Vlan Configuration between Cisco and Sonicwall

vinish milton · ‎08-16-2013

Hi,

I am new the Vlan configuration. Recently I have purchase cisco L3. I want my sonicwall to be the primary L3 routing. We have around 2000 users. Users need to be get ip from sonicwall(DHCP).

My ip plan is as below.

Sonicwall Ip : 10.10.20.1

Cisco 3560 Management Vlan1 ip : 10.10.20.2

Vlan 10 : 10.10.0.1/255.255.252.0

Vlan 20 : 10.20.0.1/255.255.254.0

Vlan 30 : 10.30.0.1/255.255.254.0

vlan 40 : 10.40.0.1/255.255.252.0

Vlan 50 : 10.50.0.1/255.255.255.254.0

Vlan 60 10.60.0.1/255.255.255.0

Vlan 70 ip : 10.70.0.1/255.255.254.0

Vlan 80 : 10.80.0.1/255.255.254.0

All Vlan port will connected to respective building L2 switch( like Vlan 10 Port 1 connected to Academic building cisco L2 switch, Vlan 20 port 2 connected to mechanical building L2 et.,) I have 8 access points. It connected to L2 switches. Access point controller connected to L3 switch. User will be get ip from sonicwall.

How can I configure L3 and L2 switch? Pl guide.

Thanks.

John Blakley · ‎08-16-2013

You'll need to have routing enabled to route between vlans with the "ip routing" command. (It may be on by default on the 3560X.) You'll need to create L3 svis to attach to the vlans on the switch after you create the vlans:

vlan 10

vlan 20

etc.

int vlan 10

ip address 10.10.0.1 255.255.252.0

no shut

int

switchport mode access

switchport access vlan 10

You can do this for all of the vlans. To get dhcp, let's assume the main dhcp server is on vlan 10. On every other vlan interface you would add "ip helper-address ". For example, if you dhcp server was 10.10.0.100, then on vlan 20, you would have a scope on the dhcp server for the 10.20.0.0 subnet. Then on the svi, you would add:

int vlan 20

ip helper-address 10.10.0.100

Technically, you won't need to do anything with vlans on the sonicwall. You just need to route back to the 3560 for all of your subnets, and you can do that with a static route or ospf/rip if the Sonicwall supports that. I would recommend ospf if you have the option....

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

vinish milton · ‎08-16-2013

Thanks your reply John,

As per the Sonicwall guidence i have done the below configuration at L3, now all vlan is working and users get respetive ips, i have connected Access point controler to port no 15. The problem is cant communication between access point controler and access point(except Admin building Access point, which is connected to vlan 30). Kindly guide me.

User Access Verification

Password:

Switch>en

Password:

Switch#sh run

Building configuration...

Current configuration : 4393 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$rv8J$rIMAenBP8yMbdlr2HbFPM.

!

no aaa new-model

system mtu routing 1500

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0

no ip address

shutdown

!

interface GigabitEthernet0/1

switchport access vlan 10

spanning-tree portfast

!

interface GigabitEthernet0/2

switchport access vlan 20

spanning-tree portfast

!

interface GigabitEthernet0/3

switchport access vlan 30

spanning-tree portfast

!

interface GigabitEthernet0/4

switchport access vlan 40

spanning-tree portfast

!

interface GigabitEthernet0/5

switchport access vlan 50

spanning-tree portfast

!

interface GigabitEthernet0/6

switchport access vlan 60

spanning-tree portfast

!

interface GigabitEthernet0/7

switchport access vlan 70

spanning-tree portfast

!

interface GigabitEthernet0/8

switchport access vlan 80

spanning-tree portfast

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

!

interface GigabitEthernet0/11

!

interface GigabitEthernet0/12

!

interface GigabitEthernet0/13

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

switchport access vlan 30

spanning-tree portfast

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

description trunk link to sonicwall

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

no cdp enable

spanning-tree portfast

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface GigabitEthernet1/3

!

interface GigabitEthernet1/4

!

interface TenGigabitEthernet1/1

!

interface TenGigabitEthernet1/2

!

interface Vlan1

ip address 10.10.20.2 255.255.255.0

no ip route-cache

no ip mroute-cache

!

ip default-gateway 10.10.20.1

ip classless

ip http server

ip http secure-server

!

snmp-server community public RO R0

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

Switch#

jawad-mukhtar · ‎08-16-2013

i did'not see any vlan in your config

you must create all vlan

interface valn 10

IP address ?

no shut

intterface vlan 20

ip address ?

no shut

interface vlan 30

ip address ?

no shut

also check from

sh ip int brief

all vlan exist are up if its not up that means its down .

