Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
948
Views
0
Helpful
4
Replies

Layer 3 Vlans to Sonicwall

cmoinse
Level 1
Level 1

‎06-01-2018 05:18 AM - edited ‎03-21-2019 11:25 AM

Hi every body ,

 

Here is my problem:

I have a SonicWall firewall - (192.168.2.1 / 21)

Below I have a switch layer 3 (192.168.2.37), I'm setting some vlan:
Vlan30 ip 192.168.30.1/24.

I activate the routing:
Ip routing
roads:
I tried several things:
ip route 0.0.0.0 0.0.0.0 vlan 1 192.168.2.1
ip route 0.0.0.0 0.0.0.0 vlan 30 192.168.30.2

and
ip route 0.0.0.0 0.0.0.0 192.168.2.1

and
ip route 0.0.0.0 0.0.0.0 192.168.30.2

I put 2 pc on ports 5 and 6 in Vlan 30.
It ping between them and I ping the other pc that are in the native vlan.

The sonicwall is on port 23 in trunk mode.
I created a sub interface on the sonic X0: 30 ip 192.168.30.2 / 24.

I can not ping the native sonicwall vlan (192.168.2.1) from vlan30 (192.168.30.XXX).
I ping the soniwall vlan 30 from my vlan30 and even the native sonicwall vlan from my native vlan

Big problem :
I can not get out on the net because the sonicwall detect ip spoofing
If I disable ip spoofing on sonicwall no problem.
I contacted the sonicwall support who spent 1 week on the case to see that:

Sending some package from my vlan 30 (192.168.30.XXX) arrives on the X0 (vlan native Sonicwall) or ip spoofing.

For sonicwall support this comes from a bad config switch 2960 Xr.

Can you help me

Thank you

Find attach a schema

Labels:
Preview file
31 KB
0 Helpful
4 Replies 4

cmoinse
Level 1
Level 1

‎06-01-2018 05:28 AM

Configuration of Cisco 2960Xr:

 


IsLayer3_01#sh run
Building configuration...

Current configuration : 5026 bytes
!
! Last configuration change at 02:09:54 UTC Fri Jun 1 2018
! NVRAM config last updated at 02:11:05 UTC Fri Jun 1 2018
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname IsLayer3_01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$n83.$gtNhFcBCD6NzoytqclzmZ.
!
username admin privilege 15 password 0 !dmin59
no aaa new-model
switch 1 provision ws-c2960xr-24ts-i
system mtu routing 1500
ip routing
!
!
no ip domain-lookup
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1999330304
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1999330304
 revocation-check none
 rsakeypair TP-self-signed-1999330304
!
!
crypto pki certificate chain TP-self-signed-1999330304
 certificate self-signed 01
        quit
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 20480
spanning-tree vlan 30 priority 24576
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/4
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/5
 switchport access vlan 30
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/6
 switchport access vlan 30
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/7
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/8
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/9
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/10
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/11
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/12
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/13
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/14
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/15
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/16
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/17
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/18
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/19
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/21
 no switchport
 no ip address
!
interface GigabitEthernet1/0/22
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/23
 switchport mode trunk
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 switchport mode trunk
!
interface GigabitEthernet1/0/25
 switchport mode trunk
!
interface GigabitEthernet1/0/26
 switchport mode trunk
!
interface GigabitEthernet1/0/27
 switchport mode trunk
!
interface GigabitEthernet1/0/28
 switchport mode trunk
!
interface Vlan1
 ip address 192.168.2.37 255.255.248.0
!
interface Vlan30
 ip address 192.168.30.1 255.255.255.0
 ip helper-address 192.168.3.101
!
ip default-gateway 192.168.2.1
ip forward-protocol nd
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Vlan1 192.168.2.1
ip route 0.0.0.0 0.0.0.0 Vlan30 192.168.30.2
!
!
!
no vstack
!
line con 0
 password
line vty 0 4
 password
 login
line vty 5 15
 password
 login
!
end

IsLayer3_01#

IsLayer3_01#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.2.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.2.1, Vlan1
C     192.168.0.0/21 is directly connected, Vlan1
      192.168.2.0/32 is subnetted, 1 subnets
L        192.168.2.37 is directly connected, Vlan1
      192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.30.0/24 is directly connected, Vlan30
L        192.168.30.1/32 is directly connected, Vlan30


IsLayer3_01#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/17
                                                Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/22, Gi1/0/26, Gi1/0/28
30   TEST                             active    Gi1/0/5, Gi1/0/6
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

0 Helpful

ktonev
Cisco Employee
Cisco Employee
In response to cmoinse

‎06-01-2018 07:49 AM

Hi,

The Catalyst series switches are not considered Small Business switches so I can suggest to post your question in the Main switching section to get to resolution quicker.

Thanks,
Kris

0 Helpful

cmoinse
Level 1
Level 1
In response to ktonev

‎06-08-2018 11:04 PM

Up please.

Thanks
0 Helpful

cmoinse
Level 1
Level 1
In response to cmoinse

‎08-02-2018 10:43 AM

Up please ???

0 Helpful
Customers Also Viewed These Support Documents