Solved

Sonicwall to Sonicpoints thru Netgear GS724tv3 switches.

Posted on 2010-08-18
51
2,507 Views
Last Modified: 2012-10-10
Hi all,

I need to find a solution - I have two NetGear GS724tv3 switches that are not trunked together,
just a single CAT5 connects them.  Our internet connection is just a Sonicwall PRO 4060, which
is connected to the server room switch.  We'd like to install two Sonicpoint WAPs to an open
interface on the Sonicwall, and have internet for our admin people and guests without their
traffic seeing our internal LAN, except for the employees - they would VPN in like they were
connecting for home/outisde location.

Can this be done?  I know Sonicwall says yes, but cannot explain how to do so clearly on their
PRO 4060.  I think I got 90% there, as I can see the one Sonicpoint when directly connecting it to
the port on the Sonicwall - but it does not give an IP out so unless so far.  What is missing?

And the second part is - how do I configure the VLAN on the NetGear, and get that second switch
to make a port part of this VLAN on switch1?
0
Comment
Question by:Woggy64
  • 26
  • 25
51 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33476283
I've done this multiple times.  It can get confusing if you as you must create sonicpoint virtual profiles in order to have two SSIDs (admin and guest).  Additionally, you must create a VLAN for each.  I can help you with this.  What have you configured thus far on the sonicwall?  Here is an article that I use regularly when setting up multiple virtual profiles.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5798

Which sonicpoints do you have?  The new ones do NOT come with a power supply so you must use a PoE switch or purchase a PoE injector.  If you have an injector, it might be easier to get an inexpensive swtich to connect the sonicpoints to the WLAN interface on the sonicwall.  If you don not, then you'll need to carve out a couple of ports that support the two VLANs (guest and admin) that you'll create on the sonicwall.  The key to the VLANs on the switch is to remove those ports from the default VLAN and tag them as members of both VLANs that you create on the switch.  When you get that far, I can help you set those up.
0
 

Author Comment

by:Woggy64
ID: 33476864
I've only configured the X5 interface on the 4060 for wireless and named the SSID and assigned it an IP address.   Which I know much more is needed to be done to get it going.

But my concern is the second Sonicpoint (they are the new ones -SonicpointNs with the power injector - can this be off a different Netgear switch in another part of the building?   Our concern is getting this second location in the same VLAN with the NetGear switch in the server room.

0
 

Author Comment

by:Woggy64
ID: 33476902
And thanks for the link.  I'm going to follow it thru and respond.   It looks like what I need (and now I wonder why Sonicwall support could not have just sent me this).  Thanks!
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 33

Expert Comment

by:digitap
ID: 33477054
The link is top secret, so please share it with your friends!!

Do all your switches terminate in the same location?  You mentioned an uplink between your two switches.  Are the two switches not in the same area of the building?

If not, then what I think you'll need to do is make the uplink an untagged member of the sonicwall VLANs.  This way, they'll pass the traffic, but not let it mingle with the default VLAN traffic which is your LAN traffic.  We may just need to read through the netgear manual re: the VLAN stuff.
0
 

Author Comment

by:Woggy64
ID: 33477402
That's it - the second switch (and Sonicpoint) will be in the middle of the plant, and that's the one question I had - whether that switch could pass traffic to the VLAN to the Sonicwall/Sonicpoint setup on the switch in the server room.    And this is the only switch in this location, so it's first duty is the equipment in those offices, but needed to see if a single port on that switch would be able to be part of the VLAN on the first switch, leaving the other ports on our regular LAN.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33477476
In general, if a port is a tagged member of a VLAN, it will see that traffic.  If it's an untagged member of a VLAN, it'll just pass that traffic.  Check out page 74 of the manual to see how to configure a VLAN, membership and tagging for a port or multiple ports.  The VLAN section is on page 74 of the PDF.  I'm heading to lunch, but quickly looked at the manual and it's implementing a standard VLAN and not same crazy variation of it.

ftp://downloads.netgear.com/files/GS716Tv2_GS724Tv3_usermanual.pdf
0
 

Author Comment

by:Woggy64
ID: 33478291
Thanks - I haven't ventured that far out yet to the NetGear section.  I'm folowing the Sonic Wall info and believe I followed it point by point.   But while I'm now able to connect to the SonicpointN with my notebook and get an IP from it, I don't get anywhere, like internet access.   About to try local LAN resource to see if I get them (servers, printer, etc.).

