Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

DHCP

I have interface 1 (Vlan1) and interface 5 (Vlan99) and interface 8 (Vlan301) all connecting to the same LAN. I have DHCP scopes enabled on all three interfaces (for different routes and purposes). My cisco person indicated that the Vlan301 devices are showing up as Vlan1 devices and they are getting their IP Address from Vlan1. I created static entries associating their Ethernet address to use the IP Address in Vlan301 for said devices yet they still get an IP Address from Vlan1. I thought that if there are entries in the firewall with instructions that said Ethernet address, it would redirect send the Vlan301 IP Address but that is not the case. Is there a way to make the firewall to force the reserved IP Address to the device no matter which interface it tries to connect to?

Category: Firewall Management and Analytics
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    TKWITSTKWITS Cybersecurity Overlord ✭✭✭
    Accepted Answer

    ah yes, you failed to mention you had voip phones in your environment...

    youll likely need to keep the switchport in question on VLAN1 but also tag VLAN301 on it (aka making the port a 'trunk'), and tell the phone to use VLAN301.

    do some more reading on the concepts. also helps to provide as much information in the first post...

Answers

  • itworks4me2itworks4me2 Newbie ✭
    edited May 4

    I did remove the devices from the current leases list and they show back up using the an IP Address from Vlan1.

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    Is there a way to make the firewall to force the reserved IP Address to the device no matter which interface it tries to connect to?

    No. DHCP depends on the interface.

    For clarity, are the interfaces you listed (1,5, & 8) subinterfaces of a physical interface, or each an individual physical interface?

    Read up on 802.1Q / VLANing.


  • itworks4me2itworks4me2 Newbie ✭

    Physical ports on the firewall.

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    VLANs imply a single physical interface divided into logical subinterfaces. What does your topology look like? Multiple physical switchports to the multiple physical ports on the firewall? What does your switch config look like with regards to VLANs, trunks, and access ports?

  • AjishlalAjishlal Cybersecurity Overlord ✭✭✭

    Hi @itworks4me2

    For resolving the above mentioned issue, You would have to tag the Firewall VLAN ID (vlan, Vlan99 & vlan301) in CISCO switch appropriate ports then only it will work as per your design.

    All ports on CISCO switch are in VLAN1, which is default (untagged) and its called native VLAN.

  • itworks4me2itworks4me2 Newbie ✭

    It is but the Unifi switches identify the devices of which need to go to Vlan301 are identified as Vlan1 and Vlan301

  • AjishlalAjishlal Cybersecurity Overlord ✭✭✭

    Hi @itworks4me2

    Follow the below unifi switch KB for tagging and untagging the VLAN ports.


  • itworks4me2itworks4me2 Newbie ✭

    Thank you. That is what Unifi said too but made the PC that needed to be on Vlan1 that is connected to the phone stop working because it forced everything to Vlan301.

  • itworks4me2itworks4me2 Newbie ✭

    I don't see why it mattered if my "devices" were phones or not.

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭
    edited May 10

    Thats like saying to a math teacher "I dont see why X matters in math" when you are being taught algebra.

    Everything matters in networking. It also helps those helping you to know what "devices" we are thinking about.

    You're welcome.

Sign In or Register to comment.