Setting up two Networks and allow them to communicate

Dear experts,

I came across a situation where I wish to create two subnets as in 192.168.1.1 and 192.169.2.1

The 192.168.1.1 will be my main network which will contains most of the PCs, printers, etc....

The 192.168.2.1 will be my wifi network which all wireless connections such as phones, scanners, etc...

Here is the situation:

1. only have 1 switch with 48 ports (can be configured)
2. one sonicwall firewall  4 ports in back(can be configured)
3. allow the two networks to talk to one another as in if I have a PC in 192.168.1.x and wish to access a wifi device in 192.168.2.x

Here are the things that I wish to get answered and accomplished:
1. I wish to know what will be the "BEST and SIMPLE" configuration to accomplish this task. Thanks!
2. Is it possible to connect all devices into a single switch (the 48 port switch) and have combination of networks like 192.168.1.x and 192.168.2.x together without utilizing the VLAN?
Kinderly WadeprogrammerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi Kinderly,

1. I wish to know what will be the "BEST and SIMPLE" configuration to accomplish this task. Thanks!
"BEST and SIMPLE" are rarely synonymous in technology. Wireless should always be considered an untrusted Zone for many reasons from deployment to protocol vulnerabilities and the attack surface is further than one thinks. Wireless attacks have successfully been launched from miles away - albeit these are rare but nevertheless the wireless Zone should be considered untrusted for all intents and purposes. This is why in business-class firewalls, like your SonicWALL, make the wireless segmented by default. So with that said, I think creating an L2 Bridge between the LAN and WLAN is the easiest but definitely not the Best. I'd setup two VLANs in two separate Zones and allow them to communicate via Access Rules on the SonicWALL. The switch would need to be at least a managed L2 switch. This way you can actually handle each Zone uniquely as they should be as well as provide Zone Isolation & Security Contexting if need be or if you decide to have a third VLAN/Zone for Wireless Guests.

2. Is it possible to connect all devices into a single switch (the 48 port switch) and have combination of networks like 192.168.1.x and 192.168.2.x together without utilizing the VLAN?
Technically speaking, yes, provided that you have an L3 switch and you isolate two logical paths to two separate switchports in the SonicWALL, but in practice it will not operate how you are thinking it will and for what purpose? For that matter just use one network 192.168.1.0 to cover all wireless and wired connections. If you pass the DHCP through to the SonicWALL from the WAPs you could have all on the same network using an unmanaged L2 switch without Bridging or having multiple networks but again, for what purpose? I'd refer you to my answer in question above, which is how I'd recommend setting it up for as a Best Practice.

Let me know if you have any other questions!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rrococi2Commented:
Do you have sonicpoints? Or some other wifi?  The simplest way is to bridge the wireless device to your sonicwall LAN interface, that way all devices will talk seamlessly.
nociSoftware EngineerCommented:
L2/L3 switches should not matter in this case. Support for 802.1q (VLAN's) will be needed.
That way you can use part of the ports in one LAN and parts in another LAN.

On the Sonicwall (not sure if VLAN 802.1q tagginged is allow on the interfaces) then use a connection with tagged VLAN's to connect, or use 2 ports on the Sonic wall, one in LAN and one in "DMZ"/"WIRELESS" .   And defines the access routes / filter policies there.

If you need seamless handover you may need to check that the WiFi devices support: 802.11r
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

John ChumaCommented:
What are you using for wifi?

Are you going to allow guests to go on the wifi?

When you say phones, do you mean cell phones or Voip phones? I only ask as I have seen people try to do voip over wifi.
Kinderly WadeprogrammerAuthor Commented:
Thanks to all the experts with the suggestions. I am really appreciated with all the helps.

Blue: provided details about networking and I learned alot from you and helps me think abit about my network setup.

noci: you just nailed it on the spot as in whether I should use VLan or not and exactly what ports on the sonicwall to use.  

for John and rrococi2: wifi is also for internal use atm. We're trying to setup a wifi in our warehouse to process the handheld system device via wifi for picking/packing in the warehouse. This way the warehouse workers can input data into the system instantly with the handheld device.

