VLANs to work with Dell 54XX switches and SonicPoints via SonicWall NSA 3500

Posted on 2013-05-14
Last Modified: 2016-11-23
I've configured our SonicWall NSA 3500 to publish 2 Virtual Access Points and confirmed that it works by plugging a SonicPoint directly to the interface the VAPs are configured on.

However when I uplink the interface to a Dell 5448 and connect my SonicPoints to the same switch, I lose control of it from the SonicWall.  Currently wireless clients can connect to both Virtual Access Points as expected, but SonicWall doesn't show connections to this in SonicWall > SonicPoints > Station Status and as above, I cant control the SonicPoint.  E.g.  Cant reboot them.

Enclosed is a topology diagram to show how I've configured the VLANs.

The uplink port is configured as follows:

Port : g7
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 1
Protected: Disabled

Port is member in:

Vlan   Name                 Egress rule Port Membership Type
 1                  1               Untagged       System
 3       Guest WLAN       Tagged           Static
 4       Corp WLAN         Tagged           Static

Ports 5 & 6 are configured as follows:

Port : g5 or g6
Port Mode: General
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 11
Protected: Disabled

Port is member in:

Vlan   Name                 Egress rule Port Membership Type
 3       Guest WLAN       Tagged           Static
 4       Corp WLAN         Tagged           Static
Question by:FSIFM
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 3
LVL 20

Expert Comment

ID: 39167514
Take a look at the following two items to insure that you have completed all the required steps and configured a WLAN interface.

Author Comment

ID: 39167540
Yes, that's all done.  As I said, it all works find if I plug a SonicPoint directly into an interface on the SonicWall.  Its only when I go through a switch.
LVL 20

Expert Comment

ID: 39167589
Take a look at this technote, especially at the end where it mentions Dell
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?


Author Comment

ID: 39167738
I have looked at that as well, but its made no difference.  However, the SonicPoint G router has changed its status to Non-responsive over night.

Here is the Spanning Tree info from the Switch.  The actual port numbers are different from my examples, so I've modified the port numbers below to reflect my enclosed diagram.

Spanning tree enabled mode RSTP
Default port cost method:  short

  Root ID    Priority    32768
             Address     00:25:64:15:40:09
             This switch is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Number of topology changes 83 last change occurred 25:24:22 ago
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15

 Name   State   Prio.Nbr   Cost     Sts   Role PortFast       Type
------ -------- -------- --------- ------ ---- -------- -----------------
  g1   enabled   128.1       4        Frw   Desg   Yes       P2P (RSTP)
  g2   enabled   128.2      100     Frw   Desg   Yes       P2P (RSTP)
  g3   disabled  128.16     19      Dsbl  Dsbl    No            -
  g4   disabled  128.18      4       Dsbl  Dsbl    No            -
  g5   disabled  128.20      4       Dsbl  Dsbl    No            -
LVL 20

Expert Comment

ID: 39167817
SonicWALL uses two proprietary protocols (SDP and SSPP) and both cannot be routed across any layer 3 device. Any SonicPoint that will be deployed must have an Ethernet connection back to the provisioning SonicWALL UTM appliance, in the same broadcast domain/network.

SonicWALL UTM appliance must have interface or sub-interface in same VLAN/broadcast domain as SonicPoint.

Do you have the same VLANs defined in the switches as in the NSA3500?
Which Sonicwall "X" interface have you assigned to WLAN?
Do the SonicPoints have the latest firmware updates?

You should use the following as a reference, if you have not already seen it.

Also, take a look at the following, which might be your solution.

Author Comment

ID: 39167899
Just realised the above Spanning Tree output is slightly wrong.  I was trying to edit it, but just before I clicked submit, your reply came through!

I suppose I should have kept to the same ports and VLANs for my examples to make it easier!

SonicWall is configured as such:

X0 = LAN                                 (In my example I'm referring to it as VLAN5)
X1 = WAN
X3:V10 = Guest                      (In my example I'm referring to it as VLAN3)
X3:V10 = WLAN for X0          (In my example I'm referring to it as VLAN4)
X4 = IT LAN                            (In my example I'm referring to it as VLAN1)

The switch is configured as follows:

VLAN 1 for the IT LAN which connects to a Cisco router
VLAN 2 which connect the Cisco and SonicWall together
VLAN 3 which is for ports on the LAN
VLAN 4 which is for SonicWall to connect to our ISP Router
VLAN 10 which is for the Wireless Guest network
VLAN 11 which is for the Wireless LAN network that allows access to the X0 network

The firmware on my SonicPoints is as follows:

All Operational SonicPoint units are upgraded to SonicPoint Firmware Version (sw_sp_eng_5.0.0.0_22.bin.sig).
 All Operational SonicPoint-N units are upgraded to SonicPointN Firmware Version (sw_spn_eng_5.6.0.1_14.bin.sig).  

I have also seen those links, but I will go through them a bit more thoroughly to see if it sheds more light on my issue.

Expert Comment

ID: 39261510

Here is my setup to get the Sonicpoint working with powerconnect 55xx on NSA3500

X0 = LAN             (untag default vlan 1)            
X1 = WAN                     (wan ip)

X2 WLAN             Static 1000 Mbps Sonicpoint Provisioning.
X2:V20 WLAN      Static VLAN Sub-Interface WiFi Secure
X2:V30 WLAN-Public Static VLAN Sub-Interface  WiFi Public

On 5548 I setup TRUNK vlan 10, 20 & 30 on the port that connect to NSA and the port on other switch where I connect the Sonicpoint.