I figured I'd setup the Sonicpoint seperately, check their performance, then add the NetGear VLANs and move the Sonicpoint out to their location after that.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33478413
make sure you get the firewall access rules setup properly...i can't remember if thats part of the instructions.  also, check the dns settings of the wlan dhcp scope and make sure the wireless host is getting a good dns server.
0
 

Author Comment

by:Woggy64
ID: 33481061
Not part of the instructions, but doing a search for the intructions now.   I gather this needs the outside DNS?  Not our internal DNS & WINS servers?
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33481117
you'll want to use the internal dns for the admin vlan and a public dns for the guest vlan...something like 4.2.2.2 is what i use often.
0
 

Author Closing Comment

by:Woggy64
ID: 33487045
Perfect, exactly the information I needed to complete this - up and running now.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33487058
Great!  If you have questions about the VLAN stuff, just post back to this question.  Thanks for the points!
0
 

Author Comment

by:Woggy64
ID: 33502513
Ok, all weekend I tired do the VLANs on the Netgear, but no dice.   If I plug the SonicpointN's directly into the X5 interface, they work.  
0
 
LVL 33

Expert Comment

by:digitap
ID: 33502577
OK...initially, you'll have two ports configured on the switch where the sonicwall and sonicpoint connect.  Create two VLANs naming them with the VLAN IDs you used on the sonicwall.  You want to make both ports "tagged" AND "members" of both VLANs.  You want to remove any tag or membership for these two ports from the default VLAN.  The idea here is you are making a virtual switch out of these ports using VLANs where, normally, you would have used a physical switch.

Configure this on the switch, connect the sonicwall's X5 port and the one Sonicpoint to the designated switch ports.  Let's get this working then we'll worry about the other sonicpoint on the other switch over the uplink...OK?
0
 

Author Comment

by:Woggy64
ID: 33503309
Ok, this is where I may have gone wrong - I created a single VLAN and placed all three ports on this switch that were to be for the Sonicwall.  Port 2, 3 & 4 on the Netgear were tagged as members of VLAN5.    Port 2 was coming in from the sonicwall, and then I had both sonicpoints in the other two (I will eventually have three sonicpoint - but third will be later and using this port).

So, I need seperate VLANs for each port for this?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33503458
You need a VLAN for each virtual sonicpoint that you create.  You want an Admin and a Guest.  In order to get the appropriate IP address for whichever you connect to, you need to have a VLAN assignment for each.  When you are viewing the Network > Interfaces, you'll add an interface to X5 (which should be assigned the WLAN zone).  When you do this, you'll give it a VLAN ID and the appropriate IP subnet assignment.  When you finish adding the new interface, the Sonicwall will create a new DHCP scope assigned to this VLAN interface.  If you want to assign a laptop to the guest network, then they merely authenticate to the guest virtual sonicpoint and will get an IP assigned by that respective DHCP server.  In order for the switch to allow assigning an IP on either the Admin or Guest, all the ports on the switch must be a member and tagged for both VLANs.

The VLAN IDs you assign the Guest and Admin interfaces, should be what you use when you create the VLANs on the switch.

It's confusing.  I've always used a separate physical switch for my sonicpoints, but I recently upgraded a client and installed a PoE switch.  I had to call Sonicwall support to get the VLAN configuration steps.
0
 

Author Comment

by:Woggy64
ID: 33505618
Ah, you're talking about the Sonicwall, while I am lost on the VLAN configuration on the Netgear switches.

