2 subnets on the same interface whitout using vlans?
cnuques
Newbie ✭
Hi, thank you for your time in advance.
I am replacing an outdated generic firewall/router and replacing it with a tz-370.
I do not have the freedom or budget to buy any managed firewalls that support VLANs, so the use of them is no option.
I require one subnet, let's say 20.0.0.0/24 to only allow assigning IP addresses to registered devices (either DHCP or not) but I can't assign any static IP on the actual device's OS as they are mobile.
Also, I require another subnet, i,e: 172.17.0.0/23 (it was set like that and a lot of this inherited infrastructure requires it) to freely distribute IP addresses to their heart's content.
These 2 subnets for every related purpose will be using the same interface in the end, as there is only 1, one regular unmanaged switch, and doing rewires, segmentation, VLANs, and such is not possible.
This is a network configuration that has been already running on a CISCO RV-320, for many years now, without issues, and I am just replacing it with a TZ-370.
Yes, I know there should be VLANs that the place must use managed switches, the wiring must be done differently, etc, I know that, but for now, there is no option, any help will be greatly appreciated.
Answers
If you can afford a TZ370 then you can afford a firewall that supports VLANs, because the TZ370 supports VLANs.
If you've got two networks on the same interface then you can't have DHCP on both because the firewall won't ever know which scope it should be serving the request from, will it? So you can only have static clients in one network and DHCP+Static clients in the other, if they're in the same L2 broadcast domain.
You can have an additional IPs on a LAN interface for management:
I don't know if this will work for routing traffic, however.
Probably the easiest thing for you if you want two IPs on the firewall in the same LAN is just to configure an additional interface and plug that in as well. Just don't try to get DHCP working on both!
Thank you for your time.
The budget for this ran out, again, I know is not optimal, please let's set that aside.
Ok, so is there a way for me to assign IP addresses without using DHCP? again, these are laptops, so no static can be set on them, and thank you you can criticize all you want on the whole deal, I am very critical, but it is what it is and I have to make this swap, again this setup is already working on an RV-320, if it wasn't that it does not get updates anymore they would have not changed.
If you really do have two DHCP servers in the same network, correctly serving different IPs to different sets of clients, then I don't know how it's done. Hopefully someone else will chip in.
"You can have an additional IPs on a LAN interface for management: I don't know if this will work for routing traffic, however."
It will work for routing traffic. The provided article can be used to add a secondary IP address and subnet on a single interface. What is missing is creating and publishing a static ARP entry for the secondary IP address, and allowing ANY service in the static route. You do not have to do the NAT or ACL steps in the article as those are strictly for management access. If you have strict outbound ACL to the internet you will have to create a rule allowing the new subnet, otherwise the default rule will cover the new subnet (as it is source ANY).
I've never done it but I suppose it possible to have static assignments from the Sonicwall DHCP server on one of the subnets, and a standard range on the other. As long as you have the laptop MAC addresses you can setup a static assignment (a.k.a DHCP Reservation).
See: https://www.sonicwall.com/support/knowledge-base/how-can-i-create-a-static-dhcp-entry-in-the-sonicwall-utm-appliance/170504925446054/
This is assuming the Cisco was providing DHCP services and there isn't a DHCP server out on the network.
Get a copy of the Cisco config and review it's settings. Post a sanitized copy with questions if you want.
I've never done it but I suppose it possible to have static assignments from the Sonicwall DHCP server on one of the subnets, and a standard range on the other. As long as you have the laptop MAC addresses you can setup a static assignment (a.k.a DHCP Reservation).
That sounds like the answer here - this specific set of devices will have known MACs so can be given static DHCP leases. Easy. And not a VLAN in sight!