How to Configure Common and Dedicated Uplinks on SonicWall switch?
06/10/2020 
3 
3297
DESCRIPTION:
This KB explains the difference between the common uplink and dedicated uplink and how they can be configured.
RESOLUTION:
Connecting the Switch Management Port to a Firewall:
The interface connected to the management port of the switch must have an IP address from the same subnet as the switch. For example, if the management connection between the switch and the firewall is through X2, then X2 must have an IP address from the same subnet, such as 192.168.0.10. The default switch IP address is 192.168.0.239.
All port-based configuration operations are disabled on the switch port designated as the switch management and switch uplink ports. This action ensures that configuration operations on these critical ports do not lead to switch-reachability issues jeopardizing the integration solution.
Configuring a Common Uplink:
SonicWall switches can be managed by the firewall, thereby providing a unified management option. The common uplink configuration allows a single link between the firewall and the switch to be designated as the uplink that carries all PortShield traffic, both management and data. Both the firewall and switch ports are configured as trunk ports for carrying tagged traffic for VLANs corresponding to all the firewall interfaces. The
VLAN tag of the traffic is used to associate the traffic to the PortShield group to which it belongs through the application of IDV (Interface Disambiguation via VLAN).
The advantage of such a deployment option is to separate a set of firewall/switch ports that are not being used for management traffic. The disadvantage is that a high amount of data traffic can penalize forwarding of management traffic as the same link is shared for both types of traffic.
The diagram, Common Uplink Topology, shows a typical integration topology of a firewall with a SonicWall switch:
- The firewall uplink interface is X4.
- The switch uplink interface is 1.
This uplink between X2 on the firewall and port 1 on the switch is a common link set up to carry PortShield traffic between H1 / H2 and H3 / H4. The uplink is also the one on which the switch is managed by the firewall.
In such a configuration, X4 is configured in the same subnet as the IP of the switch. Also, X4 is configured as the firewall uplink.
Common link Configuration:
- Set up the firewall port X4 with the same IP subnet as the switch management port. We have configured X4 as 192.168.0.1/24.
- Navigate to MANAGE | Network | DHCP Server and make sure that a DHCP scope is available for X4.
- Setup the DHCP lease to cover the switch management IP address. The default IP address for the switch management interface is 192.168.0.239 so the range of DHCP scope settings shown in Setting DHCP Scope includes this.
Add the switch to the network as described by navigating to MANAGE | Switch Controller | Overview. The Add Switch button will appear in Physical View, List View, and VLAN View.- When the dialog box appears, set the Switch Uplink and Switch Management port to 1 and the firewall Uplink to X4.
In MANAGE | Switch Controller | Overview | Physical View, a single link should now appear between the firewall and the Switch.
NOTE: While using the auot-discovery feature on the interface, this process is done automatically and you need not add the switch manually.
Configuring a Dedicated Uplink:
This configuration allows a given link between the firewall and the switch to be designated as the dedicated uplink set up to carry PortShield traffic corresponding to the connected firewall interface.
This configuration can be used in deployments where a dedicated 1G link is needed for a particular firewall interface. Cases where this configuration is necessary:
- VLANs are used; for example, another switch behind the switch.
- There is a large volume of traffic and there needs to be a separate uplink for this traffic.
The risk associated with such a configuration is using up interfaces on the firewall fairly soon.
In this topology, X2 is used for management connecting to port 23 and X0 has multiple VLAN sub-interfaces with port 3 as the dedicated uplink.
NOTE: For dedicated uplinks to work, the physical link must be connected before being configured.
You can configure a dedicated uplink with or without setting up the common uplink to carry all PortShield traffic for the different firewall interfaces. In both cases, the common uplink is used to manage the switch.
Dedicated Uplink Configuration:
- Navigate to MANAGE | Switch Controller | Overview tab and click on the port which is going to be the dedicated uplink. In this scenario it is port 3.
- Make sure that the port is enabled.
- Port shield this port to X0.
- Enable the toogle switch for 'Dedicated uplink for X0'
- Click OK.
In MANAGE | Switch Controller | Overview | Physical View, two links should now appear between the firewall and the switch.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Email SecurityProtect against today’s advanced email threats
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