For the Netgear - I only need to create a single VLAN and tag those three port I need on this VLAN in my server room, then worry about the one port on the remote switch.  Sound right?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33505755
Have you created the two VLANs on the sonicwall yet?  If so, you'll want to create those two not just the one.  See the screen shot below.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33505761
oops...forgot screen shot.
greenshot-2010-08-23-16-17-17.jpg
0
 

Author Comment

by:Woggy64
ID: 33506081
Ok, two VLANs done on the sonicwall.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33506095
OK...now, how are your sonicpoints configured?  do you have a VAP for guests and a VAP for Admin?
0
 

Author Comment

by:Woggy64
ID: 33506231
Yes, WLAN-Guest and WLAN-Corp
0
 
LVL 33

Expert Comment

by:digitap
ID: 33506277
OK...what VLAN IDs have you assigned the two interfaces on your sonicwall?  Have you created any VLANs on your switch yet?
0
 

Author Comment

by:Woggy64
ID: 33506316
X5 is the WLAN
X5:V50 is WLAN-Corp
X5:V55 is WLAN-Guest

On the Netgear, I created VLAN5 and tagged ports 2,3, & 4 as VLAN5 members (I think)
0
 
LVL 33

Expert Comment

by:digitap
ID: 33506398
On the netgear, you need to create two VLANs.  Name them 50 and 55.  Then, make ports 2, 3, and 4 tagged members of both VLANs 50 and 55.

I'm getting ready to head home for the day, so my responses my become spotty.
0
 

Author Comment

by:Woggy64
ID: 33506418
Ok, I'm grateful for all the help.

I think I should be able to do this on these switch, but would I create a port on the remote switch and then tag it to the same VLAN numbers from the server room switch?  i.e a single port on remote switch with both VLANs tagged to that port?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33506435
On the other switch, you'll create the same two VLANs and configure a single port as you have done with the other switch.  Additionally, the port that provides the uplink on both switches, you'll want to make the uplink ports UNTAGGED members of both VLANs.
0
 

Author Comment

by:Woggy64
ID: 33506446
Great, thank you so much.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33506456
you bet...talk to you soon and good luck!
0
 

Author Comment

by:Woggy64
ID: 33507226
100% up and running now, on both Sonicpoints.

I did discover there was another Netgear switch in between the IDF & MDF, so I configured that switch's uplink ports to be untagged in both of the VLANs.

Thank you very much!  
0
 
LVL 33

Expert Comment

by:digitap
ID: 33507340
You're welcome!  These things can be complicated enough...glad I could help you sort it out.
0
 

Author Comment

by:Woggy64
ID: 33513098
Guess I spoke too soon.   The remote Sonicpoint, while it talks to the Sonicwall, it's not passing traffic from the notebooks, they'll connect but limited access (basically they connect then get no further).

I did swap the Sonicpoints, and the proble stays at the remote side, not with the Sonicpoint.

Weird - becuase the sonicpoint will boot, get an ip from the sonicwall, and then you can manage it from the sonicwall.  

It's got to be something on the sonicwall itself then?
0
 

Author Comment

by:Woggy64
ID: 33514455
Confirmed the Sonicwall & Sonicpoints are ok - all work off the same switch in the server room.

New thread/topic for this now?  It's solely a NetGear issue now.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33514792
yes...sorry, i'm back now.  it would be a netgear issue.  what ip do your sonicpoints get on the switch that connect via the uplink?
0
 

Author Comment

by:Woggy64
ID: 33516094
The sonicpoints themselves get an 172.16.31.247 & 172.16.31.248 as the WLAN interface on the Sonicwall is set for 172.16.31.1.

It has me wondering, as when I connect the Sonicpoint out on the remote switch, I can watch is boot on the Sonicwall and get an IP on the 172.16.31.XX scheme.   But just does not seem to work, but when I walk it bvack to the server room and connect into the extra port in the VLAN, it works just fine.   If I disco the other Sonicpoint and walk it back, I can also watch it boot up and connect on the Sonicwall, but again - no access after connecting to it with a notebook.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33516251
Ok...when you connect the sonicpoint to the WLAN interface, what IP address is it getting?

