We help IT Professionals succeed at work.

Configure VLANs on Cisco 3560 for SonicPoints on NSA240

brianunc
brianunc used Ask the Experts™
on
We just purchased some SonicPoints and a NSA240 firewall for our network, and are having issues getting the existing Cisco equipment to allow the traffic...our core switch is a Cisco 3560 (10.0.0.2) and we also have a 2821 ISR at 10.0.0.1.  These addresses are on the management VLAN.  The 3560 has a default route to 10.0.0.1, and the 2821 has a default route to 192.168.10.2 (the NSA 240)

Our default LAN (VLAN 100) is 192.168.10.x/24, and we created two new VLANs on the SonicWALL for the second and third virtual APs on the SonicPoints (192.168.40.x/24, VLAN 125 and 192.168.50.x/24, VLAN 150).

The first virtual AP is configured with no VLAN and works like a champ.  The second and third ones are configured on VLANs 125 and 150 respectively and will authenticate clients but don't get a DHCP address and can't pass traffic when given a static IP in the range.

Here's show vlan on the 3560:
1    default                          active    Gi0/3, Gi0/4
100  DATA                             active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Fa0/25, Fa0/27, Fa0/28, Fa0/29
                                                Fa0/30, Fa0/31, Fa0/32, Fa0/33
                                                Fa0/34, Fa0/35, Fa0/36, Fa0/37
                                                Fa0/38, Fa0/40, Fa0/41, Fa0/42
                                                Fa0/43, Fa0/44, Fa0/45, Fa0/46
                                                Fa0/47, Fa0/48
125  Wireless1                        active
150  Wireless2                        active
200  VOICE                            active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Fa0/25, Fa0/26, Fa0/27, Fa0/28
                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32
                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36
                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40
                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44
                                                Fa0/45, Fa0/46, Fa0/47, Fa0/48

Open in new window


Here's how all the interfaces are configured on the 3560:  
switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone

Open in new window


The VLANs are set up properly on the SonicWALL with the same information, and DHCP is set up on the SonicWall.

Thanks for any help, and please let me know if any specific info is needed!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
SouljaSr.Net.Eng
Top Expert 2011

Commented:
I don't see any ports configured for you new vlans?
SouljaSr.Net.Eng
Top Expert 2011

Commented:
The port that the ap is connected to should be switchport access vlan 125 or 150 ?
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Also, what is serving the dhcp addresses? A server, the switch, or the router. You will need to add an ip helper on the vlan interfaces if it is not the switch, but a server or the router.

Author

Commented:
That could definitely be it, I'm way out of my realm of expertise here (Exchange admin).  Would I just need to assign VLANs 125 and 150 to the ports that the SonicPoints are plugged into?  Is the command for that just going into the configuration for the interface and putting in "switchport wireless1 vlan 125" and "switchport wireless2 vlan 150"?

Author

Commented:
The SonicWall is handing out the DHCP addresses (scopes 192.168.40.50-200 and 192.168.50.50-200).
SouljaSr.Net.Eng
Top Expert 2011

Commented:
For the ports connected to the AP's

conf t
interface fa x/x
switchport access vlan 125

interface fa x/x vlan 150


x/x denotes the interface number as I don't know which you have them plugged into.

SouljaSr.Net.Eng
Top Expert 2011

Commented:
sorry:

interface fa x/x
switchport access vlan 150
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Can you post the entire config of the 3560, is this 3560 doing vlan routing?

If you you will need to add:

ip helper-address ipofsonicwall

to the wireless vlan interface  for 125 and 150

Author

Commented:
Sure, happy to...I believe the 2821 is doing vlan routing.  I'll double check and post its relevant config as well if so.
 
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime msec localtime
no service password-encryption
!
!
!
aaa new-model
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
system mtu routing 1500
ip subnet-zero
ip name-server 10.1.1.23
ip name-server 205.152.37.23
ip name-server 205.152.144.23
ip name-server 205.152.132.23
!
!
mls qos map policed-dscp  24 26 46 to 0
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2  1
mls qos srr-queue input cos-map queue 1 threshold 3  0
mls qos srr-queue input cos-map queue 2 threshold 1  2
mls qos srr-queue input cos-map queue 2 threshold 2  4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3  3 5
mls qos srr-queue input dscp-map queue 1 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3  0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3  32
mls qos srr-queue input dscp-map queue 2 threshold 1  16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2  33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2  49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2  57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3  5
mls qos srr-queue output cos-map queue 2 threshold 3  3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3  2 4
mls qos srr-queue output cos-map queue 4 threshold 2  1
mls qos srr-queue output cos-map queue 4 threshold 3  0
mls qos srr-queue output dscp-map queue 1 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3  48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3  56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3  16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3  32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1  8
mls qos srr-queue output dscp-map queue 4 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3  0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint TP-self-signed-1189647232
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1189647232
 revocation-check none
 rsakeypair TP-self-signed-1189647232
!
!
crypto pki certificate chain TP-self-signed-1189647232
 
