IT Pro
asked on
Sonicwall VPN and inter-VLAN connectivity issue
Need help on SonicWALL inter VLAN routing and Huawei switch port configurations.
Scenario:
We have two sites - HQ and Site office!
HQ:-
Hardware at HQ:
Sonicwall -> Cisco 2960 sw
Details:
Sonicwall VLAN configured with VLAN DHCP pool created!
Sonicwall IP 10.10.10.254
- VLAN 100 10.10.10.0 (LAN)
- Cisco Voice Vlan - 10.1.1.0
-- (UC540- 10.10.10.1 Also 10.1.1.254)
Site:-
________
Hardware at the site:
Sonicwall -> Huawei core switch -> Huawei switches (need help here)
Sonicwall VLAN configured with VLAN DHCP pool created!
Sonciwall IP 192.168.10.254(Default VLAN)
- VLAN100 (LAN) - 192.168.20.0
- Vlan10 (Voice) - 10.10.1.0 (alcatel voip gw- 10.10.1.254)
- VLAN50 (Guest wifi) - 192.168.50.0
- VLAN60 (CCTV)
Issues:
At the site:
1) Inter VLAN is not pinging
Both Office:
2) Even though Site to site connection is up, only SonicWALL IP can ping, not UC540 IP which is even same LAN)
3)
Scenario:
We have two sites - HQ and Site office!
HQ:-
Hardware at HQ:
Sonicwall -> Cisco 2960 sw
Details:
Sonicwall VLAN configured with VLAN DHCP pool created!
Sonicwall IP 10.10.10.254
- VLAN 100 10.10.10.0 (LAN)
- Cisco Voice Vlan - 10.1.1.0
-- (UC540- 10.10.10.1 Also 10.1.1.254)
Site:-
________
Hardware at the site:
Sonicwall -> Huawei core switch -> Huawei switches (need help here)
Sonicwall VLAN configured with VLAN DHCP pool created!
Sonciwall IP 192.168.10.254(Default VLAN)
- VLAN100 (LAN) - 192.168.20.0
- Vlan10 (Voice) - 10.10.1.0 (alcatel voip gw- 10.10.1.254)
- VLAN50 (Guest wifi) - 192.168.50.0
- VLAN60 (CCTV)
Issues:
At the site:
1) Inter VLAN is not pinging
Both Office:
2) Even though Site to site connection is up, only SonicWALL IP can ping, not UC540 IP which is even same LAN)
3)
Sajid Shaik M
disable VPN and ping the vlan connectivity...and tell ps
ASKER
No luck I tried those already!
I may ask this ?
Since we’ve Huawei switch 5720S series L3, anyone please help me to configure vlan routing?
I may ask this ?
Since we’ve Huawei switch 5720S series L3, anyone please help me to configure vlan routing?
hmm if u think its related to Huwawei make it sure by connect the sonicwall to any ordionary switch it'll make clear
or else you cancheck the Huwawei support link about the vlans
https://forum.huawei.com/enterprise/en/thread-229395.html
all the best
or else you cancheck the Huwawei support link about the vlans
https://forum.huawei.com/enterprise/en/thread-229395.html
all the best
are you using the swtich as a default gateway?
If so you will get asynchronous routing.
Only use the SonicWall as a default gateway, not the switch.
If so you will get asynchronous routing.
Only use the SonicWall as a default gateway, not the switch.
ASKER
Sonicwall is our gw which connected to Huawei CORE switch then to Huawei other switches!
SONICWALL GW --> CORE L3 switch --> L3 switches --> IP phones(10.10.1.0 nw) --> PCs(192.168.20.0 nw)
DHCP running on sonicwall for VLAN100 (PCs)
Just again copying the details here!
Sonciwall IP 192.168.10.254(Default VLAN)
- VLAN100 (LAN) - 192.168.20.0
- Vlan10 (Voice) - 10.10.1.0 (alcatel voip gw- 10.10.1.254)
- VLAN50 (Guest wifi) - 192.168.50.0
- VLAN60 (CCTV)
Please let me know the best way to configure CORE switch ports and other switches ports!