What I'm proposing is the two VLANs for admin and gues are NOT being routed properly over the uplink.  i'll need to review my switches here to confirm i've got the correct tag/untagged/membership combination right.  give me some time.  coming up on the end of the day and i have to finish some "job" related stuff....you know, the part of my life that pays the bills...>GRIN<!
0
 

Author Comment

by:Woggy64
ID: 33516298
LOL - I'm thinking - do I need three VLANs on the Netgear switches?   Once for the actual hardware (172.16.31.XX network), then the original other two VLANs for the Virtual VLANs (the corp 172.16.50.XX and the guest 172.16.55.XX)?

The sonicpoints themselves get a 172.16.31.XX address, from the X5 interface on the Sonicwall, which is set to 172.16.31.XX
0
 
LVL 33

Expert Comment

by:digitap
ID: 33516366
Yes, you are correct sir.  I just reviewed my switch.  I have three VLANs configured.  I have attached a screen shot.  I created a VLAN 500 and made the designated ports untagged members of those ports.  Since I havn't marked the default WLAN traffic as VLAN 500, I don't want to tag it.  The other ports, I make them tagged members of my two VLANs, 21/22.  So, your uplink ports will need to untagged members of all the VLANs they need to pass traffic for.  On the uplink switch, you'll make your single port a tagged member of both VLANs and an untagged member of the default WLAN traffic.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33516371
oops...screen shot.
greenshot-2010-08-24-16-57-52.jpg
0
 

Author Comment

by:Woggy64
ID: 33516723
When you say uplink switch, you talking about the switch in the server room that connects to the Sonicwall X5 interface? (Sorry - long day - brain is about dead here:P)
0
 
LVL 33

Expert Comment

by:digitap
ID: 33516797
no, it's the switch that the single sonicpoint will connect to that's located away from the server room...no worries, feel the same
0
 

Author Comment

by:Woggy64
ID: 33517064
MDF Switch:
      VLAN31-Sonicwall WLAN:

      Port02-Untagged      -goes to X5 interface on Sonicwall
      Port03-Untagged      -goes to Sonicpoint
      Port04-Untagged      -empty (future use Sonicpoint)
      Port05-Untagged      -goes out to Port01 on IDF-2 Switch

      VLAN50-WLAN-Corp:

      Port02-Untagged
      Port03-Tagged
      Port04-Tagged
      Port05-Untagged

      VLAN55-WLAN-Guest:

      Port02-Untagged
      Port03-Tagged
      Port04-Tagged
      Port05-Untagged

IDF-2 switch:

      VLAN31-Sonicwall WLAN:

      Port01-Untagged      -goes to MDF Switch Port05
      Port03-Untagged      -goes to IDF-4 Switch Port01

      VLAN50-WLAN-Corp:

      Port01-Untagged
      Port03-Untagged

      VLAN55-WLAN-Guest:

      Port01-Untagged
      Port03-Untagged

IDF-4 switch:

      VLAN31-Sonicwall WLAN:
      
      Port01-Untagged      -goes to IDF-2 Switch Port03
      Port02-Untagged      -goes to Sonicpoint

      VLAN50-WLAN-Corp:
      
      Port01-Untagged
      Port02-Tagged

      VLAN55-WLAN-Guest:
      
      Port01-Untagged
      Port02-Tagged

Should it look like this?   I'm still not working on the far end, but about to confirm these are the settings on all three switches.
0
 

Author Comment

by:Woggy64
ID: 33517350
Sorry - correction to the above - on MDF Switch VLAN50 & VLAN55 Port02 is tagged, not untagged.

