Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Network On New Interface Has No Internet? Also No Communication between Interfaces Network

Hi

I created a new virtual interface with New Zone on X0 as X0:V2 (Static IP Mode) The newly created interface has no internet also I can't access object on X0:V2 from X0 (LAN subnets).

I already Created Rule From LAN to Public Network (the new zone on X0:V2) and also created a rule from Public Network (the new zone on X0:V2) to WAN but both don't work.

from switch I already put VLAN ID 2 same as on Virtual Interface

Below are the

  • Virtual Interface Settings on X0
  • NAT Polices, Network Interface Settings (still no internet)
  • Access Rules
  • Switch Settings


Category: Entry Level Firewalls
Reply

Answers

  • TonyATonyA SonicWall Employee

    Hi @Max

    To start troubleshooting this issue, you will want to use the packet monitor on the firewall - this should help give some hints where the issue is

  • MaxMax Newbie ✭

    Hi @TonyA

    unable to capture anything on X0:V2


  • prestonpreston All-Knowing Sage ✭✭✭✭
    edited December 2023

    Hi @Max , what switch port are you connecting to the SonicWAll ? I can see you have set PVID 2 to port 11 which I'm presuming that you have a device plugged in to this which needs to be on the VLAN2 which is correct, but there doesn't appear to be a correctly configured trunk port (the one which connects to the SonicWall X0 interface,

    make sure on the Trunk port that VLAN 1 is untagged and set as the PVID and that VLAN 2 is tagged on that port once you have done this the SonicWall will be able to pass traffic to the VLAN2 (X0:V2) and the device on port 11 will be able to communicate with the LAN

  • MaxMax Newbie ✭

    Hi @preston

    The sonicwall has X1 as WAN and X0 as LAN, X0 as a virtual interface configured as X0;V2, X0 is connected to a switch and that switch is further connected to a switch (DES 1210-28P) on which I configured the VLAN port as below.

    also please have a look at the NAT policy and rules above are they correct? as there is no internet also for X0:V2 (Public Network Zone)


  • prestonpreston All-Knowing Sage ✭✭✭✭
    edited December 2023

    Hi Max, ignore everything you have done so far, starting from scratch is the easiest way to explain the process

    In a factory default state the SonicWall has X0 and X1 configured X1 set to DHCP but then you change to whatever settings required the same as with the LAN subnet.

    if you then create a new Zone and call it Public Network and then set as type (public) without changing any other settings for the Zone.

    If you then add a virtual Interface (VLAN 2) to X0 and then assign it to the previously configured Public Network Zone the SonicWall will automatically NAT the traffic out of the X1 Interface & also create the outbound firewall rule to the Internet & also a firewall rule to allow from the LAN to the Public Network but not the other way round.

    to set the switch up to talk to both networks on the SonicWall :

    you need to configure the Port on the first switch (i.e port 1) to where the SonicWall X0 interface connects to as been untagged to VLAN 1(the default setting) you then need to create a new VLAN on the Switch for VLAN2 and then on the port 1 mentioned above you need to then tag this so the port should show (port 1 - VLAN1 Untagged, VLAN2 Tagged)

    then if the VLAN 2 is going to be forwarded to another switch where the VLAN2 is to be used on some of the ports, on the first switch you need to create an uplink port (unless stacked) say for example port 24 is connected to port 24 on the second switch, then we need to edit the uplink port and give is the same VLAN settings as port 1 (on both switches) obviously create the VLAN 2 on the second switch 2 first.

    then in your example image above if this is the second switch in the chain then it needs to be untagged for VLAN 2 on port 11 if this is where the device which you require to be on VLAN 2 is,

    if the device which is plugged in to port 11 is a wireless AP which has two SSID's one for the Corp Wifi (VLAN 1) & a Guest Wifi (VLAN2) then you will need to set the ports the same as the uplink ports (VLAN1 untagged & VLAN2 Tagged)

    don't forget to set the DHCP scope for the networks on the SonicWall as needed

  • MaxMax Newbie ✭

    HI @preston

    its done as you said maybe the below picture will help you understand the scenerio better

    the settings are all right and NAT policies are also right as ou seen in the above pictures of the question.

    but still there is no solution and no outcome


  • prestonpreston All-Knowing Sage ✭✭✭✭

    Hi @ Max, please can you also show the configuration of both switches?

  • MaxMax Newbie ✭

    HI @preston

    Switch one in diagram is unmanaged switch whereas switch 2 is managed for which the configuration is below.

    I want X0 LAN network also on switch 2 (which is working fine) only X0:V2 on Port 11 of switch 2.


  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Switch one in diagram is unmanaged

    That's probably your problem. IME, it's not possible to predict if an unmanaged switch will or won't pass VLAN tags.

    Connect X0 directly to your managed switch and re-test.

    Additionally, I wonder what "asymmetric VLAN" is? Not sure if this is some weird implementation I have never come across before, or just a way of describing some totally normal thing one does with VLANs.

  • prestonpreston All-Knowing Sage ✭✭✭✭

    Hi MAX the configuration of switch 2 is incorrect also as there should be two ports configured as I mentioned previously

    in your example above port 11 is only tagged for VLAN2 this also needs to be untagged for VLAN1 (and the PVID also)

    you would only set as you have above if you only want the VLAN 2 to pass on the port 11 which if using an AP will never work,

    you also need a port configured to uplink to the SonicWall (trunk port) which would be configured also as above with both VLANs on it the untagged for VLAN 1 and tagged for VLAN 2.

    you can try this with the unmanaged switch in front first to see if it will pass the VLANs without stripping the tags but as Arkright mentioned it is unlikely, but unless you configure the managed switch as I have mentioned it is never going to work.

Sign In or Register to comment.