hindsight
asked on
Multiple Sonicpoints on one interface (NSA 2400)
I have 5 Sonicpoints I will be connecting to our NSA 2400. Not enough free interfaces on the Sonicwall, so I'm going to connect them all into a gigabit switch and plug that into the X2 interface. I'm familiar with creating the provisioning profile, zone and interface. I bridged X2 to X0 so the wireless traffic will pass to the LAN. All of this worked just fine, however, the first (and only one connected at the moment) Sonicpoint scooped up an IP address that wasn't even with the DHCP scope. I'm not able to change the IP since the box is greyed out, and it will eventually conflict with another device that has that IP.
Is there a better way of going about this?
Is there a better way of going about this?
ASKER
I was going to go with the portshielding route, but I don't seem to have the option. The NSA2400 is not the latest firmware (since the latest crippled our network). Currently on 5.0.2.10
So you are one version behind?
You should still have PortShielding options! Can you send a screenshot of the PortShielding page?
You should still have PortShielding options! Can you send a screenshot of the PortShielding page?
ASKER
Pretty sure the ability to portshield stopped with the 240s
ASKER
Or rather the NSA2400 and greater do not have the option.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Any update on this?
ASKER
Sorry, didn't have a chance to get back to this. I'll be trying once again tomorrow and will let you know. Thanks!
OK. Sounds good!
I'm glad I could help and thanks for the points!
Well, we had the same issue. And it does appear that it is not possible to directly set the IP address of the SonicPoints. HOWEVER, if getting rid of bridging doesn't work for you, it is important to know that you can influence which IPs the SonicPoints will grab. As you point out, the Management IP assigned to the SonicPoint has nothing to do with any DHCP setting, as far as we can see. In our case we WANT bridging so a wireless device can get a DHCP address in our LAN subnet and be able to authenticate on the domain, for example, a wireless laptop. We worked with SonicWALL tech support to set this up and didn't want to start all over, and don't know of another solution anyway.
The IP addresses allocated to SonicPoints is determined by the NUMBER of SonicPoints you tell the SonicWALL you have. Go to Network / Interfaces / WLAN Configure button. In the General tab see the "SonicPoint Limit:" dropdown list. Depending on the number of SonicPoints, the SonicWALL will assign IP addresses beginning with 255-X, where X=the number of Sonic Points you select. For example, although we expect to have only a maximum of 4 SonicPoints eventually, IP addresses 251-254 were inconveniently in use on our LAN. Selecting "16 SonicPoints" puts the first SonicPoint IP at .239. (255-16=239) The other two we currently have were assigned to IPs .240 and .241. If and when we purchase a fourth, we expect it to be assigned IP .242.
Hope this helps.
The IP addresses allocated to SonicPoints is determined by the NUMBER of SonicPoints you tell the SonicWALL you have. Go to Network / Interfaces / WLAN Configure button. In the General tab see the "SonicPoint Limit:" dropdown list. Depending on the number of SonicPoints, the SonicWALL will assign IP addresses beginning with 255-X, where X=the number of Sonic Points you select. For example, although we expect to have only a maximum of 4 SonicPoints eventually, IP addresses 251-254 were inconveniently in use on our LAN. Selecting "16 SonicPoints" puts the first SonicPoint IP at .239. (255-16=239) The other two we currently have were assigned to IPs .240 and .241. If and when we purchase a fourth, we expect it to be assigned IP .242.
Hope this helps.
Yes, the SonicWALL best practice deployment for SonicPoints is to break the L2 WLAN bridge. SonicWALL sets up the WLAN on a separate subnet for many reasons but primarily because of security and manageability reasons. Plus, WPA support is not available in Bridge Mode.
You can have the LAN talk to the WLAN and vice versa via Access Rules. WLAN > LAN Allow All and the same rule on LAN > WLAN.
You should setup a WLAN Interface, Zone & corresponding PortShielding Port for the SonicPoint. Then configure SonicPoint Provisioning Profile on the UTM.
This way you will have two DHCP Dynamic Pools removing any conflict and everything is clean.
Here are some best practices & considerations:
--------------------------
Layer 2 and Layer 3 considerations for SonicPoints
Tested Switches
Troubleshooting.
Let me know how it goes!