Configuring a Common Uplink

SonicWall Switches can be managed by the firewall, thereby providing a unified management option. The common uplink configuration allows a single link between the firewall and the Switch to be designated as the uplink that carries all PortShield traffic, both management and data. Both the firewall and Switch ports are configured as trunk ports for carrying tagged traffic for VLANs corresponding to all the firewall interfaces. The VLAN tag of the traffic is used to associate the traffic to the PortShield group to which it belongs through the application of IDV (Interface Disambiguation via VLAN).

The advantage of such a deployment option is to separate a set of firewall/Switch ports that are not being used for management traffic. The disadvantage is that a high amount of data traffic can penalize forwarding of management traffic as the same link is shared for both types of traffic.

The diagram, Common Uplink Topology, shows a typical integration topology of a firewall with a SonicWall Switch:

• The firewall uplink interface is X3.
• The Switch uplink interface is 2.

This uplink between X3 on the firewall and port 2 on the Switch is a common link set up to carry PortShield traffic between H1 / H2 and H3 / H4. The uplink is also the one on which the Switch is managed by the firewall. In such a configuration, X3 is configured in the same subnet as the IP of the Switch (see Connecting the Switch Management Port to a Firewall). Also, X3 is configured as the firewall uplink.

To configure a common link

A firewall-to-Switch common link can be made by adding the Switch through Zero-Touch or configuring it manually as described in:

• Before Adding a Switch
• Adding a Switch to a Firewall with Zero-Touch
• Adding a Switch to a Firewall Manually

Both of these options help configure a common link by selecting the proper interface.

In both cases, to create a management link, DHCP on the firewall must be configured to address the IP subnet including the default IP address of the Switch management interface. For details, refer to Connecting the Switch Management Port to a Firewall.

1. Set up the firewall port X3 with the same IP subnet as the Switch management port.
   1. Navigate to Network > DHCP Server and click on the Configure icon (pencil) for the X3 interface.
   2. Configure the DHCP lease to cover the Switch management IP address.The default IP address for the Switch management interface is 192.168.168.169, so the range of DHCP scope settings should include this.

2. Add the Switch to the network as described in Adding a Switch to a Firewall Manually by navigating to DEVICE | Switch Network > Overview > List View .

   1. Click on Add Switch.
   2. When the dialog box appears, set the Switch Uplink and Switch Management ports to 2 and the Firewall Uplink to X3.
   3. Click Apply to save the configuration.
3. In Overview > Physical View, a single link should now appear between the firewall and the Switch.