A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)
Answer: A, B
VLAN interface is not necessary but in this scenarion we assume it is. Create VLAN object, VLAN interface and VLAN Zone. Attach VLAN interface to VLAN object together with two L2 interfaces then attach VLAN interface to virtual router.
Without VLAN interface you can pass traffic between interfaces on the same network and with VLAN interface you can route traffic to other networks.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRqCAK
B is the only answer that is correct, but its not required.
When configuring a VLAN interface for a Layer 2 Ethernet port on a Palo Alto firewall, the two mandatory options are:
Security Zone: This is required to define the security policies and control traffic between different zones.
VLAN: You need to assign the interface to a VLAN to segment the network and manage traffic within that VLAN
Correct answer is clear to me and it is A & B because when you want to configure that kind of interface the GUI ask for VLAN, VR and Security zone so in summary according to the available answers those ones would be the correct ones
To configure a VLAN interface for a Layer 2 Ethernet port, the two mandatory options you need to set are:
A. Virtual router - This specifies which virtual router the VLAN interface is associated with. The virtual router handles the routing of traffic entering and leaving the VLAN.
B. Security zone - This option assigns the VLAN interface to a specific security zone. Security zones are used to control and manage traffic based on the security policies defined within the firewall.
Options C (ARP entries) and D (Netflow Profile) are not mandatory for configuring a VLAN interface. ARP entries are automatically managed by the device as needed, and a Netflow Profile is related to traffic monitoring, not a basic configuration requirement for setting up a VLAN interface.
I feel like this is one of those trick questions....You can create an interface that is marked as layer 2 type and it does not need an IP address. Just because it says vlan interface doesnt mean its layer 3 routable.
When walking through my palo none of these items are "required" when I create a physical interface and mark as a layer 2 vlan.
Correct B and C
Layer 2, no mandatory virtual router(Layer 3) and not netflow profile
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRqCAK
Correct answer is A and B.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-networking-admin/configure-interfaces/layer-2-interfaces/configure-a-layer-2-interface-subinterface-and-vlan
The question refers to a vlan interface which is essentially used to provide L3 connectivity for a vlan. In order to configure vlan interface, you have to provide security zone and virtual router within the configuration.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Edu147
Highly Voted 5 years, 5 months agolol1000
Highly Voted 4 years, 2 months agotomsui44
3 years, 9 months agoStevenWilliams0728
Most Recent 1 week, 5 days agoj4v13rh4ack
3 months, 2 weeks agob8c290d
3 months, 3 weeks agoStevenWilliams0728
8 months, 2 weeks agoutahman3431
10 months, 2 weeks agoStevenWilliams0728
9 months, 2 weeks agozulu21
11 months, 3 weeks agoStevenWilliams0728
9 months, 2 weeks agoMarshpillowz
11 months, 3 weeks agoStevenWilliams0728
9 months, 2 weeks agokilluillu
12 months agoStevenWilliams0728
1 year, 1 month agoNikita0806
1 year, 4 months agoJRKhan
1 year agotroiansmaxx
1 year, 7 months agomercysayno765
1 year, 7 months agokewokil120
1 year, 10 months agoQuestionario
1 year, 10 months agoMauz88
1 year, 11 months ago