Solved

Sonicpoint N 2 SSID setup on Dell Powerconnect 6224

Posted on 2011-09-09
10
1,667 Views
Last Modified: 2012-05-12
I have a Sonicwall TZ-210 Wireless n setup for sonicpoints.
X6 is configured for dual SSID with VLAN 100 and 200 (100 public, 200 Private)
Sonicpoints work great when directly connect to the Sonicwall.
I am using PowerConnect 6224 here is my configuration:
console#show running-config
!Current Configuration:
!System Description "Dell PowerConnect"
!System Software Version 1.0.0.27
!
configure
vlan database
vlan 10,100,200
exit
stack
member 1 2
exit
ip address 192.168.1.25 255.255.255.0
interface vlan 10
name "Sonicwall VLAN"
exit
interface vlan 100
name "ChurchPublic"
exit
interface vlan 200
name "ChurchPrivate"
exit
username "admin" password level 15 encrypted
!
interface ethernet 1/g39
description 'Connect to Sonicwall Port'
exit
!
interface ethernet 1/g41
no negotiation
description 'AP in Hallway'
spanning-tree cost 20000
spanning-tree portfast
switchport mode general
switchport general pvid 10
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 10 untagged
switchport general allowed vlan add 100 untagged
switchport general allowed vlan add 200 untagged
switchport general allowed vlan remove 1
exit
!

interface ethernet 1/g42
descripttion Not in use at the moment
switchport mode trunk
switchport trunk allowed vlan remove 1
exit
!
interface ethernet 1/g43
description 'Sonicwall Wireless (6X) connection'
switchport mode general
switchport general pvid 10
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 10 untagged
switchport general allowed vlan add 100 untagged
switchport general allowed vlan add 200 untagged
switchport general allowed vlan remove 1
exit
!
interface ethernet 1/g48
description 'Goes to CLC'
switchport mode trunk
switchport trunk allowed vlan add 10
switchport trunk allowed vlan add 100
switchport trunk allowed vlan add 200

exit
exit

I can see the SSID when connected to the powerconnect, however I am not able to receive a DHCP address or when assigned IP manually on a laptop fails as well.
I am missing something in my configuration, please let me know what.
Thank you for your time.
0
Comment
Question by:IDSNET
  • 5
  • 3
  • 2
10 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
Excuse me if you have already done this but it's not clear in the description: sonicwall tz doesn't do vlans. So you need to have a cable from sonicwall to the switch for each vlan you want to have rules for in the sonicwall. Each cable only let's one vlan into the sonicwall.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
Um, the TZ-210 does do VLANs. It sounds like the switch isn't configured properly to handle the VLAN traffic. Make sure the ports on the switch that the SP and the SW are connected to are tagged members of your VLANs (100 and 200). Did you create the additional VLANs on the Interface of the SW or did you add just one?
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
My bad, they added it in 5.8 this year.
http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=RN&id=2&dl=1

I'm runnin an older version. Any chance you are too?
0
 

Author Comment

by:IDSNET
Comment Utility
Thank you digitap, from the configuration above, I do have two vlans create 100 and 200, both are assigned on port 43 (coming from Sonicwall x6) and 41 (going to Sonicpoint N) Port 48 is trunk to another switch in a different building. With Powerconnect I am confused about tagged and untagged.

interface ethernet 1/g41
no negotiation
description 'AP in Hallway'
spanning-tree cost 20000
spanning-tree portfast
switchport mode general
switchport general pvid 10
no switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 10 untagged
switchport general allowed vlan add 100 untagged
switchport general allowed vlan add 200 untagged
switchport general allowed vlan remove 1
exit

Should the ports be general?  Should the vlan add 100 be tagged or untagged?
switchport general pvid what should that be set at? If i set it at 100 , sonicwall sets it up as x6:100 and not X6(WLAN).  Sonicwall support was of little support, and the customer does not have pro support on Dell switches.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
I'd have to fudge my way through the Dell config as I don't have experience with them. Re the SW, how did you setup the public and private wireless networks? Did you use these instructions?

Corp - http://bit.ly/ofjMBb
Guest - http://bit.ly/pfiJUX

I suppose if the SW isn't configured properly from this perspective, then traffic won't flow right.

Re your Dell switch, you should have the ports the SW and SP devices connect to as ONLY tagged members of the VLANs you created on the SW. You should drop all other VLANs from those ports.

0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:IDSNET
Comment Utility
Yes, I had it that way, without vlan 10. But the sp still failed trying to connect via wireless, sw to sp seems to be working.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
Consider this:

"...you have to put the Port Mode to General, and then Frame Type to Admit All. You can then set the PVID (which is ignored) and then set one VLAN as untagged and further VLANs as tagged."

I don't know if that makes sense to you. I don't have a Dell interface so I can't poke around to make sense of it. I found this here:

http://wiki.xdroop.com/space/dell/power+connect+6224/vlan+configuration
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
Comment Utility
Also, consider this:

"Update: Finally realized what the problem was, and it was indeed an issue with the switch. Apparently "general" mode on Dell switch ports, though quite similar to the "trunk" mode on Cisco switches, actually strips the VLAN tags on outgoing packets by default. The solution was to add an extra "tagged" parameter onto the "allowed vlan" directive for the SonicPoint ports. Suddenly everything worked!"

https://forum.sonicwall.com/showthread.php?t=24055&highlight=powerconnect
0
 

Author Closing Comment

by:IDSNET
Comment Utility
I changed the ports (both SP and the SW)
From:
switchport general allowed vlan add 100 untagged
switchport general allowed vlan add 200 untagged
 to:
switchport general allowed vlan add 100 TAGGED
switchport general allowed vlan add 200 TAGGED

Works like a champ!  Thank you for your time and help!
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
No problem. Glad I could help and thanks for the points!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now