SG200 - between Sonicwall and ISP VLAN tagging

O K · ‎09-21-2016

Hi,

This issue is really bugging me as it should be very simple.

I have a Cisco SG 200-08 sitting between 2 sonicwall TZ 500 firewalls (customer bought these) and the ISP's ADVA FSP device, 1GB ethernet on all ports, the firewalls are in active/standby and the ISP only provides one ethernet port from the ADVA device, so I am using the SG 200-08 to terminate on both sonicwalls.

The ISP tags the traffic on VLAN 604 and I previously only had one sonicwall, so on the sonicwall WAN interface I created a subinterface for the ISP line tagged on VLAN 604 and directly connected to the ADVA and it all works.

Now I have 2 active/stdby sonicwalls and I use the SG 200 switch to split the ISP line, so I configured the 3 SG-200 ports for the ISP line in and the Sonicwall's as trunk ports allowing vlan 604 tagged..... but it doesn't work. When it didnt work I changed the ports to "General" admit tagged only PVID 604 and it still didnt work. So finally I removed the Subinterface on the sonicwall and set it up as a normal port and changed the port on the cisco switch for the sonicwalls as an access port on vlan 604 with the ISP port on the cisco as a trunk allowing vlan 604.... but still no joy.

I only had a brief window to do this on the customer site so I reverted back to the direct connection to one sonicwall and I am now scratching my head wondering what I didnt do correctly, so I can schedule another time to do it. Can someone help with the correct config of the 3 ports on the SG 200, 2 x sonicwall and one for the ISP. All ports are set to full duplex 100Mb.

The SG200 is web config only.... which isn't helping.

Thanks!