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
class-map match-all AutoQoS-VoIP-RTP-Trust
  match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
  match ip dscp cs3  af31
!
!
policy-map AutoQoS-Police-CiscoPhone
  class AutoQoS-VoIP-RTP-Trust
   set dscp ef
    police 320000 8000 exceed-action policed-dscp-transmit
  class AutoQoS-VoIP-Control-Trust
   set dscp cs3
    police 32000 8000 exceed-action policed-dscp-transmit
!
!
!
interface FastEthernet0/1
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/2
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/3
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/4
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/5
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/6
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/7
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/8
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/9
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/10
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/11
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/12
 description PRINTER
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/13
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/14
 description PRINTER
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/15
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/16
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/17
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/18
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/19
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/20
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/21
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/22
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/23
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/24
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/25
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/26
 switchport access vlan 20
 switchport voice vlan 200
 speed 100
 duplex full
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/27
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/28
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/29
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/30
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/31
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/32
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/33
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/34
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/35
 switchport access vlan 100
 switchport voice vlan 200
 speed 100
 duplex full
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/36
 switchport access vlan 100
 switchport voice vlan 200
 speed 100
 duplex full
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/37
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/38
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/39
 switchport access vlan 10
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/40
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/41
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/42
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/43
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/44
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/45
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/46
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/47
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface FastEthernet0/48
 switchport access vlan 100
 switchport voice vlan 200
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast
 service-policy input AutoQoS-Police-CiscoPhone
!
interface GigabitEthernet0/1
 description TRUNK to CM2821
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
 description TRUNK to 3560-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan1000
 description MANAGEMENT INTERFACE
 ip address 10.0.0.2 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip http server
ip http secure-server
!
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
!
ntp clock-period 36028921
ntp server 10.0.0.1 prefer
end

Open in new window

SouljaSr.Net.Eng
Top Expert 2011

Commented:
Okay, so you will need to make sure the subinterfaces that pertain to 125 and 150 have ip helpers pointing to the sonicwall that is providing dhcp.
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Another suggestion is that it always better to do the vlan routing through a L3 switch than the "router on a stick" setup. This way the router only needs to deal with traffic going through it and keeps the most of the inter vlan traffic more isolated at the access/distribution layer.

Author

Commented:
Here's the configuration for the 2821 with the call manager code taken out, for the most part (I set DHCP up on it just in case)
version 12.4
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
!
boot-start-marker
boot-end-marker
!
logging buffered 20000
enable secret 
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.50
ip dhcp excluded-address 192.168.20.1 192.168.20.50
ip dhcp excluded-address 192.168.30.1 192.168.30.50
ip dhcp excluded-address 192.168.40.1 192.168.40.50
ip dhcp excluded-address 192.168.50.1 192.168.50.50
!
ip dhcp pool DATA
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1
   dns-server 10.1.1.23 205.152.37.23 205.152.144.23 205.152.132.23
!
ip dhcp pool VOICE
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1
   option 150 ip 192.168.20.1
   dns-server 10.1.1.23 205.152.37.23 205.152.144.23 205.152.132.23
!
ip dhcp pool CL
   network 192.168.30.0 255.255.255.0
   default-router 192.168.30.1
   dns-server 10.1.1.23 205.152.37.23 205.152.144.23 205.152.132.23
!
ip dhcp pool wireless1
   network 192.168.40.0 255.255.255.0
   default-router 192.168.40.1
   dns-server 10.1.1.23 205.152.37.23 205.152.144.23 205.152.132.23
   