I would also like to know if I should use static routing for this case or using VLan and then do the IP forwarding between those two networks (192.168.1.x and 192.168.2.x)? I read something online that static routing can be done but need to configure properly. Thanks =)
Blue Street TechLast KnightCommented:
@rrococi2 - Please refrain from duplicative comments - it does help nor does it get awarded for points.

@noci -
L2/L3 switches should not matter in this case. Support for 802.1q (VLAN's) will be needed.
That way you can use part of the ports in one LAN and parts in another LAN.
I mentioned L2 and L3 purposefully because without using a VLAN an L3 is required to avoid a loop since two switchports would have upstream connectivity from the switch.
Blue Street TechLast KnightCommented:
My pleasure Kinderly!

What is the SonicWALL and switch model?

I would also like to know if I should use static routing for this case or using VLan and then do the IP forwarding between those two networks (192.168.1.x and 192.168.2.x)? I read something online that static routing can be done but need to configure properly. Thanks =)
If you follow my recommendation Access Rules will auto-create the Routes - you don't need to create static/dynamic routes!
nociSoftware EngineerCommented:
@blue tech street
almost all managable switches i know support 802.1q, (which is the key selector for this).
unmanaged switches & hubs will never support VLAN's (as they cannot be configured anyway).
Blue Street TechLast KnightCommented:
Exactly! The OP asked can it be done without VLANs and we don't know what type of switches the OP has. With only one switch and no use of VLANs it must be L3 to avoid a networking loop.
nociSoftware EngineerCommented:
Routes should not be needed as all interface are attached locally (wrt, Soniwall).
filter rules will need to be set on the Sonic wall either to block or allow traffic.
Blue Street TechLast KnightCommented:
@Noci - I had to re-read the original question and comments as to why I put defined L2/L3 - I am working in too many questions right now on top of my workload. :)

The reason I mentioned the OP would need an L3 was in directly answering their question:
Is it possible to connect all devices into a single switch (the 48 port switch) and have combination of networks like 192.168.1.x and 192.168.2.x together without utilizing the VLAN?
My answer was, yes you can but it would require an L3 switch. In order to do so without running VLANs you'd need to use two switchports in the SonicWALL for each network and connect to the only available switch the OP has. An L3 switch would be required in order to avoid creating a networking loop.
Kinderly WadeprogrammerAuthor Commented:
Hi Blue,

I am wondering how can we avoid the networking loop or how does L3 switch can avoid broadcasting storm which may bring down the entire network? Assuming I have configured sonicwall 2 switchports (192.168.1.x on X0 and 192.168.2.x on X2) and  L3 switch (networks 192.168.1.x and 192.168.2.x). I have sonicwall tz200 and cisco catalyst 48 ports.  (sorry I don't have the access to the exact model number but that's what I remember in general). Thanks
nociSoftware EngineerCommented:
Catalyst switches should know aboout VLAN's   and avoiding loops can be done by enabling  Spanning Tree, prefered is Fast Spanning Tree as it is compatible with original Spannig tree and has fast convergence.

Be sure to enable portfast otherwise you will have a 30 second delay after enabling a port.  I disagree on L3 being needed to avoid loops.
L3 switches are L2 switches with a (few) router(s) bolted onto them.
The whole ethernet protocol still needs MAC adresses and MAC addresses still need to be unique / (V)LAN broadcast domain.
rrococi2Commented:
I for one love the Cisco Meraki devices.  They are cloud managed and perfect for what you are looking for.  They do bridging and VLAN, etc....Amazing devices.  Far superior to the sonicpoint in reliability and function.
nociSoftware EngineerCommented:
Cloud managed service means in effect you trust the cloud service to be 100% trusted, and reliable, and unbreakable by hackers.
(As those cloud services effectivly configure your local net, you just request those actions there).
I have never been a fan of having fundamental infrastructure to be remotely managed.
Kinderly WadeprogrammerAuthor Commented:
Thanks all for the wonderful feedback. I will see if our IT Dept can get one more extra switch for the cameras and using the current one for servers and user PCs. This way I will definitely separate the two (on different switch) and run one switch port on SonicWall to one switch and another switch port to 2nd switch.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.