Configure VLAN on Switch Ports
Table of Contents
Expand all | Collapse all
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Prisma SD-WAN Clarity Reports
- Prisma SD-WAN Incidents and Alerts
Configure VLAN on Switch Ports
Lets learn how to configure a VLAN on switch ports in Prisma SD-WAN.
Where Can I Use
This? | What Do I
Need? |
---|---|
|
|
After adding the VLAN, configure the VLAN
on the switch ports.
- Select a port from the LAN ports.
- EnterName, and optionallyTags, andDescriptionfor the selected interface.The default VLAN ID is 1. It can be configured to any VLAN ID in the supported range.
- SelectAdmin Up.
- Interface typeandUse Interface forare system-populated.If the port is a switch port, Interface Type and Use Interface for are autopopulated.
- Select theInterface Mode.
- Accessis used for endpoint access. Select the Access VLAN and Voice VLAN. If you need a Voice VLAN, you need to first create the Voice VLAN when creating Switch Virtual Interface.
- UseTrunkto use multiple VLANs. Select all VLANs or select a VLAN IDs.Trunk ports carry only VLAN tagged packets. If Native VLAN is configured, selectNative VLANfor untagged packets.
- Control access to your network by using a differentAuthenticationmode, it'sDisabledby default:
- 802.1X only- Select Reauthentication Timeout, select a value between 30-86400 seconds, default is 1800 seconds.802.1X authentication is a client-server model facilitating network access only to authorized clients. It defines authentication controls for any user or device trying to access a LAN or WLAN. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. Before services can be provided to a client by the ION device, the client connected to the switch port has to be authenticated by the RADIUS authentication server.802.1X is supported only on switch ports.Prisma SD-WANsupports the following IEEE 8021X-PAE-MIB values. It supports SNMP get and walk requests.
- ieee8021XEapolStatsTable
- ieee8021XAuthenticatorTable
- ieee8021XPaePortSessionTable
- ieee8021XPaePortLogonTable
- ieee8021XPaePortTable
- MAC Auth Only- Select Reauthentication Timeout, select a value between 30-86400 seconds, default is 1800 seconds.Media Access Control (MAC) authentication is used to authenticate devices based on their physical MAC addresses. You can authorize an endpoint using MAC Authentication. The authenticator uses the MAC address of the connecting device to determine what kind of network access to provide.MAC Auth is supported only on switch ports.
- 802.1X to MAC Auth Fallback- Select the fallback option to fall back to MAC Auth if the client isn't using 802.1X authentication.
- EnablePoEfor the port.By default, PoE is disabled.
- Enter thePort Power Usage Alarm Thresholdvalue for the selected port between 50-100%.If the port power usage exceeds the alarm threshold, an alarm is generated.
- Select the option forLLDP/LLDP-MED.Receive Only option is the default option. Select Receive and Transmit, only if you want the ION device to respond to the powered device (PD) when it receives LLDP-MED packets.Starting with release 6.4.1, voice VLANs will be advertised as part of LLDP-MED to support dynamic detection for VoIP phones on ION 1200-S device.
- Advanced settings
- Physicalindicates the speed of the interface, it's disabled by default. Select from the available options.Interface speed, displayed in Mbps, is the speed of each interface. Interfaces can have ethernet speed rates of 10 Mbps, 100 Mbps, and 1000 Mbps.
- Spanning Tree Protocol(STP) is enabled by default. By default, the STP type is RSTP.The Spanning Tree Protocol (mSTP), used in case of multiple switches, provides connectivity to a VLAN throughout a Bridged local area network. These LANs are connected into a single Common Spanning Tree (CST).
- Root/BPDU Guardis used to protect the Layer 2 STP topology from BPDU-related attacks.Root Guard is enabled on a port-by-port basis, it prevents a configured port from becoming a root port. Root Guard prevents a downstream switch (often mis-configured or rogue) from becoming a root bridge in a topology.BPDU Guard must be enabled on ports that should never receive a BPDU from its connected devices. When a BPDU Guard enabled port receives BPDU from a connected device, BPDU Guard disables the port.
- Spanning tree Portfastis enabled by default.
- EnterSTP Port prioritybetween 0-240. The default value is 128, STP port priority is in multiples of 16.
- Enter STP port cost between 1-65535. The STP port cost depends on the speed of the port.
- SelectStorm Control. Set a threshold for traffic rate limit, the traffic is rate limited for the set threshold value.By default, the broadcast threshold is set to 1000 Kbps. Enter a value between 64-1000000 Kbps.
- Unknown Unicast threshold (Opt)- enter a value between 64-1000000 Kbps.
- Broadcast threshold (Opt)- enter a value between 64-1000000 Kbps.
- Multicast threshold (Opt)- enter a value between 64-1000000 Kbps.
- Saveto update the changes.To edit an existing VLAN,Editthe VLAN by selecting it from the ellipsis menu.You can delete an existing VLAN only after deleting the VLAN from all the associated access or trunk ports. To delete an existing VLAN, delete the VLAN by selecting it from the ellipsis menu.