check the below video :

https://www.youtube.com/watch?v=ZdEe7cU3x1Q

if done all same as mentioned video, check you are on latest firmware. and show ip route

Hi, 

I follow these step.

I can ping the IP of the switch in the other Vlan but can't ping PC.

Should i change my gateway and put IP of my VLAN i belong to?

Thanks

Does the other PC (in vlan100) has its default-gateway address configured as the vlan100-interface ipadress of switch?

No, I have my routeur IP as gateway.

I need to put the ip of VLAN? 

Thx

Hi, 

Ok so if i put as my GW the IP of VLAN 1 : 192.168.10.250 , i can ping device on ohter VLAN.

But i cant access internet.

do i need to add a new route ? my router is connected directly to this VLAN with 192.168.10.1 as IP

There are two options how to solve your problem:

1. connect your switch to your router by a trunk line and let your router to route between vlans
2. deploy router on a stick solution and let your switch to route between vlans

Option 1 

Disable ip routing on your switch. Create required vlans on your switch without ip configuration. Create same vlans on your router and configure there ip addresses for them (let's say 192.168.10.1/24 for vlan 1 and 192.168.100.1 for vlan 100). Create trunk line between your switch and your router with vlans you created. Configure computer in vlan1 like 192.168.10.10/24, gw 192.168.10.1. Configure computer in vlan 100 like 192.168.100.10/24, gw 192.168.100.1. Done. Your router will manage vlan routing and both computers should be able to reach internet.

Option 2

Enable ip routing on your switch. Create required vlans on your switch with ip configuration (let's say 192.168.10.1/24 for vlan 1 and 192.168.100.1/24 for vlan 100). On one of the switch ports change its mode to L3 and create ip configuration from another subnet than your vlans are (let's say 192.168.50.1/24). On your router configure interface, that will be connected to the ip configured port on the switch, like 192.168.50.2/24. On your router add new static routes for your vlans like 192.168.10.0/24, next hop 192.168.50.1 and 192.168.100.0/24, next hop 192.168.50.1. On your switch create default route like 0.0.0.0/0 with next hop to 192.168.50.2. Configure you computers in the same way like in the Option 1. Done. Your switch will manage vlan routing and both computers should be able to reach internet.

I hope I haven't forgotten anything and it's understandable.

Hi, 

Thanks for your reply.

What I did is enable routing on switch , put 2 IP for VLAN:

VLAN1 : 192.168.1.250

VLAN 100 : 192.168.100.250

my routeur have 2 internal interface (192.168.1.1 and  192.168.100.1)

Each interface is connected directly to VLAN (so no need to route back i guess)

I add default route on switch 0.0.0.0 0.0.0.0 192.168.1.1

I can ping 8.8.8.8  from vlan 1 but not from vlan 100, so maybe i need a route back for this vlan on router as default route goes to 192.168.1.1

Thanks

Try to disable IP routing on the switch and configure computer in vlan 1 with default gateway 192.168.1.1 and computer in vlan 100 with default gateway 192.168.100.1.

Hi

I want to be able to access devices on other vlan so routing need to be on.

I can't access internet from VLAN 100 , so i guess i need to set up something on my sonicwall router.

VLAN 1 seems fine when I put 192.168.1.250 as GW  

Thx

Maybe somebody else can give you better advice, but I think you have to choose from two options that i wrote earlier. Anyway good luck!

Hi yvan

If you want to follow your own thought-process and stick to what "you" think is the correct way to configure....then, well, who are we to prevent you from going ahead with whatever you think is right....

But sincerely and for your own benefit of configuring and running a better network and also importantly a efficient network (based on your present network resources and ofcourse refering to your present network constraints), i would strongly suggest that "atleast", (and its the least we could do), you should try out "Option-2" as suggested by "Radim Smehlik"

The Option-2 as proposed by Radim Smehlik is the "best" config that you could apply to your network-deployment, and it would result in a efficient and proper network processing and routing.

It will result in something like below:

{your lan-vlans-1/100/20/30}---vlan-interfaces[L3-switch]vlan50-int------vlan50-int[Sonic-wall-router](nat)-----internet

what Radim-Smehlik has proposed in option-2 is correct, and its to be configured as such:

2. On L3-switch,

a) enable IP-routing and also configure your  vlans as below:

vlan1: create a vlan1-interface with the ipaddr 192.168.1.1/24

vlan10: create a vlan10-interface with the ipaddr 192.168.10.1/24

vlan20: create a vlan20-interface with the ipaddr 192.168.20.1/24

vlan100: create a vlan100-interface with the ipaddr 192.168.100.1/24

....and so on

b) AND next on the L3-switch again,

- also create the below vlan50 too,

vlan50: create a vlan50-interface with the ipaddr 192.168.50.1/24

Note: Ensure that NO lan-hosts or servers connect/use this vlan50...its purely for routing traffic from lan-network to internet via the sonic-wall router

- and connect one port of the L3-switch-port to ONE lan-interface of Sonic-wall router.

Note: this port on the L3-switch by default will be a access-port OR untagged port...so accordingly ensure that the port on sonic-wall connecting to this switch is also a untagged

c) And lastly add the below default route on this L3-switch

ip route 0.0.0.0 0.0.0.0 via 192.168.50.2

Note: The 192.168.50.2 will be the ipaddress of the sonic-wall router lan-port connecting to this L3-switch-port

3. On the Sonic-wall router,

- configure the lan-interface to be in vlan50 and untagged, AND give it the ipaddress 192.168.50.2/24

- Next you have to add the below routes for each of the vlans you have configured on the L3-switch (your lan-network subnets)

ip route 192.168.1.0/24 via 192.168.50.1 dev <interface vlan50-lan-interface>

ip route 192.168.10.0/24 via 192.168.50.1 dev <interface vlan50-lan-interface>

ip route 192.168.20.0/24 via 192.168.50.1 dev <interface vlan50-lan-interface>

ip route 192.168.100.0/24 via 192.168.50.1 dev <interface vlan50-lan-interface>

...and so on

------------------------------------------------------

So in summary what would happen is that 

- any traffic between PC1 (192.168.1.20) and PC2 (192.168.100.2) will be routed and switched within the L3-switch 

- And traffic from PC1 to Internet will be routed via the L3-switch to the Sonicwll router (becos of default-route on L3-switch to 192.168.50.2), and then NATed to the public-ipaddress of the router-wan and forwarded to the internet....and the reply-traffic from Internet will be reverse-nated by the sonic-wall router and then it will refer to the static-route for 192.168.1.x/24 network and forward this reply-traffic to the L3-switch(via 192.168.50.1)

- And the traffic from PC2 to Internet will also be routed via the L3-switch to the Sonic-wall router (due to the default-route on the switch), and follows the same process as above for the reply traffic too....

So again, i would say that the Option-2 proposed by "Radim Smehlik" is correct, proper, NEAT & EFFICIENT....the decision is left to you

Note Also IF there are many vlans in your lan-network...then iam sure Radim would have proposed in that case to run a "dynamic-routing protocol" (such as RIPv2, OSPF, etc) between the L3-switch vlan50-interface & the vlan50-interface on Sonic-wall router....then you wont need to add the multiple static-routes for as many vlans in your lan-network

1. Connect all your lan-hosts and servers in various Lan-vlans