Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
2 networks on one unmanaged switch connected to Sonicwall
I have a client that has an application that periodically goes to the internet to pull information. They have all those devices on one network 172.31.2.X, they also have a second network on the same switch 192.168.100.X
The sonicwall is set to have X2 as the 192.168.100.0 gateway/ port.
How can I get traffic from the 172.31.2.x network outside?
I have tried implementing an address object, ARP and Routing as described here: http://www.blizzardcomputers.com/multihome-lan-sonicwall/
But so far the it not talking.
The sonicwall is set to have X2 as the 192.168.100.0 gateway/ port.
How can I get traffic from the 172.31.2.x network outside?
I have tried implementing an address object, ARP and Routing as described here: http://www.blizzardcomputers.com/multihome-lan-sonicwall/
But so far the it not talking.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
easiest would be to use another port off the SonicWALL and put it on the 172.31.2.x network and connect to the switch, then have those machines use it as a gateway and right the acls on the SonicWALL to allow the needed traffic
Two ways to do it:
Make sure the firewall has a gateway address set up on the "inside" interface for the 172.31.2.x network (like 172.31.2.1) so that machines on that network can use the sonicwall as their default gateway. You will end up having one primary and one secondary address on the interface (one for each netblock). Also, enable outbound network address translation for that network.
The other way, kinda an ugly hack, is to set up an additional IP address (like 172.31.2.1/255.255.255.0, but leave "default gateway" blank) on one of your windows systems on the 192.168.100.x network, enable Internet Connection Sharing (or whever it's called now), and have your 172.31.2.x systems use 172.31.2.1 as their default gateway.
Make sure the firewall has a gateway address set up on the "inside" interface for the 172.31.2.x network (like 172.31.2.1) so that machines on that network can use the sonicwall as their default gateway. You will end up having one primary and one secondary address on the interface (one for each netblock). Also, enable outbound network address translation for that network.
The other way, kinda an ugly hack, is to set up an additional IP address (like 172.31.2.1/255.255.255.0, but leave "default gateway" blank) on one of your windows systems on the 192.168.100.x network, enable Internet Connection Sharing (or whever it's called now), and have your 172.31.2.x systems use 172.31.2.1 as their default gateway.
Bryant.. agree that is probably the simplest..but can I run a cable from interface x2 (192.168.100.1) to the switch AND one from the same switch to X3 (1782.31.2.1)? Are the ports isolated so that it will not interfere?
It is a plain old dumb switch no vlan
It is a plain old dumb switch no vlan
yes, it will basically see at two separate devices, and essentially what you are doing now by have multiple networks on the same switch. Ideal world would be another switch for those devices or a switch that supports vlans.
What is the current gateway for the 172.31.2.0 network and is there a device that the IP is currently configured on?
Would that be the switch? If yes, then the switch is an L3
If so, you should be able to log on to the switch via a web browser and then configure a default route from 172 to 192
If the above is impossible, you will need another L3 switch to accomplish your goal (either with another cable connection to the Sonic or without)
Check the 172.x.x.x computers for the gateway they're using. Then scan the network with IP Scanner to find out which device has that IP.
Would that be the switch? If yes, then the switch is an L3
If so, you should be able to log on to the switch via a web browser and then configure a default route from 172 to 192
If the above is impossible, you will need another L3 switch to accomplish your goal (either with another cable connection to the Sonic or without)
Check the 172.x.x.x computers for the gateway they're using. Then scan the network with IP Scanner to find out which device has that IP.
can I run a cable from interface x2 (192.168.100.1) to the switch AND one from the same switch to X3 (1782.31.2.1)?
No, you absolutely cannot connect the X2 and the X3 to the same switch without putting each network in a separate VLAN! This will cause nothing but problems for your client. I've seen this a hundred times and it's always an issue. There will be an ARP storm that will take the network down. Alternatively, traffic may ingress the wrong interface and the SonicWALL will drop this traffic due to IP spoof protection.
The proper solution is to create a unique VLAN for each network, then you can do either of the following:
Option 1
=======
1. Leave the X2 configured as is.
2. Configure all switch ports that connect to devices on the 192.168.100.X network as access ports and move them to the VLAN designed for that network (I recommend using a VLAN other than VLAN 1).
