Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Switch Topology design with 2x NSA3700 (running in HA) and 5x SWS14-48

Dear Community,

We have 2x NSA 3700 in HA mode and 5x SWS14-48 switches. Our plan is to run the switches independently from each other, as Sonicwall does not support stacking anyway. So we would cable it from each of both firewalls directly, to keep redundancy, as there is enough 10G interfaces too on NSA3700, and so to have no Single Point of Failure, that if one switch fails, it does not take other switches down, which are cabled behind per daisy chain.

Here is the topology (there is just one mistake in SW1, the second X24 should be connected to Port 49 of SW1 of course)

Now we encounter a problem:

  • We wanna distribute all the VLANs over all the switches, but VLAN is bounded just to one IF on Sonicwall. So on switch we just see the corresponding VLAN of the parent IF, the switch is connected to. Is LAG the solution here? And how exactly should be the configuration?
Category: Switches


  • Options
    prestonpreston Enthusiast ✭✭
    edited September 2023

    Hi freshwater84 , the only way I can see that you can possibly get this working and it probably isn't a supported configuration by SonicWall Support is as below,

    I wouldn't recommend this way either, you would be better using a different way possibly using LAG or redundant Interfaces on the SonicWall,

    don't forget if you are worried about Single Point of Failure how are you going to get around the endpoint to first switch failing ? do you have two interfaces on each endpoint or at least a WLAN card for backup ?

    I'm presuming you want each switch to have an uplink with the VLANs to separate interfaces on the SonicWall :

    1 ) Make sure the switches are managed either manually or via the Cloud Management :

    2 ) Power off the HA SonicWall secondary appliance

    3) Turn off HA on the Prinary Appliance (set to none)

    4) go to the diag page, firewall IP /sonicui/7/m/diag - turn on the following and then click accept - Enable PortShield of Firewall Interfaces in HA mode and also the Enable Native Bridge of Firewall Interfaces in HA mode.

    5 ) configure your LAN with the Sub interfaces as needed on whichever interface you need like X0, (in your scenario X20)

    6) select the other interfaces (in your scenario X21,X22,X23 &X24) you would like to use on the Sonicwall to be port shielded to X0 (X20 in your scenario) either separately in the Interfaces page or via the Network/portshield-groups page:

    7) turn on HA again and test your config using just the primary if you are happy then turn on the Secondary HA appliance.

    make sure Spanning tree is enabled on the switches as there looks like there are going to be some loops

Sign In or Register to comment.