SonicOS 7 Switch Network
- SonicOS 7
- Overview
- Managing from a Firewall
- Adding a Switch to a Firewall with Zero-Touch
- Adding a Switch to a Firewall Manually
- Changing the Switch Configuration
- Upgrading Firmware
- Shutting Down the Switch
- Restarting the Switch
- Setting Up PoE
- Adding a VLAN
- Adding Static Routes
- Editing DNS
- Setting Up QoS
- Setting Up Users
- Setting Up 802.1X Authentication
- Daisy-Chaining Switches
- Connecting Access Points
- Modifying the MAC Address Table
- Checking Port Statistics
- Configuring Switch Topologies
- Configuring Basic Topologies
- Connecting the Switch Management Port to a Firewall
- Configuring a Common Uplink
- Configuring a Dedicated Uplink
- Configuring a Hybrid System with Common and Dedicated Uplinks
- Configuring Isolated Links for Management and Data Uplinks
- Configuring High Availability
- Configuring VLANs With Dedicated Uplinks
- Configuring a Link to SonicWall Access Points
- SonicWall Support
Configuring VLANs With Dedicated Uplinks
Topics
- Prerequisites for VLAN Support
- Configuring a Dedicated Uplink for VLANs
Prerequisites for VLAN Support
- Support for VLANs is available on dedicated and common uplinks. For example, VLANs can be configured under firewall interfaces configured as a dedicated uplink. VLANs also can be configured under the firewall interface provisioned as the common uplink for the Switch.
- Overlapping VLANs cannot exist under appliance interfaces configured as dedicated uplinks to the same Switch because VLAN space on the Switch is global. For example, if X3 and X5 are configured for dedicated uplinks to the same Switch, VLAN 100 cannot be present under both X3 and X5. Such a configuration is rejected. If X3 and X5 are dedicated uplinks to different Switches, however, then such a configuration is accepted.
- Overlapping VLANs cannot exist under common uplink interfaces. For example, if X3 is set up as a common uplink to a Switch and VLAN 100 exists under X3, another interface that is configured as a common uplink to a second Switch, for example, X4 cannot have a VLAN 100 sub-interface.
- PortShielding of Switch interfaces to common uplink interfaces without selecting any VLANs for access/trunk configuration is not supported.
To change the Reserved VLAN range on the firewall, do so before adding the SonicWall Switch. If the Reserved VLAN range changes after connecting the Switch, then the Switch must be removed and re-added.
Configuring a Dedicated Uplink for VLANs
Topics
Dedicated Uplink for VLAN Topology
In a dedicated uplink configuration, a given link between the firewall and the Switch designated as the dedicated uplink is set up to carry traffic for all VLANs configured under the firewall interface plus PortShield traffic corresponding to the firewall interface.
VLANs must first be setup at the firewall interface.
- The link between X3 and port 2 on the Switch is used by the firewall to manage the Switch.
- Interface X3 is configured to be in the same subnet as the IP of the Switch.
In this example, a common uplink is not required, hence, the Switch is provisioned with the Firewall Uplink and Switch Uplink options set to None and Switch Management set to 1.
- There are three VLAN interfaces with VLAN tags 100, 150, and 200 configured under X5.
- The link between X5 on the firewall and port 3 on the Switch is a dedicated link set up to carry traffic tagged with VLANs 100, 150, and 200 and untagged traffic for X5.
Supporting such a topology, requires this configuration:
- Port 3 is portshielded to X5 with dedicated uplink option.
- Port 10 is portshielded to X5 and configured as a trunk to carry VLAN 100.
- Port 11 is portshielded to X5 and configured as a trunk to carry VLAN 150.
- Port 12 is portshielded to X5 and configured as an access to carry VLAN 200.
Configuring a Dedicated Uplink for a VLAN
Support for VLAN(s) is achieved in a multi-step configuration process:
-
Provision the Switch. The Switch can be provisioned with the:
- Firewall uplink and Switch uplink set to None if support for VLAN(s) alone is needed.
- Common uplink option if support is needed for an common trunk interface to carry PortShield traffic for other firewall interfaces along with VLAN(s) support.
-
Configure the dedicated link by:
- Choosing a Switch port that is connected physically to the firewall interface.
- Portshielding the port to the firewall interface.
- Choosing the dedicated link option.
- Select the Switch port on which VLAN(s) need to be enabled.
- Portshield the Switch port to the firewall interface.
- Configure the required VLAN(s) under the VLAN tab.
To configure a dedicated uplink for VLANs without a common uplink
Refer to Configuring a Dedicated Uplink:
- Add the Switch and set up the data uplink as described in Adding a Switch to a Firewall Manually
- Configure the options as described in Configuring a Dedicated Uplink to except ensure to select the Dedicated Uplink option.
- Navigate to Network > Interfaces.
- In the Interface Settings table, click the Configure icon for the interface you want to configure. The Edit Interface dialog displays.
-
From Zone, select on a zone type option to which you want to map the interface. More options display.
You can add PortShield interfaces only to Trusted, Public, and Wireless zones.
- In the Mode / IP Assignment drop-down menu, select PortShield Switch Mode. The options change again.
- From PortShield to, select the interface you want to map this port to. Only ports that match the zone you have selected are displayed.
- Click OK.
With this configuration, port 3 on the Switch carries tagged traffic for VLANs 100,150, and 200 and untagged traffic for IDV VLAN 6. Port 10 is a trunk port carrying tagged traffic for VLAN 100, Port 11 is a trunk port carrying tagged traffic for VLAN 150, and Port 12 is an access port carrying untagged traffic for VLAN 200. Ports 10, 11, and 12 are portshielded to X5 through the dedicated link between X5 and port 2T
Was This Article Helpful?
Help us to improve our support portal