04-03-2012 12:14 PM - edited 03-07-2019 05:56 AM
Trunk link not working between 6500 switch and Sonicwall TZ 210 firewall. I'm trying to trunk 2 vlans from 6500 switch to port on sonicwall to allow Internet access to both vlans. All vlans are allowed on trunk link currently and on the Sonicwall interface x0 has IP address 172.16.2.20 with a subinterface with vlan 4 tag and IP 172.16.4.2
Here are the details of what I am trying to configure on the 6500:
vlan 2
name Servers
!
vlan 4
name Workstations&Printers
interface Vlan2
ip address 172.16.2.1 255.255.255.0
!
interface Vlan4
ip address 172.16.4.1 255.255.255.0
interface GigabitEthernet2/1
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
ip route 0.0.0.0 0.0.0.0 172.16.2.20 (IP of SonicWall)
Any help would be greatly appreciated,
Pete
04-03-2012 12:37 PM
Hi Peter,
I've done similar configurations with SonicWalls and various Cisco switches, what exactly is not working?
Can you ping both SonicWall interfaces from the Cisco switch?
Thanks,
Sent from Cisco Technical Support iPhone App
04-03-2012 01:08 PM
Hi Duncan,
Once the port is configured as a trunk I am unable to ping both Sonicwall interfaces from the switch. All inter-vlan communication works on local LAN with no issues. I have the switch setup with a temporary trunk link to the Sonicwall as a test and can switch back to the config I am trying to do in a few hours once it is after hours at the office. Then I can confirm for sure what is pingable from switch and PC.
Thanks,
Pete
04-03-2012 01:52 PM
Just tested pinging my test trunk from the switch and here are the results:
I am unable to ping the main Sonicwall interface IP address from the switch but I am able to ping the vlan sub-interface from the switch.
From a PC when I ping the main Sonicwall interface IP it responds Destination host unreachable and when I try pinging the vlan sub-interface it responds Request timed out.
Pete
04-03-2012 02:21 PM
I am thinking that you should change your static route to
ip route 0.0.0.0 0.0.0.0 172.16.4.2 (IP of SonicWall)
Reason being that is the next hop from your switch to the SonicWall, and your switch will know how to route this traffic over Vlan 4.
04-03-2012 05:10 PM
Tried changing the static route to ip route 0.0.0.0 0.0.0.0 172.16.4.2 but didn't seem to help.
I tested connectivity again and it seems like both switch and PC can ping vlan 4 subinterface but not the ip 172.16.2.20 of the x0 interface on Sonicwall so basically vlan 4 works over trunk but no Internet and vlan 2 does not work over trunk.
04-03-2012 06:41 PM
Stupid Question: Interface is UP/UP?
04-03-2012 06:54 PM
Yeah all interfaces show up up
04-04-2012 12:09 AM
Your interface on the sonicwall in 172.16.2.0/24, does it have any vlan tag?
Cheers,
Sent from Cisco Technical Support iPhone App
04-04-2012 07:53 AM
The Interface on Sonicwall doesn't have a vlan tag. Took a look and I don't see an option to specify a tag for that network.
See attached screeenshots to see the conig of the interfaces on Sonicwall and available options.
Thanks,
Pete
04-04-2012 09:10 AM
Hi Peter,
That explains part of the problem then, if the SonicWALL has no "vlan" tag defined then that interface IP (172.16.2.20) is for Vlan1 (default / Native).
You can rectify the configuration issue with the following command on the trunk, presuming you don't actively use Vlan1 on the trunk:
switchport trunk native vlan 2
This will then tell the switch to place all "untagged" frames into Vlan2 thus allowing you to ping the SonicWALL's interface IP 172.16.2.20 from the switch.
I suspect there may still be more to do before you get the configuration where you want it, but it's a good start.
Give that a try and let us know how you get on.
Thanks,
Duncan.
04-05-2012 11:33 AM
Hi Duncan,
I changed the native vlan on the trunk interface to vlan 2 and was still not able to ping the 172.16.2.20 address from switch or PC. Also I enabled native vlan tagging globally to see if that would help using the command 'vlan dot1q tag native' but that didn't seem to make any difference. I am still only able to ping the vlan subinterface of Sonicwall from switch and PC.
Any other thoughts or suggestions?
Thanks,
Pete
04-05-2012 12:16 PM
Hi Peter,
Did you validate the Stp state on your trunk?
If all Vlan are FWD on it, do you see MAC of your Sonicwall on it?
Pierre
Sent from Cisco Technical Support iPad App
04-05-2012 12:22 PM
Lets start with one vlan......
Can you change your X0 interface to WAN for your zoning? and also you cannot use it as a part of your LAN, so it has to have a different IP address from your LAN subnets.
Once you have vlan 4 going out to the internet then we can look at adding other vlans
04-05-2012 01:08 PM
Point of correction:
Actually Interface X1 interface is the one that is for WAN connectivity....
X0 should be your LAN interface that is connected to the switch.
http://www.sonicwall.com/downloads/SonicWALL_TZ_210_Series_Getting_Started_Guide.pdf
__________________
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide