VLAN Behavior

PAN-OS specific behavior for the openconfig-vlan model.
The OpenConfig model has different behavior when managing Layer2 and Layer3 ethernet interfaces and adding them to VLANs. For all VLAN settings:
  • All interfaces are considered trunk interfaces.
  • The model supports only trunk-vlans and native-vlans.
  • Untagged ethernet interfaces are supported through native-vlans.
  • Only single-tagged integer-based VLAN identifiers are supported.
  • To change the VLAN tag of a subinterface use the interfaces/interface/subinterfaces/subinterface/vlan/match/single-tagged/config/vlan-id path.

Layer 2 VLAN Behavior

  • For each trunk VLAN that you assign to a switched VLAN, a VLAN will be created on PAN-OS and bound to that interface.
  • When you add an interface to a VLAN, the interface is created in layer two mode, tagged, assigned to a VLAN, and added to a default_l2 security zone.

Layer 3 VLAN Behavior

  • To create a layer 3 Interface that supports the routed-vlan container, set the interface name as
    vlan.number
    where the number after the decimal is the VLAN the interface is assigned to.
  • Interfaces of type l3ipvlan have a routed-vlan container that contains a single VLAN leaf-node used to link the logical layer 3 interface with the VLAN the interface routes to.

Recommended For You