How to provision X-Series switches on SonicWall TZ series firewalls
Description
SonicWall X-Series Solution: How to provision X-Series switches on SonicWall TZ series firewalls
Resolution
For information on other SonicWall X-Series Solution related topics:
How to provision X-Series Switches on a SonicWall TZ series firewall
How to provision X-Series Switches on a SonicWall TZ High Availability (HA) system
SonicWall X-Series Solution - Support for SonicWall Virtual Interfaces (VLANs)
SonicWall integration with X-Series Switches FAQ
SonicWall X-Series Solution Overview
How to manage X-Series switch's admin credentials and management IP through the X-Switch's UI
SonicWall X-Series Solution: Which models of X-Switches has support for POE+
SonicWall X- Series Solution How to backup and restore X-Series switches
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How to provision a X-Switch on a SonicWall TZ series firewall?
- Check and Upgrade SonicWall TZ firewall SonicOS
- Prepare a X-Switch for SonicWall intergration
- Configure X-Switch into factory default mode
- Configure X-Switch into manage mode
- Provision a X-Switch on SonicWall
Step 1: Check SonicWall TZ firewall SonicOS version and upgrade if needed.
SonicWall X-Series Solution is only supported on SonicOS 6.2.5.0 or higher.
SonicWall X-Series Solution only supports SonicWall TZ series firewalls in SonicOS 6.2.5.0
Step 2: Preparing X-Switches for SonicWall integration:
- Configuring the X-Switch into factory default mode
- Configuring the X-Switch into manage mode
Note: A factory default X-Switch is recommended for the SonicWall X-Series Solution. It guarantees that the X-Switch's configurations are in a well known state and can be managed from SonicOS.
If you wish or need to modify the X-Switch basic parameters such as the Management IP and Credentials, you need to use the X-Switch User Interface. For details, see KB185479 (SonicWall X-Series Solution: How to mange X-Series switch's admin credentials and management IP through the X-Switch's UI).
Note: You cannot modify the X-Switch's Management IP and Credentials from SonicOS
The factory default X-Switch parameters in manage mode are:
- The management IP address is 192.168.2.1
- The admin user name is: admin
- The admin password is: admin
- All switch ports are in the default vlan of "vlan1"
Step 2a: Configure X-Switch into factory default
Locate the RESET button and press the RESET button for at least 7 seconds and release. The X-Switch will reboot into factory default mode.
Note: If the X-Switch is not in manage mode then it cannot be manage from SonicOS
Step 3: Provision and connect a factory default X-Switch on SonicWall in stand alone mode
Setup a port on SonicWall to manage a X-Switch
Select and Configure an interface on the SonicWall TZ firewall to manage the X-Switch (X-Switch management port). This interface must be in the same subnet as the X-Switch's management IP (192.168.2.1)
In the following example:
Interface X3 on the firewall is selected as the firewall's X-Switch management port
- we created a custom zone "X-Switch Management"
- assign X3 to the zone "X-Switch Management" with a static IP address (192.168.2.254/24)
Add a factory default X-Switch in SonicOS.
Go to Network | PortShield Groups | External Switch Configuration tab
Click the Add Switch.... button for the Add Switch menu
In the Add Switch menu, enter the request information and click the Add button to accept the settings
Note: The Switch Management link can be on a dedicated switch port and does not need to be shared with the Common Uplink. If you have limited port resources, then a share Common Uplink is a helpful option.
Next, we have a no Common Uplink example:
In this scenario, no Common Uplink is defined. The Switch Management is on a dedicated management link.
In lieu of using a Common Uplink, we will setup Dedicated Uplinks later.
Both the Firewall Uplink and Switch Uplink is set to None and only the Switch Management is defined.
View the SonicWall / X-Switch Uplink in SonicOS
Go to Network | PortShield Groups | Port Graphics tab
Here, we can view various Uplinks.
The ports with the up arrows are the Uplink Ports, the Uplink Portswith the same color are cabled together.
In the following example, we show a Shared Common Uplink, functioning as both the Common Uplink and the Switch Management link.
Next example, shows a dedicated management link and no Common Uplink.
The X-Switch port 2 has a silhouette of a person to indicate that it is the Switch management port.
Dedicated Uplinks are not defined yet and can be defined after PortShields are setup.
Here, the SonicWall X-Switch management port was selected as X3 with IP of 192.168.2.254/24
and is in the same subnet of a factory default X-Switch management IP with 192.168.2.1
X-Switch management (port 2) is cable to SonicWall X3
Next, assign X-Switch ports to SonicWall PortShield groups
Go to Network | PortShield Groups | Port Graphics tab
Select the X-Switch ports (you may select multiple ports) and click the Configure button for the Switch Port Settings menu
In Switch Port Settings menu, enter the required parameters:
Port Enable: (Enabled)
PortShield Interface: (SonicWall port #)
Link Speed: (Auto Negotiate)
In the following example:
X-Switch ports 3, 4, 5 are Portshield to SonicWall interface X0
X-Switch ports 6, 7, 8 are Portshield to SonicWall interface X2
On a SonicWall in stand alone mode, you may also PortShield SonicWall ports. This option is not allowed for SonicWalls in HA.
In this example we wish to configure:
- SonicWall port X4 PortShield to X2
- SonicWall port X5 PortShield to X0
Select the SonicWall ports (you may select multple ports) and click the Configure button for the Switch Port Settings menu
In Switch Port Settings menu, enter the required parameters:
Port Enable (Enabled)
PortShield Interface: (SonicWall port #)
Link Speed: (Auto Negotiate)
Next, configure PortShield Dedicated Uplinks
Go to Network | PortShield Groups | Port Configuration tab
Select a X-Switch port and click its Configure button to enter the Switch Port Settings menu
Select the check box "Dedicated Uplink...."
The Port Configuration tab, list all SonicWall ports and X-Switch ports and what portshield groups they belong to if any.
X-Switch ports that are assigned to a SonicWall Portshield groups can be assign the role of Dedicated Uplink. The role of a Dedicated Uplink is to carry traffic for a particular Portshield group.
From the Port Configurations tab
Select the X-Switch port and click its Configure button to enter the Switch Port Settings menu
In the Switch Port Settings menu select the check box "Dedicated Uplink... and click OK
In the following example:
X-Switch port (ES1: 3) is a member of portshield X2. It is selected as the Dedicated Uplink for portshield group X2.
To view the Dedicated Uplinks
Go to Network | PortShield Groups | Port Graphics tab
The ports with the up arrow are the Uplink Ports and the same color Uplink Ports should be cabled together.
In the following example for Dedicated Uplinks:
X-Switch port 3 is cabled to SonicWallX2 as a Dedicated Uplink for PortShield group X2
X-Switch port 7 is cabled to SonicWall X0 as a Dedicated Uplink for PortShield group X0
X-Switch port 2 is cabled to SonicWall X3 as the Switch Management Link
Next example, shows a Common Uplink in conjunction with Dedicated Uplinks (mix mode Uplinks)
You can also define a Common Uplink in conjunction with Dedicated Uplinks (mix mode Uplinks).
In this scenario a Dedicated Uplink only carry PortShield traffic that has been assigned to it and the Common Uplink carries all other PortShield traffic not covered by Dedicated Uplinks.
In the following example for mixed mode Uplinks:
X-Switch port 3 is cabled to SonicWall X2 as a Dedicated Uplink for PortShield group X2
X-Switch port 2 is cabled to SonicWall X3 as a Common Uplink for all other PortShield traffic
X-Switch port 2 also serves as the Switch Management Link
