
- Add a Name and optional Description for the address.
- For Type, select one of the
following:
- IP Netmask—Enter the IP address and network mask to assign to the interface, for example, 208.80.56.100/24.If you’re using a /31 subnet mask for the Layer 3 interface address, the interface must be configured with the .1/31 address in order for utilities such as ping to work properly.If you’re configuring a loopback interface with an IPv4 address, it must have a /32 subnet mask; for example, 192.168.2.1/32.
- IP Range—Enter an IP address range, such as 192.168.2.1-192.168.2.4.
- FQDN—Enter a Fully Qualified Domain Name.
- Select Tags to apply to the address.
- Click OK.
- Configure an interface with Point-to-Point Protocol over
Ethernet (PPPoE). See Layer
3 Interfaces.PPPoE is not supported in HA active/active mode.
- Select NetworkInterfaces and either Ethernet, VLAN, loopback, or Tunnel.
- Select the interface to configure.
- On the IPv4 tab, set Type to PPPoE.
- On the General tab, select Enable to activate the interface for PPPoE termination.
- Enter the Username for the point-to-point connection.
- Enter the Password for the username and Confirm Password.
- Click OK.
- Configure an Interface as a DHCP Client so that it
receives a dynamically-assigned IPv4 address.DHCP client is not supported in HA active/active mode.
- Configure an interface with a static IPv6 address.
- Select NetworkInterfaces and either Ethernet, VLAN, loopback, or Tunnel.
- Select the interface to configure.
- On the IPv6 tab, select Enable IPv6 on the interface to enable IPv6 addressing on the interface.
- For Interface ID, enter the 64-bit extended unique identifier (EUI-64) in hexadecimal format (for example, 00:26:08:FF:FE:DE:4E:29). If you leave this field blank, the firewall uses the EUI-64 generated from the MAC address of the physical interface. If you enable the Use interface ID as host portion option when adding an address, the firewall uses the Interface ID as the host portion of that address.
- Add the IPv6 Address or select an address group.
- Select Enable address on interface to enable this IPv6 address on the interface.
- Select Use interface ID as host portion to use the Interface ID as the host portion of the IPv6 address.
- (Optional) Select Anycast to make the IPv6 address (route) an Anycast address (route), which means multiple locations can advertise the same prefix, and IPv6 sends the anycast traffic to the node it considers the nearest, based on routing protocol costs and other factors.
- (Ethernet interface only) Select Send Router Advertisement (RA) to enable the firewall to send this address in Router Advertisements, in which case you must also enable the global Enable Router Advertisement option on the interface (next step).
- (Ethernet interface only) Enter the Valid Lifetime (sec), in seconds, that the firewall considers the address valid. The Valid Lifetime must equal or exceed the Preferred Lifetime (sec) (default is 2,592,000).
- (Ethernet interface only) Enter the Preferred Lifetime (sec) (in seconds) that the valid address is preferred, which means the firewall can use it to send and received traffic. After the Preferred Lifetime expires, the firewall can’t use the address to establish new connections, but any existing connections are valid until the Valid Lifetime expires (default is 604,800).
- (Ethernet interface only) Select On-link if systems that have addresses within the prefix are reachable without a router.
- (Ethernet interface only) Select Autonomous if systems can independently create an IP address by combining the advertised prefix with an Interface ID.
- Click OK.
- (Ethernet or VLAN interface using IPv6 address only)
Enable the firewall to send IPv6 Router Advertisements (RAs) from
an interface, and optionally tune RA parameters.Tune RA parameters for either of these reasons: To interoperate with a router/host that uses different values. To achieve fast convergence when multiple gateways are present. For example, set lower Min Interval, Max Interval, and Router Lifetime values so the IPv6 client/host can quickly change the default gateway after the primary gateway fails, and start forwarding to another default gateway in the network.
- Select NetworkInterfaces and Ethernet or VLAN.
- Select the interface you want to configure.
- Select IPv6.
- Select Enable IPv6 on the interface.
- On the Router Advertisement tab, select Enable Router Advertisement (default is disabled).
- (Optional) Set Min Interval (sec), the minimum interval, in seconds, between RAs the firewall sends (range is 3-1,350; default is 200). The firewall sends RAs at random intervals between the minimum and maximum values you set.
- (Optional) Set Max Interval (sec), the maximum interval, in seconds, between RAs the firewall sends (range is 4-1,800; default is 600). The firewall sends RAs at random intervals between the minimum and maximum values you set.
- (Optional) Set Hop Limit to apply to clients for outgoing packets (range is 1-255; default is 64). Enter 0 for no hop limit.
- (Optional) Set Link MTU, the link maximum transmission unit (MTU) to apply to clients (range is 1,280-9,192; default is unspecified). Select unspecified for no link MTU.
