cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4425
Views
45
Helpful
22
Replies

6500 trunk to Sonicwall not working

petedachelet
Level 1
Level 1

Trunk link not working between 6500 switch and Sonicwall TZ 210 firewall.  I'm trying to trunk 2 vlans from 6500 switch to port on sonicwall to allow Internet access to both vlans.  All vlans are allowed on trunk link currently and on the Sonicwall interface x0 has IP address 172.16.2.20 with a subinterface with vlan 4 tag and IP 172.16.4.2

Here are the details of what I am trying to configure on the 6500:

vlan 2

name Servers

!

vlan 4

name Workstations&Printers

interface Vlan2

ip address 172.16.2.1 255.255.255.0

!

interface Vlan4

ip address 172.16.4.1 255.255.255.0

interface GigabitEthernet2/1

no ip address

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

ip route 0.0.0.0 0.0.0.0 172.16.2.20  (IP of SonicWall)

Any help would be greatly appreciated,

Pete

22 Replies 22

DuncanM2008
Level 1
Level 1

Hi Peter,

I've done similar configurations with SonicWalls and various Cisco switches, what exactly is not working?

Can you ping both SonicWall interfaces from the Cisco switch?

Thanks,

Sent from Cisco Technical Support iPhone App

Hi Duncan,

Once the port is configured as a trunk I am unable to ping both Sonicwall interfaces from the switch.  All inter-vlan communication works on local LAN with no issues.  I have the switch setup with a temporary trunk link to the Sonicwall as a test and can switch back to the config I am trying to do in a few hours once it is after hours at the office.  Then I can confirm for sure what is pingable from switch and PC.

Thanks,

Pete

Just tested pinging my test trunk from the switch and here are the results:

I am unable to ping the main Sonicwall interface IP address from the switch but I am able to ping the vlan sub-interface from the switch.

From a PC when I ping the main Sonicwall interface IP it responds Destination host unreachable and when I try pinging the vlan sub-interface it responds Request timed out.

Pete

I am thinking that you should change your static route to

ip route 0.0.0.0 0.0.0.0 172.16.4.2   (IP of SonicWall)

Reason being that is the next hop from your switch to the SonicWall, and your switch will know how to route this traffic over Vlan 4.

Tried changing the static route to ip route 0.0.0.0 0.0.0.0 172.16.4.2 but didn't seem to help.

I tested connectivity again and it seems like both switch and PC can ping vlan 4 subinterface but not the ip 172.16.2.20 of the x0 interface on Sonicwall so basically vlan 4 works over trunk but no Internet and vlan 2 does not work over trunk.

Leo Laohoo
Hall of Fame
Hall of Fame

Stupid Question:  Interface is UP/UP?

Yeah all interfaces show up up

Your interface on the sonicwall in 172.16.2.0/24, does it have any vlan tag?

Cheers,

Sent from Cisco Technical Support iPhone App

The Interface on Sonicwall doesn't have a vlan tag.  Took a look and I don't see an option to specify a tag for that network.

See attached screeenshots to see the conig of the interfaces on Sonicwall and available options.

Thanks,

Pete

Hi Peter,

That explains part of the problem then, if the SonicWALL has no "vlan" tag defined then that interface IP (172.16.2.20) is for Vlan1 (default / Native).

You can rectify the configuration issue with the following command on the trunk, presuming you don't actively use Vlan1 on the trunk:

switchport trunk native vlan 2

This will then tell the switch to place all "untagged" frames into Vlan2 thus allowing you to ping the SonicWALL's interface IP 172.16.2.20 from the switch.

I suspect there may still be more to do before you get the configuration where you want it, but it's a good start.

Give that a try and let us know how you get on.

Thanks,

Duncan.

Hi Duncan,

I changed the native vlan on the trunk interface to vlan 2 and was still not able to ping the 172.16.2.20 address from switch or PC. Also I enabled native vlan tagging globally to see if that would help using the command 'vlan dot1q tag native' but that didn't seem to make any difference.  I am still only able to ping the vlan subinterface of Sonicwall from switch and PC.

Any other thoughts or suggestions?

Thanks,

Pete

Hi Peter,

Did you validate the Stp state on your trunk?

If all Vlan are FWD on it, do you see MAC of your Sonicwall on it?

Pierre

Sent from Cisco Technical Support iPad App

Lets start with one vlan......

Can you change your X0 interface to WAN for your zoning? and also you cannot use it as a part of your LAN, so it has to have a different IP address from your LAN subnets.

Once you have vlan 4 going out to the internet then we can look at adding other vlans

Point of correction:

Actually Interface X1 interface is the one that is for WAN connectivity....

X0 should be your LAN interface that is connected to the switch.

http://www.sonicwall.com/downloads/SonicWALL_TZ_210_Series_Getting_Started_Guide.pdf

__________________

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco