TZ600, SonicPoint, and WLAN Bridging

Hi, there.

I am a Network Engineer, but I am new to SonicWall. I am trying to integrate SonicPoint Access Points with the TZ600 using multiple VLAN and Zones for various applications.

I came into an environment that had a separate subnet and zone for WLAN off of interface X2 and the LAN zone off of X1. I created Virtual Adapters for the VLAN ID segments I'm hanging off of the X1 interface, and this seems to work fine. I created a DHCP scope, and the connected devices have access to the WAN (Internet) from their respective VLAN.

I have a VLAN segment that is used for video streaming and AV gear. That VLAN works fine on the LAN segment. I want to create a a sub-interface on X2 where the WLAN devices are connected and place this in the same VLAN as the LAN segment. I anticipate that I'm looking to configure that WLAN sub-interface as a bridge of some type. I have tried using the L2 Bridge mode and the Native Bridge mode. The segment appears to be up and running, but DHCP is not passing to the SonicPoint devices (thus, no traffic).

In full disclosure, I created a new zone called "Broadcast" and applied that to the VLAN sub-interface on X1. My thought was to apply the same zone to the wireless VLAN sub-interface on the X2 interface. However, using Native Bridge mode negates this allocation (and I believe L2 Bridge does the same) with the intent the interface inherits the same zone classification as the interface it bridges to. (Please correct me if I'm wrong.)

I'm reaching out to the community to see if you can shed a little light on the following:

  • What are the concerns with creating a new Zone? It seems fairly straightforward and seems to work fine for the wired LAN traffic.
  • What is the preferred method to bridge a wireless segment to a wired segment? I cannot find a lot of documentation on the Native Bridge mode to tell me why I'd go this route versus L2 Bridge.
  • What might prevent communication between the sub-interfaces (virtual interfaces) on the X1 and X2 ports? If I bridge them together, shouldn't that be it? (BTW - I have no packet inspection enabled)
  • It seems the SonicPoint access points will trunk all tagged traffic, so I should be able to allocate a VLAN per SSID. Is this common practice in the SonicOS world?
  • What other concerns would I have creating a common VLAN on a wireless and wired segment?

Any feedback or links to articles would be sincerely appreciated! Thanks in advance.

- Dave

Category: Entry Level Firewalls
