Highlighted
ENI2006
1 Copper

Sonicwall NS240 and Dell Powerconnect 6248



I need some assistance, since at this point I can’t get my
vlans to do what I want them to do out to the internet from a Dell 6200 L3
switch to a Sonicwall NS 240.

 Vlan 5 data 10.1.5.x/24

Vlan 10 voice 10.1.10.x/24

Internal VLAN routing is working without issue,
and the data vlan is going out the internet as it normally needs to. The
problem is that the Devices on 10.1.10.x network not able to access internet. I worked with
Sonicwall and did a packet capture – Found traffic is coming without the vlan
tag, Sonicwall will accept traffic only if traffic from 10.1.10.x only if
it comes with vlan tag 10. The dell switch is stripping the tag, so it
doesn’t allow the 10.1.10.x network out to the internet. Spoke with dell  support and
they said that what I am trying to do won’t work.

At this point I think I will need to setup a third vlan ( say called access with a 10.1.1.x/30) that connects just the firewall and the dell  layer 3 switch.  Then setup a default route to 10.1.1.2 which is the Sonicwall. Then from the Sonicwall, create the virtual sub interfaces for the 10.1.5.x  and 10.1.10.x networks. Then route back internally.   Then I will have update all my NAT statements on the Sonicwall, etc. I have included the configuration, below currently my sonicwall is connected to port 8 on the dell switch for testing purposes.

Configuration is below, not sure if anyone has done this or gotten this work with this gear. I have done this without issue in a pure Cisco setup, but this is slightly different.

I have tried to connect a variety of setup with using both vlans as tagged, removing the pvid vlan 5, which kills internet completely.  

 

Thanks in Advance.  ENI

configure
vlan database
vlan 5,10
vlan routing 5 1
vlan routing 10 2
exit
hostname

stack
member 1 2
exit
ip address dhcp
ip routing
ip route 0.0.0.0 0.0.0.0 10.1.5.253
interface vlan 5
name "data-vlan"
routing

--More-- or (q)uit
                    

ip address 10.1.5.254 255.255.255.0
exit
interface vlan 10
name "voice-vlan"
routing
ip address 10.1.10.254 255.255.255.0
ip helper-address 10.1.5.11 dhcp
exit
username

aaa authentication login "defaultList" enable
aaa authentication enable "enableList" enable
voice vlan
!
interface ethernet 1/g1
description 'Sonicwall-NSA240'
spanning-tree portfast
switchport access vlan 5
exit
!
interface ethernet 1/g2
description 'Servers'

--More-- or (q)uit
                    

spanning-tree portfast
switchport access vlan 5
exit
!
interface ethernet 1/g3
description 'Servers'
spanning-tree portfast
switchport access vlan 5
exit
!
interface ethernet 1/g4
description 'Servers'
spanning-tree portfast
switchport access vlan 5
exit
!
interface ethernet 1/g5
description 'printers-or-Meraki-devices'
spanning-tree portfast
switchport access vlan 5
exit

--More-- or (q)uit
                    

!
interface ethernet 1/g6
description 'printers-or-Meraki-devices'
spanning-tree portfast
switchport access vlan 5
exit
!
interface ethernet 1/g7
description 'printers-or-Meraki-devices'
spanning-tree portfast
switchport access vlan 5
exit
!
interface ethernet 1/g8 using this for the firewall ns 240 for now
description

spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1

--More-- or (q)uit
                    

exit
!
interface ethernet 1/g9
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g10
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1

--More-- or (q)uit
                    

voice vlan 10
exit
!
interface ethernet 1/g11
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g12
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged

--More-- or (q)uit
                    

switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g13
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g14
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5

--More-- or (q)uit
                    

switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g15
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g16
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5

--More-- or (q)uit
                    

switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g17
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g18
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general

--More-- or (q)uit
                    

switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g19
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g20
classofservice trust ip-dscp
spanning-tree portfast

--More-- or (q)uit
                    

switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g21
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g22
classofservice trust ip-dscp

--More-- or (q)uit
                    

spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g23
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g24

--More-- or (q)uit
                    

classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g25
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!

--More-- or (q)uit
                    

interface ethernet 1/g26
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g27
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit

--More-- or (q)uit
                    

!
interface ethernet 1/g28
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g29
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10

--More-- or (q)uit
                    

exit
!
interface ethernet 1/g30
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g31
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1

--More-- or (q)uit
                    

voice vlan 10
exit
!
interface ethernet 1/g32
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g33
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged

--More-- or (q)uit
                    

switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g34
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g35
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5

--More-- or (q)uit
                    

switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g36
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g37
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5

--More-- or (q)uit
                    

switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g38
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g39
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general

--More-- or (q)uit
                    

switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g40
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g41
classofservice trust ip-dscp
spanning-tree portfast

--More-- or (q)uit
                    

switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g42
classofservice trust ip-dscp
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g43
classofservice trust ip-dscp

--More-- or (q)uit
                    

spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5
switchport general allowed vlan add 10 tagged
switchport general allowed vlan remove 1
voice vlan 10
exit
!
interface ethernet 1/g44
description 'Shoretel-voice-equipment'
switchport access vlan 10
exit
!
interface ethernet 1/g45
description 'Shoretel-voice-equipment'
switchport access vlan 10
exit
!
interface ethernet 1/g46
description 'Shoretel-voice-equipment'

--More-- or (q)uit
                    

switchport access vlan 10
exit
!
interface ethernet 1/g47
description 'Shoretel-voice-equipment'
switchport mode trunk
switchport trunk allowed vlan add 5,10
exit
!
interface ethernet 1/g48
description 'Telepacifc-MPLS-voice-router'
switchport mode general
switchport general allowed vlan add 5,10 tagged

0 Kudos