NSA 3650 Trunking
truckbox
Newbie ✭
I am having a hard time understanding trunks on this NSA 3650.
This is what I have -
I created three Wifi networks in the UniFI controller
Devices - VLAN ID 6
Guest - VLAN ID 5
Corp - LAN
The Wifi networks are boradcasting. However, the internet cannot be reached on Devices and Guest.
In the NSA two DHCPs configured for VLAN ID 6 and 5. Corp pulls DHCP from network DHCP server and works fine.
I have two APs - one is plugged into port 9 and the other on port 11 in the NSA. These ports are shielded to X0.
I created two virtual interfaces that are port shielded two x1 - X1:V5 Guest and X1:V6 Devices.
This is where I get confused and I have read the following article - How can I configure VLAN trunks for extending networks to PortShield groups? | SonicWall
I go into Switching / Vlan Trunking
VLAN ID 2 on X0 interface has the following member ports - X8, 9, 10, 11, 16, 17, 18, 19, 0.
To make VLAN ID 5 and 6 work would I just click the Trunked check box on VLAN ID 2?
Best Answer
-
CORRECT ANSWERtruckbox
Newbie ✭
I just fixed the issue - I had the WiFi zones I created as Public. I switched them to Trusted and all is working as it should.
0
Answers
"I created two virtual interfaces that are port shielded two x1 - X1:V5 Guest and X1:V6 Devices." Why would you do this if the ports you have the APs on are portshielded to X0?
I was thinking that shielding the WAN would give them internet. Also, those APs do need corp access on X0
thats not how that works...
Portshielding is essentially creating a a group of switchports from one primary interface, thus sharing the network subnet. By portsheilding the WAN what you are doing is saying to the Sonicwall 'these additional ports are also in the WAN, so broadcast all traffic to them too'.
While you can use the firewalls built-in switching fabric, really you should have a separate switch.
Read up on the underlying technology: https://en.wikipedia.org/wiki/Network_switch
https://en.wikipedia.org/wiki/Router_(computing)
I am trying to use the firewalls built in trunking.
Side note - I move the virtual interfaces to X0
X0:V6
X0:V5
So, I guess the question would still be the same now.
To make VLAN ID 5 and 6 work would I just click the Trunked check box on VLAN ID 2?
I'm not 100% sure how Sonicwalls version of trunking works as it seems convoluted and I've never used it. From your description and the KB article, it seems you should be checking the 'Trunked' check box for VLAN 5 & 6 for the X0 interface.
Hi @TRUCKBOX,
Could you please let me know how the UniFi Controller is connected to the SonicWall? I meant to ask, on what port?
If the controller is connected to X0 port, then creating VLAN's under X0 would make sense for the WiFi networks. SonicWall does inter VLAN routing by default so no need to additional trunking on it. Please make sure you have the LAN switch or network switch is configured to pass all VLAN tagged and untagged traffics.
Does SonicWall handles the DHCP scopes for VLAN 5 and 6 subnets? If so, could you check if the clients connecting to these wireless networks can get an IP address before they browse Internet?
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
The controller runs on a server with 4 nics that are connected to the following. Just for clarification - The controller is only used for setup purposes. It does not run. Two nics are connected to switch ports 7, 11, one nic is connected to another switch, the final nic is connected to Sonicwall port 8 (which is portshielded to X0)
Sonicwall does handle VLAN 5 and 6 DHCP. The end users do not receive an IP address. The only WiFI network that works is the LAN - Corp network that receives DHCP from an internal server.
You can keep the Guest Wifi as a public zone on the Sonicwall. That is how I do it.
FYI without the Unifi controller running you wont get statistics and other detailed info from the APs.
Glad you got it working.