Wednesday, June 6, 2018

Palo Alto PPPoE with vlan tag, it's stupid setup but it's working !!

Palo Alto is not allow L3 subinterface with PPPoE, but certain ISP require to perform PPPoE with VLAN tagging


at 2018, update from reaper


So I come out this setup. Yes, it is stupid but it work !



Basically, ethernet1/3 setup as Layer 3 with PPPoE

Select interface as Layer 3, virtual router and security zone

Go to IPV4 tab, check PPPoE then configure as request


ethernet 1/4
Create VLAN profile , security zone I left it blank and interface type as L2


Ethernet 1/5, edit select ethernet1/5 at bottom create sub-interface


subinterface configure as TAG (VLAN ID), as Malaysia ISP unifi is using VLAN ID 500, at VLAN must select the previous create VLAN profile at ethernet1/4



p/s by missing VLAN profile at ethernet1/4 and ethernet1/5.500 the packet unable unable reach to modem (laptop as my testing environment)


Tadahhh..................................................

My laptop receive PPPoE discovery broadcast packet with VLAN ID 500 tagged

Although is stupid setup but it work, LOL


alternative setup if with extra switch with VLAN feature


Summary, well Palo Alto is very common implementation via L3 sub-interface PPPoE, okay !
Posted by at 6 comments:

Monday, March 5, 2018

Note for myself (ignore it)

ISE disable AD encryption for query tshoot

TROUBLESHOOTING.EncryptionOffPeriod
30
test



ProxySG

Enable full coredump
https://support.symantec.com/en_US/article.TECH244735.html

Force Coredump
https://support.symantec.com/en_US/article.TECH241718.html

SSLVPN - timestamp formula

(((A1/60)/60)/24)+DATE(1970,1,1), 

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)