Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

2 Domains Single Network

BlacksuitBlacksuit Newbie ✭
in Switches

Ok, this is probably a stupid question but I have never came across this scenario and wondering if it is possible.


Scenario: Shared office space with 2 companies on single network physically.


All the servers, workstations, etc. are connected on the same network cables through out the office space but will have a mix on any given day of employees from the 2 companies. Their devices are associated to their own respective domains.


Is there a way to configure the switches to route traffic to/from a PC on Domain A to the Domain A's firewall and vice versa for Domain B? I am looking at a hybrid business model where the desks will not be permanent but rather a floating desk as first come, first serve. I know I can setup VLANs but the part my brain is not able to comprehend is how to route the traffic to isolate the 2 domains.


Example.jpg


Category: Switches
Reply
Tagged:

Answers

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    Hi @Blacksuit


    What is your switch brand and models?

  • BlacksuitBlacksuit Newbie ✭
    edited February 2022

    For the Access SW they are Aruba 2540 and 2930 for Core switch connecing to SonicWall TZ370 and Domain B will be a TZ270.

    Domain A has managed switches

    Domain B has unmanaged switches

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    @Blacksuit You should use "Dynamic port access auth via RADIUS" on Aruba 2540.


    https://techhub.hpe.com/eginfolib/Aruba/16.09/5200-5893/index.html#s_Configuring_the_RADIUS_VSAs.html


  • BlacksuitBlacksuit Newbie ✭

    WOW they do not make things clear in their documentation...I am trying to setup RADIUS authentication and authorization with the 2540 but once again their documentation is very cryptic to me. When I research the configuration setup it keeps referencing Clearpass. Is this required?

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @Blacksuit

    As I understood that, you have 2 domain users and they are in different VLAN and you want to bypass their internet traffic through the dedicated firewall for each domain.

    If this is the scenario, You have to do some configuration in your Core Switch.

    First you have to create a default route in the core switch and point the default route to the Firewall Domain A.

    Then you have to configure in Core Switch, PBR and a nexthope for the Domain B network and point the nexthope to Firewall Domain B.

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/13850#Comment_13850

    No need clearpass.

    you sould add Network policy for domainUPNSuffixes each domains.

    A domain user wants to login to domain, RAdius server catch the request and check the domainUPNSuffixes if user is A domain user radius assign to Domain A vlan. if not Raidus assign to Domain B vlan.


    https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-configure


  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Do the network separation on the device labelled "Access Sw". Domain A goes in one [or more] VLANs, Domain B goes in one [or more] other VLANs. Domain A's VLANs go to the relevant Sonicwall, etc. No need for any L3 capabilities on your switches here, all L3 is handled by the relevant Sonicwall.

Sign In or Register to comment.