Focus
Focus
Table of Contents

Manage VLANs

Examples of how to use the VLAN OpenConfig model with PAN-OS.

Adding Layer 2 Interfaces to a VLAN

The example below shows a gNMI call that adds ethernet1/6 to VLANs 15 and 16 and VLAN 17 for untagged ethernet frames.
gnmic set -a 10.1.1.1:9339 -u username -p password --skip-verify --replace-path /interfaces/interface[name=ethernet1/6]/ethernet/switched-vlan --replace-file vlan1.json -e JSON_IETF --timeout 300s
Below is the contents of the JSON file used to add the interface to the VLAN.
{ "trunk-vlans": [15,16], "native-vlan": 17 }
The plugin returns the following response after a successful update:
{ "timestamp": 1618446078899330350, "time": "2021-04-14T17:21:18.89933035-07:00", "results": [ { "operation": "REPLACE", "path": "interfaces/interface[name=ethernet1/7]/ethernet/switched-vlan" } ] }
PAN-OS's OpenConfig behavior automatically adds the interface to the specified VLANs, tags the interfaces, sets the interfaces in Layer2 mode, and adds the interfaces to the default_l2 security zone.
The image below shows how the interfaces appear in the VLAN tab.
To add another interface to the same VLANs you can send the same request for another interface. The example below adds ethernet1/7.
gnmic set -a 10.1.1.1:9339 -u username -p password --skip-verify --debug --replace-path /interfaces/interface[name=ethernet1/7]/ethernet/switched-vlan --replace-file vlan1.json -e JSON_IETF --timeout 300s
{ "trunk-vlans": [15,16], "native-vlan": 17 }
The image below shows that the ethernet1/7 is added to the same native VLANs and trunk VLANs as ethernet1/6.

Adding a Routed VLAN Interface

The gNMI call below shows how you can create a routed VLAN interface and add it to VLAN 17.
gnmic set -a 10.1.1.1:9339 -u username -p password --skip-verify --debug --update /interfaces/interface[name=vlan.17]/routed-vlan/config/vlan:::int:::17 -e JSON_IETF

Retrieving VLANs

Since the VLAN model augments the interface model, each of the VLANs appears when you do a get call to the /interfaces path. The snippet below shows that the only one with a VLAN type is l3ipvlan is the routed VLAN.
{ "config": { "description": "", "enabled": true, "loopback-mode": false, "name": "ethernet1/7", "tpid": "openconfig-vlan-types:TPID_0X8100", "type": "iana-if-type:ethernetCsmacd" }, "openconfig-if-ethernet:ethernet": { "config": { "auto-negotiate": true, "port-speed": "openconfig-if-ethernet:SPEED_UNKNOWN" }, "openconfig-vlan:switched-vlan": { "config": { "native-vlan": 17, "trunk-vlans": [ 15, 16 ] } } }, "openconfig-interfaces:name": "ethernet1/7" }, { "config": { "description": "", "enabled": true, "loopback-mode": false, "name": "vlan.17", "type": "iana-if-type:l3ipvlan" }, "openconfig-interfaces:name": "vlan.17", "openconfig-vlan:routed-vlan": { "config": { "vlan": 17 }, "openconfig-if-ip:ipv4": { "config": { "dhcp-client": false, "mtu": 1500 } }, "openconfig-if-ip:ipv6": { "config": { "dup-addr-detect-transmits": 0, "enabled": false }, "router-advertisement": { "config": { "interval": 600, "lifetime": 1800, "suppress": true } } }