Jawad

John Blakley · ‎08-16-2013

In order to route out of the vlan (port 15 being an access port), you'll need to have an svi attached to the vlan. Create a vlan 30 interface (int vlan 30) and assign the respective address to it. Make sure that you change the devices on that vlan to use the interface vlan 30's ip address as their default gateway.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

vinish milton · ‎08-16-2013

thanks,

can you provide me full command, so that i can configure the same and resolve this proble,

jawad-mukhtar · ‎08-17-2013

On L3 Switch Configure These vlans as below

interface vlan 1

ip address 10.10.20.1 255.255.255.0

no shut

interface vlan 10

ip address 10.10.0.1 255.255.255.252.0

no shut

interface vlan 20

ip address 10.20.0.1 255.255.254.0

no shut

interface vlan 30

10.30.0.1 255.255.255.254.0

no shut

interface vlan 40

ip address 10.40.0.1 255.255.252.0

no shut

interface vlan 50

ip adress 10.50.0.1 255.255.255.254.0

no shut

interface vlan 60

ip adddress 10.60.0.1 255.255.255.255.0

no shut

interface vlan 70

ip adress 10.70.0.1 255.255.254.0

no shut

interface vlan 80

ip address 10.80.0.1 255.255.255.254.0

no shut

VLAN 1

name Management

Vlan 10

name Academic

Vlan 20

name Mechanical

Vlan 30

name Admin

Vlan 40

name Diploma

Vlan 50

name MBA

Vlan 60

name Workshop

Vlan 70

name E&TC

Vlan 80

name Computer

ip routing

interface fastethernet 0/24

***Description Connected to Academic Building Switch ***

switchport trunk encapsulation dot1q

switchport mode trunk

switchprot trunk allowed vlan 1,10,20,30,40,50,60.70,80

interface fasterthernet 0/23

***Description Connected to Mechanical Building Switch ***

switchport trunk encapsulation dot1q

switchport mode trunk

switchprot trunk allowed vlan 1,10,20,30,40,50,60.70,80

interface fasterthernet 0/22

***Description Connected to Access Point Switch ***

switchport trunk encapsulation dot1q

switchport mode trunk

switchprot trunk allowed vlan 1,10,20,30,40,50,60.70,80

interface fasterthernet 0/20

***Description Connect to SonicFW ***

switchport mode access

switchprot access vlan 1

L2 Switch Configuration will be same for all l2 switches

interface vlan 1

ip address 10.10.20.5 255.255.255.0 (for management purpose just change ip on other L2 Switches)

no shut

interface vlan 10

no shut

interface vlan 20

no shut

interface vlan 30

no shut

interface vlan 40

no shut

interface vlan 50

no shut

interface vlan 60

no shut

interface vlan 70

no shut

interface vlan 80

no shut

VLAN 1

name Management

Vlan 10

name Academic

Vlan 20

name Mechanical

Vlan 30

name Admin

Vlan 40

name Diploma

Vlan 50

name MBA

Vlan 60

name Workshop

Vlan 70

name E&TC

Vlan 80

name Computer

ip defaul-gateway 10.10.20.2

interface fastethernet 0/24

*** Description will be contted to l3 Switch***

switchport mode trunk

switchprot trunk allowed vlan 1,10,20,30,40,50,60.70,80

Now Keep IN mind

all respective clients that belong vlan

1,10,20,30,40,50,60.70,80

gateway will be their respective vlan that u have created for each client on l3 Switch

e.g

vlan 10 client

gateway will be L3 Switch vlan IP

10.10.0.1

vlan 20 cleint

gateway will be l3 switch vlan ip

10.20.0.1

etc... like dat

***Do Rate All Helpful Posts***

Jawad

jawad-mukhtar · ‎08-17-2013

Adding

L2 Switches if u want to assing interface to vlan

just go under that interface

interface fastethernet 0/1

switchport modes access

switchport access vlan x (which ever u want to assign)

Jawad

vinish milton · ‎08-17-2013

Thanks for your support, i will configure and let you know.

vinish milton · ‎08-18-2013

Hi,

thanks for your support, i like to be add the below DHCP on my sonicwall and user will need to be get this scope from sonicwall, can you pl tell how can i configure at L3?

10.10.0.21 - 10.10.3.254

10.20.0.21 - 10.20.1.254

10.30.0.21 - 10.30.1.254

10.40.0.21 - 10.40.3.254

10.50.0.21 - 10.50.1.254

10.60.0.21 - 10.60.0.254

10.70.0.21 - 10.70.1.254

10.80.0.21 - 10.80.1.254

paolo bevilacqua · ‎08-17-2013

Wrong forum, post in "LAN and switching". You can move your posting using the Actions panel on the right.

vinish milton · ‎08-18-2013

i have move this forum to Lan & switching.

vinish milton · ‎08-19-2013

Does anyone have any advice on how to get my VLANs connected to the internet?

jawad-mukhtar · ‎08-19-2013

vinish u have not provided feedback of above configuration which i provided.

for internet to work u will have to add default route in your 3560

ip route 0.0.0.0 0.0.0.0 (next ho gateway Internet Device IP)

****Do Rate All Helpful Posts****

Jawad

vinish milton · ‎08-19-2013

Hi, Jawad, your configuration is very very helpful for me and my team, thanks for your helpful support. i have done all configuration on L3 & sonicwall, now user able to get respective VLan ip & internet. i need your support always. once again thanks.