3. Configure the X3 as a member of the 172.31.2.x network.
4. Configure all switch ports that connect to devices on the 172.31.2.x network as access ports and move them to the VLAN designed for that network (again, I recommend using a VLAN other than VLAN 1).
5. The switch ports that uplink to the SonicWALL's X2 and X3 must also be configured as access ports and must be members of the respective VLANs.
6. Configure clients in the 172.31.2.x network to use the X3's IP as their default gateway.
OR
Option 2
=======
1. Create a VLAN sub-interface below the X2 interface and configure it as a member of the 172.31.2.x network. This interface will require a unique VLAN ID and will expect all traffic that ingresses it to be tagged with that VLAN ID.
2. Leave the X2 configured as is.
3. Configure all switch ports that connect to devices on the 192.168.100.X network as access ports and move them to the VLAN designed for that network (I recommend using a VLAN other than VLAN 1).
4. Configure all switch ports that connect to devices on the 172.31.2.x network as access ports and move them to the VLAN designed for that network (again, I recommend using a VLAN other than VLAN 1).
5. Configure the switch port that uplinks to the SonicWALL's X2 interface as a trunk or general port. The VLAN for the 192.168.100.X network must be untagged. The VLAN for the 172.31.2.x network must be tagged.
6. Configure clients in the 172.31.2.x network to use the VLAN sub-interface's IP as their default gateway.
In scenario #2, the physical X2 interface is broken down into 2 logical interfaces - the X2 root logical interface, and the X2:V# (where # is the VLAN ID you specify in the configuration) VLAN logical interface. The X2 physical interface carries traffic for both networks, but logically acts as 2 separate interfaces.
Please DO NOT (I can't stress this enough) connect the X2 and X3 interfaces to the same switch without the proper use of VLANs. This will wreak havoc and leave you with a very unhappy customer.
If you have any questions about either of the proposed solutions, please ask. I'm happy to provide further information.
I hope this helps!
If so, you should be able to log on to the switch via a web browser and then configure a default route from 172 to 192
The SonicWALL won't allow this. Traffic would be dropped due to IP spoof protection.
Problem is switch is not VLAN capable. System vendor claims they do this with Fortinet firewall an I wouldn't think it can do something sonicwall cannot.
If only way is with VLAN. Then I am better putting in another 8 port switch and using that for 172.31 network. It is a very light loaded network only for menu boards
If only way is with VLAN. Then I am better putting in another 8 port switch and using that for 172.31 network. It is a very light loaded network only for menu boards
Problem is switch is not VLAN capable. System vendor claims they do this with Fortinet firewall an I wouldn't think it can do something sonicwall cannot.
If only way is with VLAN. Then I am better putting in another 8 port switch and using that for 172.31 network. It is a very light loaded network only for menu boards
I can tell you with a very high degree of confidence that this will be a major issue. You should never have two networks on the same VLAN, they should always be separated. This isn't just a recommendation based on the SonicWALL, this is good networking practice. Furthermore, regardless of the firewall vendor, you shouldn't have the same switch connected to more than one interface if no VLANs are in play... this is a bad design and is just asking for trouble. Some networking devices are a more lax, however, and will allow this by not implementing source network verification.
Let me use this example to clarify:
Firewall (int 2) -------------- (gi 1/0/2) Switch
| (int 3) (gi 1/0/3) |
--------------------------
(Notice that in the figure above, a physical typology loop is created)
Switch
|
--------------------------
| |
Comp 1 Comp 2
192.168.100.101 172.31.2.102
Firewall int 2 - 192.168.100.x /24
Firewall int 3 - 172.31.2.x /24
Comp 1's traffic may ingresses the firewall's int 3 interface and may be allowed by the firewall because it knows about the other network and doesn't verify that the traffic has ingressed through the int 2 interface, which is the proper interface.
SonicOS rightly won't allow this.
If the switch is not VLAN capable, then your only option will be to add in another switch and physically separate the networks.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial