create_l3_subinterface
Description
Create a Layer‑3 subinterface on a Palo Alto firewall by invoking the helper script pa_create_subinterface.py. The playbook supports creating the subinterface with or without DHCP relay and runs the helper with --no-commit (so commits are handled externally).
Credentials
panos_host,panos_username,panos_password— required to authenticate against the firewall.
Input
| Variable | Description |
|---|---|
panos_host, panos_username, panos_password |
Firewall connection and credentials |
interface |
Parent interface (e.g. ae1, ae2) |
vlan |
VLAN tag for the subinterface |
ip |
IP address (with prefix) assigned to the subinterface |
vr |
Virtual router name to attach the interface to |
zone |
Security zone to assign the interface |
relay |
DHCP relay IPv4 address (optional — if present the script is invoked with the relay option) |
comment |
Free-form description attached to the interface |
Output
- The helper script creates the configured subinterface on the target firewall. The script is executed with
--no-commit; commits must be applied separately if required.