!
ip dhcp pool wireless2
   network 192.168.50.0 255.255.255.0
   default-router 192.168.50.1
   dns-server 10.1.1.23 205.152.37.23 205.152.144.23 205.152.132.23
!
!
ip name-server 205.152.37.23
ip name-server 205.152.144.23
ip name-server 205.152.132.23
ip reflexive-list timeout 120
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
archive
 log config
  hidekeys
!
!
ip tftp source-interface GigabitEthernet0/0.200
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1
!
!
!
bba-group pppoe global
!
!
interface Loopback0
 ip address 10.1.1.23 255.255.255.255
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface GigabitEthernet0/0
 no ip address
 ip virtual-reassembly
 duplex auto
 speed auto
 no keepalive
!
interface GigabitEthernet0/0.100
 description DATA
 encapsulation dot1Q 100
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface GigabitEthernet0/0.125
 description WIRELESS1
 encapsulation dot1Q 125
 ip address 192.168.40.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface GigabitEthernet0/0.150
 description WIRELESS2
 encapsulation dot1Q 150
 ip address 192.168.50.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface GigabitEthernet0/0.200
 description VOICE
 encapsulation dot1Q 200
 ip address 192.168.20.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface GigabitEthernet0/0.300
 description CL
 encapsulation dot1Q 300
 ip address 192.168.30.1 255.255.255.0
 ip access-group 102 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface GigabitEthernet0/0.1000
 description MANAGEMENT SUB-INTERFACE
 encapsulation dot1Q 1000
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface ATM0/2/0
 no ip address
 shutdown
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
!
interface ATM0/2/0.1 point-to-point
 shutdown
 no snmp trap link-status
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface Service-Engine1/0
 description Cisco Unity Express Voicemail Network Module
 ip unnumbered GigabitEthernet0/0.200
 service-module ip address 192.168.20.2 255.255.255.0
 service-module ip default-gateway 192.168.20.1
!
interface Dialer1
 description This Dialer will be removed after the DSL modem is proved to be stable
 mtu 1492
 ip address negotiated
 ip access-group inboundfilters in
 ip access-group outboundfilters out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 ppp authentication chap pap callin
 ppp chap hostname 
 ppp chap password 7 
 ppp pap sent-username 
 crypto map clientmap
!
ip route 0.0.0.0 0.0.0.0 192.168.10.2
ip route 192.168.20.2 255.255.255.255 Service-Engine1/0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http path flash:
ip dns server
ip nat inside source list 100 interface Dialer1 overload
!
ip access-list extended inboundfilters
 permit esp any any
 permit udp any any eq non500-isakmp
 permit udp any any eq isakmp
 permit udp host 198.82.1.201 host 65.15.235.83 eq ntp
 permit udp host 128.59.59.177 host 65.15.235.83 eq ntp
 permit udp host 205.152.37.23 host 65.15.235.83 eq domain
 permit udp host 205.152.144.23 host 65.15.235.83 eq domain
 permit udp host 205.152.132.23 host 65.15.235.83 eq domain
 evaluate tcptraffic
 evaluate udptraffic
 evaluate icmptraffic
 deny   ip any any log
ip access-list extended outboundfilters
 permit tcp any any reflect tcptraffic
 permit udp any any reflect udptraffic
 permit icmp any any reflect icmptraffic
!
access-list 100 remark NAT Internet but not VPN
access-list 100 deny   ip 192.168.10.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 deny   ip 192.168.20.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 deny   ip 192.168.30.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 deny   ip 192.168.40.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 deny   ip 192.168.50.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 deny   ip 10.0.0.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 deny   ip host 10.1.1.23 192.168.90.0 0.0.0.255
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.20.0 0.0.0.255 any
access-list 100 permit ip 192.168.30.0 0.0.0.255 any
access-list 100 permit ip 192.168.40.0 0.0.0.255 any
access-list 100 permit ip 192.168.50.0 0.0.0.255 any
access-list 100 permit ip 10.0.0.0 0.0.0.255 any
access-list 100 permit ip host 10.1.1.23 any
access-list 101 remark Match crypto for VPN
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 101 permit ip 192.168.30.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 101 permit ip 192.168.40.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 101 permit ip 192.168.50.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 101 permit ip 10.0.0.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 101 permit ip host 10.1.1.23 192.168.90.0 0.0.0.255
access-list 102 remark Deny CL access to other VLANs
access-list 102 deny   ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 log
access-list 102 deny   ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255 log
access-list 102 deny   ip 192.168.30.0 0.0.0.255 192.168.40.0 0.0.0.255 log
access-list 102 deny   ip 192.168.30.0 0.0.0.255 192.168.50.0 0.0.0.255 log
access-list 102 deny   ip 192.168.30.0 0.0.0.255 10.0.0.0 0.0.0.255 log
access-list 102 permit udp any any range bootps bootpc
access-list 102 permit ip 192.168.30.0 0.0.0.255 any
!
!
!
line con 0
line aux 0
line 66
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output all
line vty 0 4
 transport input ssh
!
scheduler allocate 20000 1000
ntp clock-period 17179583
ntp master 15
ntp server 198.82.1.201 prefer
ntp server 128.59.59.177

!
webvpn cef
!
end

Open in new window

SouljaSr.Net.Eng
Top Expert 2011

Commented:
Oh, so the router is doing the dhcp. If that's the case I don't think you need to change anything on the router.

Author

Commented:
Thanks, I think this should take care of it.  Last question (hopefully)...can the subinterfaces only have one switchport access command applied to them, or can I apply both switchport access vlan 125 and switchport access vlan 150 on the same subinterface so the virtual interfaces on the SonicPoint will function?
SouljaSr.Net.Eng
Top Expert 2011

Commented:
No the switch access vlan command gets applied to the 3560 port that connects to the AP. Nothing needs to be done on the 2800 router.

Author

Commented:
Right - so I need to define both 125 and 150 on these ports (on the 3560), but switchport access only allows one VLAN.  Would it work to do...

switchport access vlan 125
switchport voice vlan 150

?
Sr.Net.Eng
Top Expert 2011
Commented:
No, for the AP that you want to use vlan 125, configure switch access vlan 125. For the port that has the AP that will use 150 configure switchport access vlan 150 on, not both.

Author

Commented:
Thanks for your help!!