1) The routing command and where to run it ( CORE switch only ? or entire switches?)
2) How ports should be configured on the switches (Trunk or Access or Hybrid?)
SONICWALL GW --> CORE L3 switch --> L3 switches --> IP phones(10.10.1.0 nw) --> PCs(192.168.20.0 nw)
DHCP running on sonicwall for VLAN100 (PCs)
Just again copying the details here!
Sonciwall IP 192.168.10.254(Default VLAN)
- VLAN100 (LAN) - 192.168.20.0
- Vlan10 (Voice) - 10.10.1.0 (alcatel voip gw- 10.10.1.254)
- VLAN50 (Guest wifi) - 192.168.50.0
- VLAN60 (CCTV)
Please let me know the best way to configure CORE switch ports and other switches ports!
1) The routing command and where to run it ( CORE switch only ? or entire switches?)
2) How ports should be configured on the switches (Trunk or Access or Hybrid?)
you don't want to do any routing on the switches, you terminate all vlans and route all vlans over the SonicWall.
If you route over the switches you will get asynchronous routing
If you route over the switches you will get asynchronous routing
ASKER
Can you please give me an example like
L3 switch port configuration
CORE switch port configuration
L3 switch port configuration
CORE switch port configuration
I would configure them all as L2 ports, and a vlan trunk to the SonicWall
I've never configured huawei switches so can't help ya there
I've never configured huawei switches so can't help ya there
ASKER
Ok! but please tell me the ports you are referring to?
SonicWall -->Core switch --> Switches --> PCs/Phones
SonicWall -->(trunk port?) Core switch (Trunk?)-->(Trunk?) Switches (Access port?)--> PCs/Phones
SonicWall -->Core switch --> Switches --> PCs/Phones
SonicWall -->(trunk port?) Core switch (Trunk?)-->(Trunk?) Switches (Access port?)--> PCs/Phones
PCs and phones should be connected to access ports to each of their respective VLANs.
between the access switches and the core switch you have to create VLAN trunks with all vlans tagged
than add a VLAN trunk to say the SonicWall's X2 port with VLAN 10,50 and 60 tagged, exclude VLAN 100!!!
add an access port to the SonicWall's X0 in VLAN 100
between the access switches and the core switch you have to create VLAN trunks with all vlans tagged
than add a VLAN trunk to say the SonicWall's X2 port with VLAN 10,50 and 60 tagged, exclude VLAN 100!!!
add an access port to the SonicWall's X0 in VLAN 100
ASKER
we will have to connect IP phone and(or) laptop to the same data point which will be configured as access port yeah? so how the phone will get 10.0 network if access port is Vlan100?
Can we tell multiple VLAN on each access port?
Can we tell multiple VLAN on each access port?
each access port is dedicated to a specific vlan, eg. 100 or 10 or 50
so a laptop access port will be assigned to vlan 100, a phone's access port to vlan 10
this is basic VLANning...
so a laptop access port will be assigned to vlan 100, a phone's access port to vlan 10
this is basic VLANning...
ASKER
I think that's not the right way to do!
I have seen the setup like where Cisco IP phone will get IP from the VLAN10 then if I hookup PC behind the phone it will get VLAN100 from the same data point (switch port)! But don't know how they have configured!
I have seen the setup like where Cisco IP phone will get IP from the VLAN10 then if I hookup PC behind the phone it will get VLAN100 from the same data point (switch port)! But don't know how they have configured!
ah you mean you want to connect the pc to the phone?
in that case you can configure the phones to be a vlan trunk, whereby VLAN 100 is the data port of the pc and vlan 10 will be used for the VoIP traffic.
In that case the switchport is a vlan trunk with vlan 10 and 100 tagged.
in that case you can configure the phones to be a vlan trunk, whereby VLAN 100 is the data port of the pc and vlan 10 will be used for the VoIP traffic.
In that case the switchport is a vlan trunk with vlan 10 and 100 tagged.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.