Configuring VLAN(s) With Dedicated Uplink(s) on SonicWall switch

06/15/2020 49 People found this article helpful 475,617 Views

Description

Prerequisites for VLAN Support
• Support for VLANs is available on dedicated and common uplinks. For example, VLANs can be configured under firewall interfaces configured as a dedicated uplink. VLANs also can be configured under the firewall interface provisioned as the common uplink for the Switch.
• Overlapping VLANs cannot exist under appliance interfaces configured as dedicated uplinks to the same Switch because VLAN space on the Switch is global. For example, if X3 and X5 are configured for dedicated uplinks to the same Switch, VLAN 100 cannot be present under both X3 and X5. Such a configuration is rejected. If X3 and X5 are dedicated uplinks to different Switches, however, then such a configuration is accepted.
• Overlapping VLANs cannot exist under common uplink interfaces. For example, if X3 is set up as a common uplink to a Switch and VLAN 100 exists under X3, another interface that is configured as a common uplink to a second Switch, for example, X4 cannot have a VLAN 100 sub-interface.
• PortShielding of Switch interfaces to common uplink interfaces without selecting any VLANs for access/trunk configuration is not supported.

NOTE: To change the Reserved VLAN range on the firewall, do so before adding the SonicWall Switch. If the Reserved VLAN range changes after connecting the Switch, then the Switch must be removed and re-added.

Resolution

Dedicated Uplink for VLAN Topology:
In a dedicated uplink configuration, a given link between the firewall and the Switch designated as the dedicated uplink is set up to carry traffic for all VLANs configured under the firewall interface plus PortShield traffic corresponding to the firewall interface.

NOTE: VLANs must first be setup at the firewall interface.

• The link between X2 and port 23 on the Switch is used by the firewall to manage the Switch.
• Interface X2 is configured to be in the same subnet as the IP of the Switch.

NOTE: In this example, a common uplink is not required, hence, the Switch is provisioned with the Firewall Uplink and Switch Uplink options set to None and Switch Management set to 23.

• There are two VLAN interfaces with VLAN tags 190, and 195 configured under X0.
• The link between X0 on the firewall and port 3 on the Switch is a dedicated link set up to carry traffic tagged with VLANs 190, and 195 and untagged traffic for X0.
Supporting such a topology, requires this configuration:
• Port 3 is portshielded to X0 with dedicated uplink option.
• Port 14 is portshielded to X0 and configured as a access to carry VLAN 190.
• Port 16 is portshielded to X0 and configured as a access to carry VLAN 195.

Configuring a Dedicated Uplink for a VLAN:
Support for VLAN(s) is achieved in a multi-step configuration process:

Provision the Switch. The Switch can be provisioned with the:
• Firewall uplink and Switch uplink set to None if support for VLAN(s) alone is needed.
• Common uplink option if support is needed for an common trunk interface to carry PortShield traffic for other firewall interfaces along with VLAN(s) support.
Configure the dedicated link by:
a) Choosing a Switch port that is connected physically to the firewall interface.
b) Portshielding the port to the firewall interface.
c) Choosing the dedicated link option.
Select the Switch port on which VLAN(s) need to be enabled.
Portshield the Switch port to the firewall interface.
Configure the required VLAN(s) under the VLAN tab.