- (Optional) Set Reachable Time (ms), the reachable time, in milliseconds, that the client will use to assume a neighbor is reachable after receiving a Reachability Confirmation message. Select unspecified for no reachable time value (range is 0-3,600,000; default is unspecified).
- (Optional) Set Retrans Time (ms), the retransmission timer that determines how long the client will wait, in milliseconds, before retransmitting Neighbor Solicitation messages. Select unspecified for no retransmission time (range is 0-4,294,967,295; default is unspecified).
- (Optional) Set Router Lifetime (sec) to specify how long, in seconds, the client will use the firewall as the default gateway (range is 0-9,000; default is 1,800). Zero specifies that the firewall is not the default gateway. When the lifetime expires, the client removes the firewall entry from its Default Router List and uses another router as the default gateway.
- Set Router Preference, which the client uses to select a preferred router if the network segment has multiple IPv6 routers. High, Medium (default), or Low is the priority that the RA advertises indicating the relative priority of firewall virtual router relative to other routers on the segment.
- Select Managed Configuration to indicate to the client that addresses are available via DHCPv6.
- Select Other Configuration to indicate to the client that other address information (such as DNS-related settings) is available via DHCPv6.
- Select Consistency Check to have the firewall verify that RAs sent from other routers are advertising consistent information on the link. The firewall logs any inconsistencies.
- Click OK.
- (Ethernet or VLAN interface using IPv6 address only)
Specify the Recursive DNS Server addresses and DNS Search List the
firewall will advertise in ND Router Advertisements from this interface.The RDNS servers and DNS Search List are part of the DNS configuration for the DNS client so that the client can resolve IPv6 DNS requests.
- Select NetworkInterfaces and Ethernet or VLAN.
- Select the interface you are configuring.
- Select IPv6DNS Support.
- Include DNS information in Router Advertisement to enable the firewall to send IPv6 DNS information.
- For DNS Server, Add the IPv6 address of a Recursive DNS Server. Add up to eight Recursive DNS servers. The firewall sends server addresses in an ICMPv6 Router Advertisement in order from top to bottom.
- Specify the Lifetime in seconds,
which is the maximum length of time the client can use the specific
RDNS Server to resolve domain names.
- The Lifetime range is any value equal to or between the Max Interval (that you configured on the Router Advertisement tab) and two times that Max Interval. For example, if your Max Interval is 600 seconds, the Lifetime range is 600-1,200 seconds.
- The default Lifetime is 1,200 seconds.
- For DNS Suffix, Add a DNS Suffix (domain name of a maximum of 255 bytes). Add up to eight DNS suffixes. The firewall sends suffixes in an ICMPv6 Router Advertisement in order from top to bottom.
- Specify the Lifetime in seconds, which is the maximum length of time the client can use the suffix. The Lifetime has the same range and default value as the Server.
- Click OK.
- (Ethernet or VLAN interface) Specify static
ARP entries. Static ARP entries reduce ARP processing.
- Select NetworkInterfaces and Ethernet or VLAN.
- Select the interface you are configuring.
- Select AdvancedARP Entries.
- Add an IP Address and
its corresponding MAC Address (hardware or
media access control address). For a VLAN interface, you must also
select the Interface.Static ARP entries do not time out. Auto learned ARP entries in the cache time out in 1,800 seconds by default; you can customize the ARP cache timeout; see Configure Session Timeouts.
- Click OK.
- (Ethernet or VLAN interface) Specify static
Neighbor Discovery Protocol (NDP) entries. NDP for IPv6 performs
functions similar to those provided by ARP for IPv4.
- Select NetworkInterfaces and Ethernet or VLAN.
- Select the interface you are configuring.
- Select AdvancedND Entries.
- Add an IPv6 Address and its corresponding MAC Address.
- Click OK.
- (Optional) Enable services on the interface.
- To enable services on the interface, select NetworkInterfaces and Ethernet or VLAN.
- Select the interface you are configuring.
- Select AdvancedOther Info.
- Expand the Management Profile list and select a profile or New Management Profile.
- Enter a Name for the profile.
- For Permitted Services, select services, such as Ping, and click OK.
- Commit your changes.
- Cable the interface.Attach straight through cables from interfaces you configured to the corresponding switch or router on each network segment.
- Verify that the interface is active.From the web interface, select NetworkInterfaces and verify that icon in the Link State column is green. You can also monitor link state from the Interfaces widget on the Dashboard.
- Configure static routes and/or a dynamic routing protocol (RIP, OSPF, or BGP) so that the virtual router can route traffic.
- Configure a default route.Configure a Static Route and set it as the default.