Today’s topic is about Palo Alto and PPPoE interface and VLAN tagging. Currently Palo Alto does not support VLAN Tagging on an Interface with PPPoE authentication for your ISP. So, our workaround that works well but definitely need to have a Managed switch so you can Trunk and Tag an interface to make the Century Link FTTH ADTRAN know that VLAN 201 is Tagged.
Info –
Century Link Fiber Internet – Utilizes VLAN tagging to segregate out their Internet traffic, and their TV service.
What You Need:
- PPPoE Username & Password
- VLAN ID = 201
- Managed Switch / Router that supports VLAN Tagging
First we will setup two ports on a managed switch, for my implementation I am using a Cisco Catalyst WS-C3750X-24P-S.
Interface Gi1/0/23 – Syntax below to copy (Just FYI, this is for Cisco)
description Trunk to CenturyLink
switchport trunk allowed vlan 201
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
spanning-tree portfast edge
Interface Gi1/0/24 – Syntax below to copy (Just FYI, this is for Cisco)
description WAN-PAFW
switchport access vlan 201
switchport mode accessGo to Network -> Click on Ethernet1/1
Once Interface is opened up, make sure your Virtual Router and all configured, but then Go to IPv4
Click on General -> Select PPPoE -> Fill in your Username and Password for Century Link PPPoE Authentication -> Click OK
Now that your Century Link PPPoE user name and info is filled out, under advanced, you may set your Static IP address here for your WAN Interface.
Red Ethernet cable Et1/1 going to Gi1/0/24 which is the one that is Tagged as an access port on vlan 201
