Layer 3 Interfaces

In a Layer 3 deployment, the firewall routes traffic between multiple ports. Before you can Configure Layer 3 Interfaces, you must configure the Virtual Routers that you want the firewall to use to route the traffic for each Layer 3 interface.
PAN_QS_Layer3.png
If you’re using security group tags (SGTs) in a Cisco Trustsec network, it’s a best practice to deploy inline firewalls in either Layer 2 or virtual wire mode. However, if you need to use a Layer 3 firewall in a Cisco Trustsec network, you should deploy the Layer 3 firewall between two SGT exchange protocol (SXP) peers, and configure the firewall to allow traffic between the SXP peers.
The following topics describe how to configure Layer 3 interfaces, and how to use Neighbor Discovery Protocol (NDP) to provision IPv6 hosts and view the IPv6 addresses of devices on the link local network to quickly locate devices.

Recommended For You