This has the one sonicpoint on this switch up and out to the internet.   The sonicpoint on IDF-4 switch Port02 still not sending out to the internet, it just connects to the notebook and nothing else - yet I can see the connection on the sonicwall for this notebook.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33517986
So, your laptop is getting an IP address?  Which switch is routing the sonicpoint traffic properly?
0
 

Author Comment

by:Woggy64
ID: 33518215
Laptop is getting correct IP.  Sonicpoint in mdf switch works but not remote sonicpoint.   But each sonicpoint will issue good IP.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33522140
You've been referencing just two switches, but I see three switches in your VLAN configuration.  I'm getting confused by that.

So, laptops getting an IP on the MDF (main switch in the server room where the sonicwall is) can ping local hosts and get to the Internet, right?

Laptops that are connecting to sonicpoints on the remote switches are getting a proper IP address, but are not routing....essentially, they can't get to the Internet and are not able to ping local hosts, right?

Are all the switches the same model?
0
 

Author Comment

by:Woggy64
ID: 33522788
All the switches are NetGear GS724Tv3's.   I found the third switch while tracing the cabling (nothing was marked/labeled - and they have no map of anything here).

Everything wired in the MDF, and other IDFs, work just fine.   And the one Sonicpoint that connects in the MDF works as planned on the guest WiFi - they get out to the internet with no local access.   It's the remote Sonicpoint that while I can see it on the Sonicwall admin interface and see client notebooks connect to it - it does not let them out on the internet (or anywhere).

Yet I can disco the working Sonicpoint, walk it back to the remote IDF, swap it out with the other and see it bootup on the sonicwall and clients connect, but no internet.  I walk the remote sonicpoint up to the MDF, connect it to the switch in there, and can see it bootup and clients connect and get out on the internet.

Something in the way I have configured the VLANs is stopping this traffic on the 172.16.50.XX (corp) and 172.16.55.XX (guest) VLANs, but the 172.16.31.XX VLAN is working out to the remote side.  Which is why I can talk to the sonicpoint itself (on 31.XX), but the client notebooks can not pass traffic thru it to the MDF switch on those two VLANs (55.XX & 50.XX).

0
 

Author Comment

by:Woggy64
ID: 33563282
I got it now - was confused on the tagging vs untagging and had a few backwards.   Here is the correct
configuration that works for me now:

MDF Switch:
      VLAN31-Sonicwall WLAN:

      Port02-Untagged      -goes to X5 interface on Sonicwall
      Port03-Untagged      -goes to Sonicpoint
      Port04-Untagged      -empty (future use Sonicpoint)
      Port05-Untagged      -goes out to Port01 on IDF-2 Switch

      VLAN50-WLAN-Corp:

      Port02-Untagged
      Port03-Tagged
      Port04-Tagged
      Port05-Tagged

      VLAN55-WLAN-Guest:

      Port02-Untagged
      Port03-Tagged
      Port04-Tagged
      Port05-Tagged

IDF-2 switch:

      VLAN31-Sonicwall WLAN:

      Port01-Untagged      -goes to MDF Switch Port05
      Port03-Untagged      -goes to IDF-4 Switch Port01

      VLAN50-WLAN-Corp:

      Port01-Tagged
      Port03-Tagged

      VLAN55-WLAN-Guest:

      Port01-Tagged
      Port03-Tagged

IDF-4 switch:

      VLAN31-Sonicwall WLAN:
     
      Port01-Untagged      -goes to IDF-2 Switch Port03
      Port02-Untagged      -goes to Sonicpoint

      VLAN50-WLAN-Corp:
     
      Port01-Tagged
      Port02-Tagged

      VLAN55-WLAN-Guest:
     
      Port01-Tagged
      Port02-Tagged

0
 
LVL 33

Expert Comment

by:digitap
ID: 33564143
Sorry...I didn't see your post on 8/25.  I thought you'd given up the quest all together...glad to see you stuck it out and got it working!  You're config looks perfect!
0
 

Author Comment

by:Woggy64
ID: 33569157
LOL - thanks for the help.  I had no choice but to make it work :)  

You gave me enough information, I just had to re-read it and think about it.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33569221
yes...VLANs can be complicated especially if you span multiple switches.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question