6 replies to this topic

[riot]

I'm new to the whole managed switches thing, so I am completely lost right now. I have two buildings that are right next to each other, they are connected by fiber. The fiber terminates into unmanaged switches on both ends. This keeps the workstations/servers in both buildings connected to each other. Internet comes into one building, and we use an NSA 240 as our router/firewall. We have one SonicPoint connected directly to the NSA to provide wireless, there are two SSIDs (corporate and guest) broadcasting from the SonicPoint. Now we need to put two SonicPoints in the other building. I purchased two Dell PowerConnect 5524 switches thinking that we could use VLANs to connect the two new SonicPoints to the NSA. The SonicPoints need to be directly connected to a port on the NSA, I am thinking I could use VLAN's to trick the SonicPoints into thinking they are directly connected to the NSA. I figured I'd put one 5524 into each building, plug the fiber into each to connect the building, and then set up VLANs for workstation traffic and SonicPoint traffic. Problem is, I have no idea where to start. I've looked over the documentation multiple times, but I'm confused about access vs general vs trunk and native VLANs and PVIDs and everything else. Can someone please point me in the right direction? Thanks!

[Zinomian]

The sonicpoints need to be connected to the wlan port (which could by any port!), at this point if you want to allow wlan traffic to the lan, you have to bridge the two ports, and have ALL of your sonicpoints connected to a switch which connects to the wlan. You cannot and will not be able to use ANY sonicpoint on the LAN segment. A firmware update I believe will make the sonicpoints in the future become regular APs and be use on the LAN segment, but until then you have to use them on the wlan segment.

[+BudMan]

Not sure why you think you needed to introduce vlans for?

from the sonicpoint deployment guide

Layer 2 and Layer 3 considerations for SonicPoints
SonicWALL uses two proprietary protocols (SDP and SSPP) and both *cannot* be routed across any layer 3 device. Any SonicPoint that will be deployed must have an Ethernet connection back to the provisioning SonicWALL UTM appliance, in the same broadcast domain/network.

SonicWALL UTM appliance must have interface or sub-interface in same VLAN/broadcast domain as SonicPoint.

SonicPoints must be able to reach the DHCP scope on the SonicWALL; make sure other DHCP servers are not present on VLAN/broadcast domain.

Sharing SSIDs across SonicPoints attached to multiple interfaces may case connectivity issues as wireless client roams to different SonicPoint subnet.

From how you have described your network, your devices are all on the same broadcast domain. You should be able to plug your new sonicpoints into any port on the switch(es) in the other building without issue.

You do not need to use vlans from what I can see.

[riot]

The sonicpoints need to be connected to the wlan port (which could by any port!), at this point if you want to allow wlan traffic to the lan, you have to bridge the two ports, and have ALL of your sonicpoints connected to a switch which connects to the wlan. You cannot and will not be able to use ANY sonicpoint on the LAN segment. A firmware update I believe will make the sonicpoints in the future become regular APs and be use on the LAN segment, but until then you have to use them on the wlan segment.

Currently the one SonicPoint is connected to the WLAN port, and we've bridged it to the LAN port so people on the corporate SSID can access servers/etc. But now I need to connect two more SonicPoints in the building across the street. Because I cannot physically plug the two SonicPoints into the back of the NSA, I need to find a way fool them into thinking they are.

Not sure why you think you needed to introduce vlans for?

from the sonicpoint deployment guide

Layer 2 and Layer 3 considerations for SonicPoints
SonicWALL uses two proprietary protocols (SDP and SSPP) and both *cannot* be routed across any layer 3 device. Any SonicPoint that will be deployed must have an Ethernet connection back to the provisioning SonicWALL UTM appliance, in the same broadcast domain/network.

SonicWALL UTM appliance must have interface or sub-interface in same VLAN/broadcast domain as SonicPoint.

SonicPoints must be able to reach the DHCP scope on the SonicWALL; make sure other DHCP servers are not present on VLAN/broadcast domain.

Sharing SSIDs across SonicPoints attached to multiple interfaces may case connectivity issues as wireless client roams to different SonicPoint subnet.

From how you have described your network, your devices are all on the same broadcast domain. You should be able to plug your new sonicpoints into any port on the switch(es) in the other building without issue.

You do not need to use vlans from what I can see.

I think this isn't working for us because we've bridged the wireless and lan ports on the NSA unit.

[+BudMan]

If you have bridged the wlan to lan, then you can plug into any lan port. If you connect to other dumb switches, you could connect to any of them. Your on one big dumb broadcast domain. So you can plug in anything anywhere and get anywhere that is plugged into any other port on any of the switches, etc.

So again I am no seeing where you need to setup vlans, or what this is going to do - since you don't have any setup now.

No where in the guide does it say you have to be directly connected to anything, nor does setting up a vlan accomplish that even if did.

I am looking at the picture of the nsa 240 -- where is this WLAN port you talk about? Says it can support up to 16 sonicpoints - it clearly does not have 16 ports So not sure what you are talking about with a WLAN port

[riot]

The individual ports are "programmable", so you can define a port as WAN, LAN, WLAN, etc. In our case, port X6 is the WLAN port, it's bridged to X0 (the LAN port). Port X6 also has a VLAN so we can have two SSIDs running off one SonicPoint.

[riot]

Just wanted to come back and let everyone know that I got this to work. I had to set up the same VLAN's on the switches that were created in the Sonicwall, and then trunk the switch to the Sonicwall. Created access ports for the SonicPoints and was good to go. Thanks for the help everyone!