Avatar of computerconcepts
Flag for United States of America asked on

How to set up segmented network using SonicWall and VLAN

I have the need to separate the traffic from a single department.  I have a VLAN set up on a Netgear switch and the new subnet DHCPs off the SonicWall.  The DHCP scope lists the Domain Controller as DNS1 and openDNS for the other 2.  I can log in to the existing domain from a workstation that is on the new VLAN subnet but it doesnt like it.  System Event log is showing a NETLOGON error:
Log Name:      System
Source:        NETLOGON
Date:          8/5/2011 2:01:59 PM
Event ID:      5719
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      workstation.ourdomain.local
This computer was not able to set up a secure session with a domain controller in domain OURDOMAIN due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

I can connect to Exchange, browse file shares but this workstation is not accessible from the original subnet.  When i go to add a domain user to my local admin group it only looks locally...the "From this location" section only lists the local PC and not the domain.  I need to be able to share files accross both subnets.  

Please let me know if you need more info.  

Windows Networking

Avatar of undefined
Last Comment

8/22/2022 - Mon

Is Sonicwall doing the routing for you or is the netgear? If the Sonicwall did you create an extra zone for both subnets? If so did you open the firewall access-list to allow traffic both ways?

Oh Is the firewall on on your workstation?


The sonicwall is handing out DHCP for the VLAN subnet only.  I have a route configured for the VLAN interface (X6) to use the X1 default GW.  SBS2008 is handling DHCP/DNS for the primary subnet. No new zones in the SonicWall. Only entries in firewall are what the SonicWall auto-configured when i set up the X6 interface (HTTPS and HTTP management LAN-LAN).

Ya know, the Windows firewall is on...what do i need to open there?  It's Win7 x64

Disable it for domain and private.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

Do they have separate ip subnets?

i cant disable it, GP controlled.  I can create exclusions.  

Yes, separate subnets:
Primary = 192.168.5.x

VLAN secondary = 10.0.5.x

Anyone have any other ideas?  I added firewall rules int he SonicWall and now I I can access the PC on the 10.0.5x subnet. But i still get the authentication errors in eventlog.

I can even add my domain user account as a local admin on the 10.0.5.x PC now but still the eventlog errors.

I get the error stated above and I also get this error:
Log Name:      Microsoft-Windows-Dhcp-Client/Admin
Source:        Microsoft-Windows-Dhcp-Client
Date:          8/12/2011 11:01:27 AM
Event ID:      1002
Task Category: Address Configuration State Event
Level:         Error
User:          LOCAL SERVICE
Computer:      YOURPC.yourdomain.local
The IP address lease for the Network Card with network address 0x001FE2661B01 has been denied by the DHCP server (The DHCP Server sent a DHCPNACK message).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}" />
    <TimeCreated SystemTime="2011-08-12T16:01:27.613200000Z" />
    <Correlation />
    <Execution ProcessID="888" ThreadID="1164" />
    <Security UserID="S-1-5-19" />
    <Data Name="Address1">991166474</Data>
    <Data Name="HWLength">6</Data>
    <Data Name="HWAddress">001FE2661C07</Data>
    <Data Name="Address2">0</Data>

I'm sure I just havent set something up right but I don't know if i should start with the SonicWall or the SBS 2008 server that is the normal subnet's DC, DNS and DHCP server.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Please close this ticket as no activity for a while.  Thanks!