12-06-2013 08:44 AM
I want to install a SonicPoint on an existing SRW224G4P switch. Sonicwall architecture uses VLAN to support multiple SSID on SonicPoint. Sonicwall interface X0 attached to port e12 on the switch, and the Soncipotn on e24, which is PoE enabled. In this configuration I can see the Sonicpoint is OPERATIONAL as seen on the sonicwall, so there is some communication between the two. Additionally, a laptop can see the SSID broadcast, and attach in a “limited” manner, but IPCONFIG shows no IP addresses being set. Oddly, it Windows Update may have worked overnight in this configuration. However, I cannot access the LAN or WAN from the laptop.
Where am I going wrong in the switch VLAN configuration?
I followed guidelines in http://www.brandontek.com/networking/solution-to-your-sonicpoint-wlan-woes/
Note DHCP service is set up for the two VLANS on the Sonicwall. Sonicwall also has firewalls open and closed for communication.
SWITCH CONFIGURATION:
VLAN Mgt >> Create a LAN:
1 DefaultVLAN Static
20 SonicpointN Corporate Static
30 SonicpointN Guest Static
VLAN >> Port Settings
Port e12 TRUNK PVID =1 Ingress Filter Enabled
Port e24 ACCESS PVID=20 Ingress Filter Enabled
OTHERS ACCESS PVID=1
VLAN >> Ports to LAN
VLAN=1, Static
Port e12 Trunk, Untagged
Port e24 Access, Excluded
OTHERS Access, Untagged
VLAN=20, Static
Port e12 Trunk, Tagged
Port e24 Access, Untagged
OTHERS Access, Excluded
VLAN=30, Static
Port e12 Trunk, Tagged
Port e24 Access, Untagged
OTHERS Access, Excluded
Ports >>> PoE
e24 Critical
12-11-2013 12:52 PM
I had the same issue with the VAPs and SP vlans not working together. I suggest create separate vlan for SPs, then change the SP switchports to trunk and untag the vlan for SP, tag the vlans for guest & corp.
Here is my setup.
x0 = LAN
x0:v10 = Sonicpoints
x0:v50 = Guest WLAN
x0:v100 = Corp WLAN
Main SG200
GE23 = 10U,50T,100T (to Sonicpoint A)
GE24 = 1UP,10T,50T,100T (to Sonicwall X0)
GE26 = 1UP,10T,50T,100T (to other SG200)
2nd SG200
GE23 = 10U,50T,100T (to Sonicpoint B)
GE26 = 1UP,10T,50T,100T (to Main SG200)
12-12-2013 07:18 AM
Mr. Weiss, thank you so much for your input. I must admit, though, I am confued by your nomenclature, and a bit by strategy.
First, for the "UP" links, does this mean trunking. On the SRW series, the switchport options are access|trunk|general and the membership is excluded|Tagged|Untagged. I presume the T above is Tagged, U is Untagged, but am confused with UP.
Second, it is intersting that the Sonicpoints (management) is on one VLAN and the traffic (corporate, guest) on another. I will have to look into that setup on the UTM. Why did you do this? The examples I have seen (Sonicpoint KB 5798, 5801) show one vlan for botht hte traffic and management. These don't show both Corporate and Guest traffic on the same SP, though...
Finally, do you have examples of how you set up the UTM firewall for cross VLAN traffic?
Many Thanks,
Kirk
12-12-2013 11:16 AM
Sorry, I didn't meantion I am using Cisco SG200 series switches. It's just a GUI for setup and management.
All ports are set as Trunk. I had the SP ports as Access, but that didn't work on the VAP setup. The UP stands for untagged and PVID.
I setup the 3 vlans just for troubleshooting ease. I know I have one vlan for Sonicpoint communication, and the other two wireless for clients.
On Sonicwall I have Firewall Access rule WLAN (Corp) > LAN - Source=WLAN (Corp) Destination=LAN Subnets Service=Any. That allows wireless clients on corp SSID to access LAN hosts without using VPN, which I guess is what Sonicwall wants you to do.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide