Prisma SD-WAN Administrator’s Guide
    : Configure VLAN on Switch Ports
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Sites and Devices
    6. Configure Layer 2 Switch Ports
    7. Configure VLAN on Switch Ports
    Download PDF

    Prisma SD-WAN Administrator’s Guide

    Configure VLAN on Switch Ports

    Table of Contents

    Configure VLAN on Switch Ports

    Configure a VLAN on switch ports.
    After adding the VLAN, configure the VLAN on the switch ports.
    1. Select a port from the LAN Ports.
    2. Enter
      Name
      , and optionally
      Tags
      , and
      Description
       for the selected interface.
      Default VLAN ID is 1. It can be configured to any VLAN ID in the supported range.
    3. Select
      Admin Up
      .
    4. Interface type
       and
      Use Interface for
       are system-populated.
      If the port is a switch port, Interface Type and Use Interface for are auto-populated.
    5. Select the
      Interface Mode
      .
      • Access
         is used for endpoint access. Select the Access VLAN and Voice VLAN. If you need Voice VLAN, you need to first create the Voice VLAN when creating Switch Virtual Interface.
      • Use
        Trunk
         to use multiple VLANs. Select all VLANs or select a VLAN IDs.
        Trunk ports carry only VLAN tagged packets. If Native VLAN is configured, select
        Native VLAN
         for untagged packets.
    6. Control access to your network by using different
      Authentication
       mode, it is
      Disabled
       by default:
      • 802.1x only
         - Select Reauthentication Timeout, select a value between 30-86400 seconds, default is 1800 seconds.
        802.1x authentication is a client-server model facilitating network access only to authorized clients. It defines authentication controls for any user or device trying to access a LAN or WLAN. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. Before services can be provided to a client by the ION device, the client connected to the switch port has to be authenticated by the RADIUS authentication server.
        802.1x is supported only on switch ports.
        Prisma SD-WAN
         supports the following IEEE 8021X-PAE-MIB values. It supports SNMP get and walk requests.
        • ieee8021XEapolStatsTable
        • ieee8021XAuthenticatorTable
        • ieee8021XPaePortSessionTable
        • ieee8021XPaePortLogonTable
        • ieee8021XPaePortTable
      • MAC Auth Only
         - Select Reauthentication Timeout, select a value between 30-86400 seconds, default is 1800 seconds.
        Media Access Control (MAC) authentication is used to authenticate devices based on their physical MAC addresses. You can authorize an endpoint using MAC Authentication. The authenticator uses the MAC address of the connecting device to determine what kind of network access to provide.
        MAC Auth is supported only on switch ports.
      • 802.1x to MAC Auth Fallback
         - Select the fallback option to fall back to MAC Auth if the client is not using 802.1x authentication.
    7. Enable
      PoE
       for the port.
      By default, PoE is disabled.
    8. Enter the
      Port Power Usage Alarm Threshold
       value for the selected port between 50-100%.
      If the port power usage exceeds the alarm threshold, an alarm is generated.
    9. Select the option for
      LLDP/LLDP-MED
      .
      Receive Only option is the default option. Select Receive and Transmit, only if you want the ION device to respond to the powered device (PD) when it receives LLDP-MED packets.
    10. Advanced settings
      1. Physical
         indicates the speed of the interface, it is disabled by default. Select from the available options.
        Interface speed, displayed in Mbps, is the speed of each interface. Interfaces can have ethernet speed rates of 10 Mbps, 100 Mbps, and 1000 Mbps.
      2. Spanning Tree Protocol
         (STP) is enabled by default. By default, the STP type is RSTP.
        The Spanning Tree Protocol (mSTP), used in case of multiple switches, provides connectivity to a VLAN throughout a Bridged Local Area Network. These LANs are connected into a single Common Spanning Tree (CST).
      3. Root/BPDU Guard
         is used to protect the Layer 2 STP topology from BPDU related attacks.
        Root Guard is enabled on a port-by-port basis, it prevents a configured port from becoming a root port. Root Guard prevents a downstream switch (often mis-configured or rogue) from becoming a root bridge in a topology.
        BPDU Guard must be enabled on ports that should never receive a BPDU from its connected devices. When a BPDU Guard enabled port receives BPDU from a connected device, BPDU Guard disables the port.
      4. Spanning tree Portfast
         is enabled by default.
      5. Enter
        STP Port priority
         between 0-240. The default value is 128, STP port priority is in multiples of 16.
      6. Enter STP port cost between 1-65535. The STP port cost depends on the speed of the port.
    11. Select
      Storm Control
      . Set a threshold for traffic rate limit, the traffic is rate limited for the set threshold value.
      By default, the broadcast threshold is set to 1000kbps. Enter a value between 64 -1000000 kbps.
      • Unknown Unicast threshold (Opt) enter a value between 64-1000000 kbps.
      • Broadcast threshold (Opt) enter a value between 64-1000000kbps.
      • Multicast threshold (Opt) enter a value between 64-1000000kbps.
    12. Save
       to update the changes.
      To edit an existing VLAN,
      Edit
       the VLAN by selecting it from the ellipsis menu.
      You can delete an existing VLAN only after deleting the VLAN from all the associated access or trunk ports. To delete an existing VLAN, delete the VLAN by selecting it from the ellipsis menu.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.