Manage VLANs
Table of Contents
Expand all | Collapse all
Manage VLANs
Examples of how to use the VLAN OpenConfig model with
PAN-OS.
Adding Layer 2 Interfaces to a VLAN
The
example below shows a gNMI call that adds ethernet1/6 to VLANs 15
and 16 and VLAN 17 for untagged ethernet frames.
gnmic set -a 10.1.1.1:9339 -u username -p password --skip-verify --replace-path /interfaces/interface[name=ethernet1/6]/ethernet/switched-vlan --replace-file vlan1.json -e JSON_IETF --timeout 300s
Below
is the contents of the JSON file used to add the interface to the
VLAN.
{ "trunk-vlans": [15,16], "native-vlan": 17 }
The plugin returns the following response after
a successful update:
{ "timestamp": 1618446078899330350, "time": "2021-04-14T17:21:18.89933035-07:00", "results": [ { "operation": "REPLACE", "path": "interfaces/interface[name=ethernet1/7]/ethernet/switched-vlan" } ] }
![](/content/dam/techdocs/en_US/dita/_graphics/10-1/openconfig/openconfig-vlan1.png)
PAN-OS's
OpenConfig behavior automatically adds the interface to the specified
VLANs, tags the interfaces, sets the interfaces in Layer2 mode,
and adds the interfaces to the default_l2 security zone.
The
image below shows how the interfaces appear in the VLAN tab.
![](/content/dam/techdocs/en_US/dita/_graphics/10-1/openconfig/openconfig-vlan2.png)
To add another
interface to the same VLANs you can send the same request for another
interface. The example below adds ethernet1/7.
gnmic set -a 10.1.1.1:9339 -u username -p password --skip-verify --debug --replace-path /interfaces/interface[name=ethernet1/7]/ethernet/switched-vlan --replace-file vlan1.json -e JSON_IETF --timeout 300s
{ "trunk-vlans": [15,16], "native-vlan": 17 }
The image below shows that the ethernet1/7 is
added to the same native VLANs and trunk VLANs as ethernet1/6.
![](/content/dam/techdocs/en_US/dita/_graphics/10-1/openconfig/openconfig-vlan3.png)
Adding a Routed VLAN Interface
The gNMI
call below shows how you can create a routed VLAN interface and
add it to VLAN 17.
gnmic set -a 10.1.1.1:9339 -u username -p password --skip-verify --debug --update /interfaces/interface[name=vlan.17]/routed-vlan/config/vlan:::int:::17 -e JSON_IETF
![](/content/dam/techdocs/en_US/dita/_graphics/10-1/openconfig/openconfig-vlan4.png)
Retrieving VLANs
Since the VLAN model
augments the interface model, each of the VLANs appears when you
do a get call to the /interfaces path. The snippet below shows that
the only one with a VLAN type is l3ipvlan is the routed VLAN.
{ "config": { "description": "", "enabled": true, "loopback-mode": false, "name": "ethernet1/7", "tpid": "openconfig-vlan-types:TPID_0X8100", "type": "iana-if-type:ethernetCsmacd" }, "openconfig-if-ethernet:ethernet": { "config": { "auto-negotiate": true, "port-speed": "openconfig-if-ethernet:SPEED_UNKNOWN" }, "openconfig-vlan:switched-vlan": { "config": { "native-vlan": 17, "trunk-vlans": [ 15, 16 ] } } }, "openconfig-interfaces:name": "ethernet1/7" }, { "config": { "description": "", "enabled": true, "loopback-mode": false, "name": "vlan.17", "type": "iana-if-type:l3ipvlan" }, "openconfig-interfaces:name": "vlan.17", "openconfig-vlan:routed-vlan": { "config": { "vlan": 17 }, "openconfig-if-ip:ipv4": { "config": { "dhcp-client": false, "mtu": 1500 } }, "openconfig-if-ip:ipv6": { "config": { "dup-addr-detect-transmits": 0, "enabled": false }, "router-advertisement": { "config": { "interval": 600, "lifetime": 1800, "suppress": true } } }