Attach SonicPoint to SRW224G4P Switch via VLAN

kirkwatson · ‎12-06-2013

I want to install a SonicPoint on an existing SRW224G4P switch. Sonicwall architecture uses VLAN to support multiple SSID on SonicPoint. Sonicwall interface X0 attached to port e12 on the switch, and the Soncipotn on e24, which is PoE enabled. In this configuration I can see the Sonicpoint is OPERATIONAL as seen on the sonicwall, so there is some communication between the two. Additionally, a laptop can see the SSID broadcast, and attach in a “limited” manner, but IPCONFIG shows no IP addresses being set. Oddly, it Windows Update may have worked overnight in this configuration. However, I cannot access the LAN or WAN from the laptop.

Where am I going wrong in the switch VLAN configuration?

I followed guidelines in http://www.brandontek.com/networking/solution-to-your-sonicpoint-wlan-woes/

Note DHCP service is set up for the two VLANS on the Sonicwall. Sonicwall also has firewalls open and closed for communication.

SWITCH CONFIGURATION:

VLAN Mgt >> Create a LAN:

1 DefaultVLAN Static

20 SonicpointN Corporate Static

30 SonicpointN Guest Static

VLAN >> Port Settings

Port e12 TRUNK PVID =1 Ingress Filter Enabled

Port e24 ACCESS PVID=20 Ingress Filter Enabled

OTHERS ACCESS PVID=1

VLAN >> Ports to LAN

VLAN=1, Static

Port e12 Trunk, Untagged

Port e24 Access, Excluded

OTHERS Access, Untagged

VLAN=20, Static

Port e12 Trunk, Tagged

Port e24 Access, Untagged

OTHERS Access, Excluded

VLAN=30, Static

Port e12 Trunk, Tagged

Port e24 Access, Untagged

OTHERS Access, Excluded

Ports >>> PoE

e24 Critical

mf-weiss1 · ‎12-11-2013

I had the same issue with the VAPs and SP vlans not working together. I suggest create separate vlan for SPs, then change the SP switchports to trunk and untag the vlan for SP, tag the vlans for guest & corp.

Here is my setup.

x0 = LAN

x0:v10 = Sonicpoints

x0:v50 = Guest WLAN

x0:v100 = Corp WLAN

Main SG200

GE23 = 10U,50T,100T (to Sonicpoint A)

GE24 = 1UP,10T,50T,100T (to Sonicwall X0)

GE26 = 1UP,10T,50T,100T (to other SG200)

2nd SG200

GE23 = 10U,50T,100T (to Sonicpoint B)

GE26 = 1UP,10T,50T,100T (to Main SG200)

kirkwatson · ‎12-12-2013

Mr. Weiss, thank you so much for your input. I must admit, though, I am confued by your nomenclature, and a bit by strategy.

First, for the "UP" links, does this mean trunking. On the SRW series, the switchport options are access|trunk|general and the membership is excluded|Tagged|Untagged. I presume the T above is Tagged, U is Untagged, but am confused with UP.

Second, it is intersting that the Sonicpoints (management) is on one VLAN and the traffic (corporate, guest) on another. I will have to look into that setup on the UTM. Why did you do this? The examples I have seen (Sonicpoint KB 5798, 5801) show one vlan for botht hte traffic and management. These don't show both Corporate and Guest traffic on the same SP, though...

Finally, do you have examples of how you set up the UTM firewall for cross VLAN traffic?

Many Thanks,

Kirk

mf-weiss1 · ‎12-12-2013

Sorry, I didn't meantion I am using Cisco SG200 series switches. It's just a GUI for setup and management.

All ports are set as Trunk. I had the SP ports as Access, but that didn't work on the VAP setup. The UP stands for untagged and PVID.

I setup the 3 vlans just for troubleshooting ease. I know I have one vlan for Sonicpoint communication, and the other two wireless for clients.

On Sonicwall I have Firewall Access rule WLAN (Corp) > LAN - Source=WLAN (Corp) Destination=LAN Subnets Service=Any. That allows wireless clients on corp SSID to access LAN hosts without using VPN, which I guess is what Sonicwall wants you to do.