Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Adding A Second DHCP Scope

Mr_BrightsideMr_Brightside Newbie ✭
in Mid Range Firewalls

Hi,

We're running out of internal IP addresses due to the amount of non company items being put onto the Wifi (phones, tablets etc) and so need to add a second DHCP scope to create some more but while still allowing traffic between the two sets of IP addresses so people can access printers and file shares.

The Sonicwall is running SonicOS Enhanced 6.5.4.11-97n

Could somebody give me a step by step guide on how to add this second scope and allow it to talk to our current address scope ?

Category: Mid Range Firewalls
Reply

Answers

  • Mr_BrightsideMr_Brightside Newbie ✭

    We do also have some CCTV cameras which are on static addresses outside of the scope which is being assigned by DHCP at the moment so obviously a solution that doesn't break them would be preferable :-)

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @Mr_Brightside

    You can create additional Trusted zone (LAN2) and assign on of the free interface, Follow the below KB.

    https://www.sonicwall.com/support/knowledge-base/how-to-create-a-custom-zone/170503641320709/

    NB: To allow communication within Zones by creating automatically Access Rules that allow traffic to flow between the interfaces of a Zone instance, select Allow Interface Trust. Otherwise, deselect the Allow Interface Trust check box. This option is enabled by default, but is often disabled when setting up Guest Services.

    For more about Zone: https://www.sonicwall.com/support/knowledge-base/how-do-zones-work-in-sonicos/170503731702241/

    NB: Once you done above steps; configure the new DHCP pool for the new zone. Follow the below KB:

    https://www.sonicwall.com/support/knowledge-base/configuring-the-dhcp-server-on-the-sonicwall/170505423294713/


  • BbialyBbialy Newbie ✭

    Hi, good idea is to separate devices into different zones and/or VLANs as it was mentioned by @Ajishlal

    just to clarify possible Setup:

    X0 LAN (zone LAN) for trusted ethernet connected DEVICE

    X0:VLAN17 (zone LAN) for trusted Wifi Device (just add tagged vlan 17 port on switch where your AP is connected - and assign configuration to AP (policy?))

    X0:VLAN1900 (zone UNTRUSTED - zone type public) for private mobile devices - WIFI. So you can create dedicated SSID on your AP (need to add vlan tagged port to AP on switch)

    X0:VLAN 2400 (zone LAN2 zone type Trusted) for CCTV just add ports to another VLAN on your switch.


    Then on all mentioned interfaces you will be able to create DHCP scope.

    And now 4 important comments:

    1. instead of creating virtual interfaces you can use physical interfaces but you will have to patch another cables or do it by remote hands. creating virtual interfaces can be done 100% remotely
    2. I'm not big fan of creating zone per vlan - i would rather group them as hard as possible (but not more) it is easier to manage access rules with fewer zones.
    3. using VLAN for trusted (enrolled) wifi device can be easily used for additional security layer like Radius (windows NPS, Extreme NAC) etc.
    4. I'M BIG FAN of NETWORK segmentation and even BIGGER of micro-segmentation with inspecting East-West traffic


Sign In or Register to comment.