I.e. Adventures in Networking
I don’t have a lot to say right now, other than I spent *hours* trying to get my new Palo Alto to work with the Unifi Suite.
Little did I realize that Unifi’s concept of “Native VLAN” means it is going to strip the VLAN tag of the “Native VLAN” off the 1Q header, and the Palo Alto doesn’t have a concept of the “Native VLAN” which means, when it gets an untagged packet it sends it to the primary interface (not any of the sub-interfaces).
The fix:
– Create a Network Profile that has no native VLAN and tag the VLAN specifically destined for the Palo Interface.
I’m dropping this note here, b/c I could not find ANYWHERE on the internet that explained this, I had to piece it together based on lots of different documents around how Unifi, Cisco, Palo, etc. work.
Plus, I’ll probably forget this next week when I go to try and configure my next interface.
09/24/2023 – Also found out the hard way that the IP addresses set on the interfaces themselves have to have a net mask added, or apparently they consider themselves in a network all to themselves, and won’t route traffic. I think, after troubleshooting, I realized that it is because this is acting both as the IP of the interfaces, and the gateway address for the interface.
At least I can happily say …. it wasn’t DNS!
