TZ300 with Linksys Velop MEsh WIFI
Docwagner Newbie ✭
Greetings: I have a TZ300 for my business and I'm trying to connect a Linksys Velop AX wifi system behind it. The system works fine connected to the modem, but I can't figure out how to setup a port to allow internet traffic to the wifi. I have a switch connecting my wired network through the X0 port set to LAN and X1 is set to WAN. This is probably a simple thing. Thanks for any help.
Category: Entry Level Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Hi @Docwagner ,
From the Issue description, I can understand that you are trying to connect Linksys Velop AX wifi system to your X0 LAN switch for the Wireless connection.
Here are the steps for configuration.
1) Configure a static IP address for the WAN interface of the WiFi system with a IP address from the same network as X0 LAN. This will also be helpful to manage the Linksys Velop AX wifi system from a computer in the LAN.
2) If you are going to use the same network as LAN for the wireless users, then you can configure the WiFi system in bridge mode so the wireless users will get DHCP IP address from the Sonicwall TZ 300 or any other DHCP server in the LAN
3) If you want the WiFi system to lease the IP address, you can configure the DHCP scope in the WiFi system itself.
Hope this helps. Please let us know if you have any additional queries.
Thanks for the reply
Here is what I tried before I got your advice. I set up the X4 port to WLAN, cancelled the Sonicwall AP specific settings in the Zones tab. I set the IP address to 192.168.1.1 static and plugged the Velop into port X4 and got on the internet traffic. Velop was set to DHCP. My other network is on 192.168.2.x so they are separate now. The problem with that is access to the VPN tunnel to our other location and NAS appliances that are on the 192.168.2.x network.
So I did what you said and I put the Velop router into bridge mode and moved the Velop device onto the switch attached to X0 and I lost internet. In regards to #1 I tried that before without internet access.
Hi @Docwagner ,
Since you have the Velop connected to the X4 interface, here are the steps you can follow to the get the setup working.
1) For the Wireless network under Velop, instead of using 192.168.2.x, use a non-overlapping network from a different private IP address range and add it as a part of VPN. To do the same please follow the KB article link below:
2) If you have bridged the LAN and WLAN in the SonicWALL TZ 300 and if they are in the same network, please follow the steps in the KB article link below and create an access rule.
3) When you had configured, the Velon AP in the bridged mode, the DHCP IP address for the wireless machines should be leased from the SonicWALL firewall. Make sure the DHCP scope is created and check in the client machine if you are successfully getting IP address when connected to the Velon AP. If you get IP address, then we may have to do packet capture in the SonicWALL to see if the traffic is reaching SonicWALL or dropped.
Thanks again. Before I go screwing things up if I try #1 which seems like the most straight forward my main network is 192.168.2.x and the wifi is 192.168.1.x so no overlap. If I set this up through the VPN will I still not be able to access local devices like network printers on the 192.168.2.x network. FYI the remote network at the other location is 192.168.3.x.
Sorry, I am a novice at this device. I tried step 1. I went into the VPN policy configuration, but I can't find where I can add the wifi subnet configuration. Each time I try something I break the VPN tunnel.
Hi @Docwagner ,
Please edit the Site to Site VPN policy and Under the 'Networks' tab, we need to include the WiFi subnets as Local Networks for the Local SonicWALL. For this you may need to create an Address group and include the Address objects for your LAN and also the Wireless to the group and select the Address group as the Local Networks.
In the remote VPN site, you will have to add the WiFi subnet as 'Remote Networks'. Since this is a Site to Site VPN configuration, it requires changes to be done on both VPN device to bring the Security Association for the Wireless network.
Note: Please take a backup of settings from the firewall before making the changes so we can restore the setup if something goes wrong.