Link to home
Create AccountLog in
Networking

Networking

--

Questions

--

Followers

Top Experts

Avatar of YaYangTeah
YaYangTeahπŸ‡²πŸ‡Ύ

Vlan tagging
I would like seek for expert advice for my diagram attached ,I am not strong in networking ,our company has purchase new device sonicwall TZ600 ,Aruba 2930F and HP 1950.Please review to the picture I send ,please guide me my question below:

1.For the firewall Uplink in the switch port how do I configure eg .untagged Vlan 100 or 6 and do I need to tagged Vlan ?

2.For the firewall interface which s configure 192.168.100.254 d I need to do anything ?

3.For the downlink and uplink switch to switch what should I configure ? because in cisco I notice that just trunk all and HP is untagged and tagged so which Vlan should I Untagged and tag ?User generated image

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of masnrockmasnrockπŸ‡ΊπŸ‡Έ

There is no picture.
Avatar of Benjamin Van DitmarsBenjamin Van DitmarsπŸ‡³πŸ‡±

Why is there twice a staff wifi ?
i would not use an svi for the guest wifi, this network you want tot isolate, and this is not posible in youre design. Β ?

a trunk on hp is an portchannel on cisco.

just put on the trunk between the switches all vlan's tagged, you dont need to have an untagged vlan on the connection.

i made you de couple of diagrams, layer 2 and layer 3 design how to beeld what you want.
layer-2.png
layer-3.png
Avatar of masnrockmasnrockπŸ‡ΊπŸ‡Έ

How large is the space and how many users are there? I'm hoping that the staff wireless VLANs are for two different areas

1) By default the Sonicwall has VLAN1, no matter what you name its subnet. You could just preserve that across all of your equipment rather than have a VLAN 100. To create the other subnets (VLANs) on the Sonicwall, you would create virtual interfaces. Make sure those virtual interfaces are tied to the same interface you're utilizing for your network. That will have the equivalent of VLAN1 being untagged and all of the virtual interfaces being tagged coming out of the Sonicwall.
2) I hope VLANs 4 and 6 are meant for different areas. UNLESS you meant one of those for a purpose other than staff (which you should correct now before building). Also make sure you do not allow VLAN 10 to communicate with the other VLANs. However, you should identify which VLANs should be able to communicate with which. You should also pay attention to your NAT policies. Also.... if you're going to be non-Sonicwall access points, make sure to pay attention to the settings for your zones. You need to specifically disable checks for Sonicpoint devices.
3) Bear in mind Benjamin's last comment. HP switches do not understand Cisco trunks. (Assuming that you will have a Cisco switch in play somewhere, given that you haven't cited an actual Cisco switch)
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

ASKER CERTIFIED SOLUTION
Avatar of SouljaSouljaπŸ‡ΊπŸ‡Έ

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of YaYangTeahYaYangTeahπŸ‡²πŸ‡Ύ

ASKER

@soul.. i am trying follow your way i am trying to ping from access switch to the sonicwall but failed.Please advice.
Avatar of SouljaSouljaπŸ‡ΊπŸ‡Έ

First try pinging from the Aruba to the Sonicwall. Source the ping from several of the vlan interfaces you created. This will insure the Sonicwall has a route back to those subnets. Β 
If successful, then try from a host on the vlans.
Make sure the access port the host is connected to is assigned to the correctly vlan.
Make sure the Aruba has a default route pointing to the Sonicwall.
Also make sure the host you are pinging is configured with the correct default gateway for the vlan it is in.
Avatar of YaYangTeahYaYangTeahπŸ‡²πŸ‡Ύ

ASKER

@soul..now i simulate using the packet tracer assume that router is my firewall i am getting same result .

1.I can not ping from my access switch to to my SVI in core switch except vlan 2 which is management interface.
2.I can not ping from access switch to router interface.
3.can not ping from router to core switch SVI except uplink.
Free T-shirt

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of SouljaSouljaπŸ‡ΊπŸ‡Έ

Share your packet tracer file and the version you are using.
Avatar of YaYangTeahYaYangTeahπŸ‡²πŸ‡Ύ

ASKER

@soul. I just try now actually I am trying to ping from core switch to router also can not and router to core switch also same.
Avatar of YaYangTeahYaYangTeahπŸ‡²πŸ‡Ύ

ASKER

@soul ..my packet tracer is 7.1
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Avatar of SouljaSouljaπŸ‡ΊπŸ‡Έ

Can you attach the packet tracer file you are working on?
Avatar of YaYangTeahYaYangTeahπŸ‡²πŸ‡Ύ

ASKER

@SOUL
attached configuration is for your referenceCore-Switch.txt
Router.txt
Switch.txt
Avatar of SouljaSouljaπŸ‡ΊπŸ‡Έ

On router:

ip route 192.168.200.0 255.255.255.0 192.168.200.254
ip route 192.168.2.0 255.255.255.0 192.168.200.254
ip route 192.168.6.0 255.255.255.0 192.168.200.254

On switch:
ip default-gateway 192.168.200.254
Free T-shirt

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of YaYangTeahYaYangTeahπŸ‡²πŸ‡Ύ

ASKER

@Soul

I am following the guide above, i can reach the SVi from switch but i still having issue below:
Β 
1.Can not ping all the core-switch svi from router
2.from the coreswitch and switch can not ping 192.168.200.1
RouterV2.txt
SwitchV2.txt
Avatar of SouljaSouljaπŸ‡ΊπŸ‡Έ

Sorry do the followingL

Router:

Don't need this. This subnet is already a connected route:
no ip route 192.168.200.0 255.255.255.0 192.168.200.254

On switch:
ip default-gateway 192.168.2.254

When you ping from the router are you sourcing the ping from Gi0/0? I assume this interface is connect to the Aruba. What is your GI0/1 used for?
Avatar of SouljaSouljaπŸ‡ΊπŸ‡Έ

On your coreswitch I don't see a port configured for VLAN 200. This should be the port that the router is connected to on Gi0/0.
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Avatar of YaYangTeahYaYangTeahπŸ‡²πŸ‡Ύ

ASKER

@SOUL

I solve all the issue with your guides and i modefy the access port from my core-switch to router to access vlan 200 instead of 2 now all the problem solved.
Avatar of SouljaSouljaπŸ‡ΊπŸ‡Έ

Awesome. Sorry at work and didn't catch that the first time I looked.
Avatar of YaYangTeahYaYangTeahπŸ‡²πŸ‡Ύ

ASKER

@soul

No..problem.I will open another topic for the 4 Γ— ,peplink switch the uplink to core switch.Each accesa switch have two link to core switch as redundentcy .see you in new topic 😁
Free T-shirt

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Networking

Networking

--

Questions

--

Followers

Top Experts

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.