My problem provisioning and communicate with Sonicpoint was solved by changing NATIVE VLAN as 10 for the trunk This put vlan 10 untag on powerconnect but tell to use this vlan as default,

Rapid spaning tree RSTP + Fast Link enable

GUI left the default VLAN 1(inactive) in the NATIVE VLAN field.

All other 10G fiber SFP+ Trunk all vlan enable

Dont use GENERAL for vlan like 10U, 20T, 30T. Ths way it's not working because you can't set the native vlan because is not telling what is the default vlan as you can have more that one untag on General

Using TRUNK VLAN tag all vlan exept de native vlan that came untag and tell with native vlan witch one to use because TRUNK can only have one untag vlan. The native one.

Author Comment

ID: 39276473
Hi Praa,

To explain my scenario a bit more, this is how things are configured.

Ports 1-10 & 20 = VLAN 1 (All with VLAN Mode of Access, except Port 20 which is Trunk) - All VLAN memberships are U, including port 20, which auto assigns!
Ports 11-14 = VLAN 2 (All with VLAN Mode of Access) - All VLAN memberships are U
Ports 15-20 = VLAN 10 (All with VLAN Mode of General, except port 20 which is Trunk) - All VLAN membership is T
Ports 15-20 = VLAN 11 (All with VLAN Mode of General, except port 20 which is Trunk) - All VLAN membership is T
Ports 21-42 = VLAN 3 (All with VLAN Mode of Access) - All VLAN memberships are U
Ports 42-48 = VLAN 4 (All with VLAN Mode of Access) - All VLAN memberships are U

Port 20 connects to the firewall in X3.

Due to these switches having a fixed default VLAN of 1, it forces it to join the Trunk port.  I tried your suggesting of creating an extra VLAN (12) to make this the Trunk VLAN, but I cant remove the VLAN1 membership.  As VLAN 1 is connected to the IT LAN network it passes packets from VLAN 10 and 11 to VLAN, which I don't want. I want VLAN 10 to only have internet access and VLAN 11 to only access the X0 networks and the internet.

I'm thinking that I need to move the IT LAN to a new VLAN, but with the issues I'm getting with the WLANs talking, I'm not sure how I'll get the new VLAN to gain access to manage the switch!

Expert Comment

ID: 39282906

VLAN 1 is the default untag for Dell switch but you can make port not part of this VLAN group if you put in the Native VLAN ID the Vlan number you want to get untag.

To be sure from GUI to get the Trunk correctly set put your port back to Access and click the save disk icon for runing config to startup config. This way the apply blue button will get back to make the new config.

Bug from lastest firmware not able to see Trunk VLAN group config when there is one already setup on the port and blue apply button disapear.

You can see in the image attach VLAN 1 is not part of group in truck if you remove all VLAN from default Trunk setup then put the VLAN ID you want back in the Trunk and Sonicpoint Provisioning VLAN in Native VLAN ID.

NSA X2 port WLAN connected to port 45 and sonicpoint connect to post 46 or other port config the same way on other switch.

Default VLAN Membership
Sonicpoint provisioning VLAN
VLAN Trunk setup with native VLAN - Example (port not related to above images)
WLAN NSA 3500 config
Wrong Trunk setup - Native VLAN ID as 1 show inactive make Sonicpoint not able to communicate

Author Comment

ID: 39297676
Hi Praa,

I think if I was configuring this on a 5548, I'd be ok, but I'm trying to do this on a 5448, which doesn't have the same GUI options.  For example, when configuring my VLAN ports, I see this.

Dell 5448 Switch VLAN Port options
We do have a 5548, which does show the options in your screenshots, but the 5548 switch has been assigned for something else.

Expert Comment

ID: 39300165

I have same kind of interface on 2808 Powerconnect I just receive but with less option, cant set the Trunk or General on this switch.

I was also able to get my 5548 work in General VLAN Mode. For this you need to change the PVID (Port Default VLAN ID) to the VLAN you want to use to get Sonicpoint provisioning on. Changing it from VLAN 1 to 10 remote the VLAN 1 from port as you can see in the first image.

I think is what you need to do on your 5448 switch to make provisioning port working for sonicpoint.

Hope this will help to get it work.

2808 VLAN 1
2808 VLAN-10
2808 VLAN-20
2808 VLAN-30
Port 1-2808 connect to port 27-5548
Port 3 connect to Sonicpoint
Port 27-5548 connect to port 1-2808

Author Comment

ID: 39358574
My problem is that I cant change the PVID from anything other than 1 when the Port VLAN Mode is configured as Trunk.  I understand that it has to be configured this way if it is to be the Trunk port for the VLANS.

AS shown in  the screenshot in my previous post,

Accepted Solution

FSIFM earned 0 total points
ID: 39537122
The solution in the end was as follows:

All ports in question attributed to the multi-VLAN were set to General Mode.
VLAN 13 which we used for the main SW interface was configured as U on all the ports in question
VLAN 10 which was the Guest WiFi sub-interface was configured as T on all the ports in question
VLAN 11 which was the WLAN WiFi sub-interface was configured as T on all the ports in question
All ports had the PVID set to 13, as this is the physical interface the presents the VLANs.

Author Closing Comment

ID: 39550353
My solution was accepted as it was the one that worked.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question