About switches connected to NSA2650
a simiple question, but maybe I am missing something.
Including several ports under our X0 interface, to have more Gbps ports to connect more than one external switch, some doubts arise regarding VLANS. I am not using any trunk ports on the NSA.
Do I have to consider any configuration to connect external switches?
I understand that for a small network, it makes sense to think of having everyone under the same VLAN. The default vlanid of X0 (LAN) is 2, as I can see under VLAN TABLE (Switching Menu). Is there something wrong with connecting 3 switches to for example ports X0, X1, X2, where each of these ports feeds each switch? Can I assume that the X0 ports (lan portshield) of the sonicwall behave as untagged pertaining to vlan 2?
Thank you very much.
The VLAN ID 2 is an internal VLAN that SonicWall uses to distinguish L2 traffic on X0. So, all the VLANs that are internal should not be configured on the switches. You can use any VLANs above 30 to be safe.
Are you trying to create some kind of Etherchannel or link aggregation or just trying to have each switch be fed into each of the firewall port?
The traffic flow should be fine if all those 3 switches are not interconnected and are on native VLAN 1.
Please let me know if you have any additional queries.
Technical Support Advisor, Premier Services
just connecting each switch be fed into each of the firewall port. That's correct.
"You can use any VLANs above 30 to be safe" = I suppose that with this advice you mean to avoid conflicts with the internal identifiers that the NSA uses, in case I used a trunk port between NSA and a switch.
Starting VLAN ID:2
Ending VLAN ID:29
I understand that having all three switches using VLANID = 2 at the moment, without trunk port, is unnecessary, is this correct? It is preferable to have all three switches using default VLANID = 1, since this will never be in internal use of the NSA ... correct?
Thanks, and happy new year for all Sonicwall Community.
as long as you're not tagging on the Firewall (by using Virtual Interfaces) you can completely ignore the VLAN-IDs. The traffic will leave the firewall untagged. Does not matter though if it's somewhat VLAN2 on the firewall and VLAN1 on the switch.