Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

NSA 3650 Trunking

I am having a hard time understanding trunks on this NSA 3650.

This is what I have -

I created three Wifi networks in the UniFI controller

Devices - VLAN ID 6

Guest - VLAN ID 5

Corp - LAN

The Wifi networks are boradcasting. However, the internet cannot be reached on Devices and Guest.

In the NSA two DHCPs configured for VLAN ID 6 and 5. Corp pulls DHCP from network DHCP server and works fine.

I have two APs - one is plugged into port 9 and the other on port 11 in the NSA. These ports are shielded to X0.

I created two virtual interfaces that are port shielded two x1 - X1:V5 Guest and X1:V6 Devices.


This is where I get confused and I have read the following article - How can I configure VLAN trunks for extending networks to PortShield groups? | SonicWall

I go into Switching / Vlan Trunking

VLAN ID 2 on X0 interface has the following member ports - X8, 9, 10, 11, 16, 17, 18, 19, 0.

To make VLAN ID 5 and 6 work would I just click the Trunked check box on VLAN ID 2?

Category: Mid Range Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    truckboxtruckbox Newbie ✭
    Answer ✓

    I just fixed the issue - I had the WiFi zones I created as Public. I switched them to Trusted and all is working as it should.

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    "I created two virtual interfaces that are port shielded two x1 - X1:V5 Guest and X1:V6 Devices." Why would you do this if the ports you have the APs on are portshielded to X0?

  • truckboxtruckbox Newbie ✭

    I was thinking that shielding the WAN would give them internet. Also, those APs do need corp access on X0

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    thats not how that works...

    Portshielding is essentially creating a a group of switchports from one primary interface, thus sharing the network subnet. By portsheilding the WAN what you are doing is saying to the Sonicwall 'these additional ports are also in the WAN, so broadcast all traffic to them too'.

    While you can use the firewalls built-in switching fabric, really you should have a separate switch.

    Read up on the underlying technology: https://en.wikipedia.org/wiki/Network_switch

    https://en.wikipedia.org/wiki/Router_(computing)

  • truckboxtruckbox Newbie ✭

    I am trying to use the firewalls built in trunking.

  • truckboxtruckbox Newbie ✭

    Side note - I move the virtual interfaces to X0

    X0:V6

    X0:V5

    So, I guess the question would still be the same now.

    To make VLAN ID 5 and 6 work would I just click the Trunked check box on VLAN ID 2?

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    I'm not 100% sure how Sonicwalls version of trunking works as it seems convoluted and I've never used it. From your description and the KB article, it seems you should be checking the 'Trunked' check box for VLAN 5 & 6 for the X0 interface.

  • SaravananSaravanan Moderator

    Hi @TRUCKBOX,

    Could you please let me know how the UniFi Controller is connected to the SonicWall? I meant to ask, on what port?

    If the controller is connected to X0 port, then creating VLAN's under X0 would make sense for the WiFi networks. SonicWall does inter VLAN routing by default so no need to additional trunking on it. Please make sure you have the LAN switch or network switch is configured to pass all VLAN tagged and untagged traffics.

    Does SonicWall handles the DHCP scopes for VLAN 5 and 6 subnets? If so, could you check if the clients connecting to these wireless networks can get an IP address before they browse Internet?

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • truckboxtruckbox Newbie ✭

    The controller runs on a server with 4 nics that are connected to the following. Just for clarification - The controller is only used for setup purposes. It does not run. Two nics are connected to switch ports 7, 11, one nic is connected to another switch, the final nic is connected to Sonicwall port 8 (which is portshielded to X0)


    Sonicwall does handle VLAN 5 and 6 DHCP. The end users do not receive an IP address. The only WiFI network that works is the LAN - Corp network that receives DHCP from an internal server.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    You can keep the Guest Wifi as a public zone on the Sonicwall. That is how I do it.

    FYI without the Unifi controller running you wont get statistics and other detailed info from the APs.

    Glad you got it working.

Sign In or Register to comment.