Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

How to Configure Common and Dedicated Uplinks on SonicWall switch?

06/10/2020 16 People found this article helpful 85,771 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This KB explains the difference between the common uplink and dedicated uplink and how they can be configured.

    Resolution

    Connecting the Switch Management Port to a Firewall:
    The interface connected to the management port of the switch must have an IP address from the same subnet as the switch. For example, if the management connection between the switch and the firewall is through X2, then X2 must have an IP address from the same subnet, such as 192.168.0.10. The default switch IP address is 192.168.0.239.
    All port-based configuration operations are disabled on the switch port designated as the switch management and switch uplink ports. This action ensures that configuration operations on these critical ports do not lead to switch-reachability issues jeopardizing the integration solution.

    Configuring a Common Uplink:
    SonicWall switches can be managed by the firewall, thereby providing a unified management option. The common uplink configuration allows a single link between the firewall and the switch to be designated as the uplink that carries all PortShield traffic, both management and data. Both the firewall and switch ports are configured as trunk ports for carrying tagged traffic for VLANs corresponding to all the firewall interfaces. The
    VLAN tag of the traffic is used to associate the traffic to the PortShield group to which it belongs through the application of IDV (Interface Disambiguation via VLAN).
    The advantage of such a deployment option is to separate a set of firewall/switch ports that are not being used for management traffic. The disadvantage is that a high amount of data traffic can penalize forwarding of management traffic as the same link is shared for both types of traffic.

    The diagram, Common Uplink Topology, shows a typical integration topology of a firewall with a SonicWall switch:

    • The firewall uplink interface is X4.
    • The switch uplink interface is 1.

    This uplink between X2 on the firewall and port 1 on the switch is a common link set up to carry PortShield traffic between H1 / H2 and H3 / H4. The uplink is also the one on which the switch is managed by the firewall.
    In such a configuration, X4 is configured in the same subnet as the IP of the switch. Also, X4 is configured as the firewall uplink.

    Image


    Common link Configuration:

    1. Set up the firewall port X4 with the same IP subnet as the switch management port. We have configured X4 as 192.168.0.1/24.
    2. Navigate to MANAGE | Network | DHCP Server and make sure that a DHCP scope is available for X4.
    3. Setup the DHCP lease to cover the switch management IP address. The default IP address for the switch management interface is 192.168.0.239 so the range of DHCP scope settings shown in Setting DHCP Scope includes this.
      Image


    4. Add the switch to the network as described by navigating to MANAGE | Switch Controller | Overview. The  Add Switch button will appear in Physical View, List View, and VLAN View.
    5. When the dialog box appears, set the Switch Uplink and Switch Management port to 1 and the firewall Uplink to X4.
      Image


    6. In MANAGE | Switch Controller | Overview | Physical View, a single link should now appear between the firewall and the Switch.
      Image

      NOTE: While using the auot-discovery feature on the interface, this process is done automatically and you need not add the switch manually.


    Configuring a Dedicated Uplink:
    This configuration allows a given link between the firewall and the switch to be designated as the dedicated uplink set up to carry PortShield traffic corresponding to the connected firewall interface.
    This configuration can be used in deployments where a dedicated 1G link is needed for a particular firewall interface. Cases where this configuration is necessary:

    • VLANs are used; for example, another switch behind the switch.
    • There is a large volume of traffic and there needs to be a separate uplink for this traffic.

    The risk associated with such a configuration is using up interfaces on the firewall fairly soon.

    In this topology, X2 is used for management connecting to port 23 and X0 has multiple VLAN sub-interfaces with port 3 as the dedicated uplink.

    Image

    NOTE: For dedicated uplinks to work, the physical link must be connected before being configured.

    You can configure a dedicated uplink with or without setting up the common uplink to carry all PortShield traffic for the different firewall interfaces. In both cases, the common uplink is used to manage the switch.

    Dedicated Uplink Configuration:

    1. Navigate to MANAGE | Switch Controller | Overview tab and click on the port which is going to be the dedicated uplink. In this scenario it is port 3.
    2. Make sure that the port is enabled.
    3. Port shield this port to X0.
    4. Enable the toogle switch for 'Dedicated uplink for X0'
    5. Click OK.
      Image


    6. In MANAGE | Switch Controller | Overview | Physical View, two links should now appear between the firewall and the switch.
      Image

    Related Articles

    • How to upgrade SonicWall Switch Firmware from Switch UI?
    • Daisy chain mode using SonicWall Switches
    • Issue: Unable to access management of switch due incorrect VLAN membership on the switch ports in Switch Policy

    Categories

    • Switches > Networking

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:a39913c6a0ef126b3331d1fb2ef6d8e7-77