Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5516
Views
45
Helpful
22
Replies

6500 trunk to Sonicwall not working

petedachelet
Level 1
Level 1

‎04-03-2012 12:14 PM - edited ‎03-07-2019 05:56 AM

Trunk link not working between 6500 switch and Sonicwall TZ 210 firewall.  I'm trying to trunk 2 vlans from 6500 switch to port on sonicwall to allow Internet access to both vlans.  All vlans are allowed on trunk link currently and on the Sonicwall interface x0 has IP address 172.16.2.20 with a subinterface with vlan 4 tag and IP 172.16.4.2

Here are the details of what I am trying to configure on the 6500:

vlan 2

name Servers

!

vlan 4

name Workstations&Printers

interface Vlan2

ip address 172.16.2.1 255.255.255.0

!

interface Vlan4

ip address 172.16.4.1 255.255.255.0

interface GigabitEthernet2/1

no ip address

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

ip route 0.0.0.0 0.0.0.0 172.16.2.20  (IP of SonicWall)

Any help would be greatly appreciated,

Pete

Labels:
0 Helpful
22 Replies 22

petedachelet
Level 1
Level 1
In response to Mandlenkosi Nkiwane

‎04-05-2012 01:30 PM

Yeah X0 is assigned to LAN zone and cannot be changed.  I am able to change the zone of the sub-interface for vlan 4 to WAN though if need be.

0 Helpful

Mandlenkosi Nkiwane
Level 3
Level 3
In response to petedachelet

‎04-05-2012 01:40 PM

So change X1 to WAN zone and have it connected to your external connection.

I am trying to understand what you mean by sub-interface for vlan 4?

I thought you only have 6 interfaces on the Sonicwall that can be zoned to LAN, WAN or DMZ and assigned IP addresses...?

0 Helpful

petedachelet
Level 1
Level 1
In response to Mandlenkosi Nkiwane

‎04-05-2012 01:51 PM

X1 is assigned to WAN zone and connected to external connection.

With the latest firmware update for Sonic OS it allows you to create vlan sub-interfaces with vlan tag that are part of any of the LAN interfaces.  I am using X0 which has the IP address 172.16.2.20 effectively making it part of vlan 2 and off of that is where the sub-interface for vlan 4 is.

See attached screenshot for a better picture.

Pete

0 Helpful

Mandlenkosi Nkiwane
Level 3
Level 3

‎04-05-2012 02:00 PM

Got it....

What I am thinking is that you need to remove the IP address on the XO interface and then create another sub-interface then for Vlan 2...if the sonicwall will allow you.

petedachelet
Level 1
Level 1
In response to Mandlenkosi Nkiwane

‎04-05-2012 02:27 PM

The Sonicwall will allow me to remove the IP address for x0 interface essentially putting the interface into an Unassigned zone and then I can create another subinterface for Vlan 2. Both sub-interfaces fall into the LAN zone.

The question now is what should I use for my static default gateway? It was pointing to 172.16.2.20 before which we now have removed from Sonicwall. Wondering if I should put the sub interfaces into the WAN zone and then possibly static default route would not be needed. Not sure.

Pete

Sent from Cisco Technical Support iPhone App

0 Helpful

Mandlenkosi Nkiwane
Level 3
Level 3
In response to petedachelet

‎04-10-2012 08:15 AM

Maybe you should change the static route to point to the interface instead:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet2/1

Of which I am not comfortable with....

____________

DuncanM2008
Level 1
Level 1
In response to Mandlenkosi Nkiwane

‎04-11-2012 02:47 AM

Hi Pete,

Could you post the output of the following commands please:

show interface Gi2/1 trunk

show interface Gi2/1 switchport

show mac-address-table | inc GigabitEthernet2/1

or (depending on IOS Version)

show mac address-table | inc GigabitEthernet2/1

Have you also tried sourcing your pings?

ping 172.16.2.20 source Vlan2

ping 172.16.4.2 source Vlan4

Could you also post a screenshot of the SonicWALL's ARP cache?

Network -> ARP

Will give us some clues to how Layer 2 connectivity is fuctioning between the devices.

Thanks,

petedachelet
Level 1
Level 1

‎04-11-2012 08:09 PM

Hi All,

I was able to get this issue resolved today with the help of SonicWall support.  Before contacting them I was able to get two separate host machines on the two different networks to be able to ping their respective sub-interface on the SonicWall but still no Internet connectivity to either host machine using the trunk from the switch.

Here is what was done to resolve the issue:

Instead of using a trunk from the switch to the SonicWall we changed the GigabitEthernet2/1 interface to a Layer 3 interface with an IP address on a separate network and then changed the x0 interface on SonicWall to be in the same network.  For my setup I used 172.16.1.1/30 and 172.16.1.2/30.  Then we removed the vlan sub-interfaces on the x0 interface and had to add address objects under the network settings on SonicWall.  Basically have to add a network type address object for each network (172.16.2.0 and 172.16.4.0) and also a host type address object for the switch IP 172.16.1.1.  Also under address objects we created a group address object and added the network objects we created to this group.  Last but not least we created a route policy that had the destination set to the group address object for the two networks and the gateway set to the switch host address object and interface set to x0.

In a nutshell this setup told the SonicWall what networks were on our switch and how to get there.

Thank you all for the help on this issue! Much apprecitated! 

Pete

0 Helpful
Customers Also Viewed These Support Documents