08-16-2013 02:28 AM - edited 03-07-2019 02:58 PM
Hi,
I am new the Vlan configuration. Recently I have purchase cisco L3. I want my sonicwall to be the primary L3 routing. We have around 2000 users. Users need to be get ip from sonicwall(DHCP).
My ip plan is as below.
Sonicwall Ip : 10.10.20.1
Cisco 3560 Management Vlan1 ip : 10.10.20.2
Vlan 10 : 10.10.0.1/255.255.252.0
Vlan 20 : 10.20.0.1/255.255.254.0
Vlan 30 : 10.30.0.1/255.255.254.0
vlan 40 : 10.40.0.1/255.255.252.0
Vlan 50 : 10.50.0.1/255.255.255.254.0
Vlan 60 10.60.0.1/255.255.255.0
Vlan 70 ip : 10.70.0.1/255.255.254.0
Vlan 80 : 10.80.0.1/255.255.254.0
All Vlan port will connected to respective building L2 switch( like Vlan 10 Port 1 connected to Academic building cisco L2 switch, Vlan 20 port 2 connected to mechanical building L2 et.,) I have 8 access points. It connected to L2 switches. Access point controller connected to L3 switch. User will be get ip from sonicwall.
How can I configure L3 and L2 switch? Pl guide.
Thanks.
08-21-2013 05:35 AM
hi,
i had done all configuration, now all Vlan is working fine and VLan users able to get internet. Now my problem is sonicwall did't get any VLAN ARP entry except 10.10.20.x. I had talk to sonicwall expert, he say need to be check & configure at Cisco L3 then only ARP entry wiill catch Sonicwall. Can you please tell me how can i configure at L3.
Thanks.
08-21-2013 10:03 PM
Hi Vinish,
Can you please show me the VLAN ARP configuration description so that i can resolve your issue.
Thanks and regards,
Chandhuru.M
08-21-2013 10:19 PM
Hi Chandhur,
pl see the L3 configuration.
User Access Verification
Switch#sh run
Building configuration...
Current configuration : 6453 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$rv8J$rIMAenBP8yMbdlr2HbFPM.
!
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
!
!
crypto pki trustpoint TP-self-signed-1787939840
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1787939840
revocation-check none
rsakeypair TP-self-signed-1787939840
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface GigabitEthernet0/3
shutdown
!
interface GigabitEthernet0/4
shutdown
!
interface GigabitEthernet0/5
shutdown
!
interface GigabitEthernet0/6
shutdown
!
interface GigabitEthernet0/7
shutdown
!
interface GigabitEthernet0/8
shutdown
!
interface GigabitEthernet0/9
shutdown
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
description connected to Academic Building L2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/12
description connected to Mechanical building L2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90
switchport mode trunk
!
interface GigabitEthernet0/13
description connected to admin L2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90
switchport mode trunk
!
interface GigabitEthernet0/14
description connected to Diploma
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90
switchport mode trunk
!
interface GigabitEthernet0/15
description connected to MBA
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90
switchport mode trunk
!
interface GigabitEthernet0/16
description connected to Workshop L2
switchport access vlan 60
switchport mode access
!
interface GigabitEthernet0/17
description connected to E&TC
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet0/18
description connected to Computer
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet0/19
description connected to AP controloer
switchport mode access
!
interface GigabitEthernet0/20
description connected to Test switch
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/21
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90
switchport mode trunk
!
interface GigabitEthernet0/23
description connected to E5500
switchport mode access
!
interface GigabitEthernet0/24
Shutdown
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
ip address 10.10.20.2 255.255.255.0
no ip mroute-cache
!
interface Vlan10
ip address 10.10.0.1 255.255.252.0
ip helper-address 10.10.20.1
!
interface Vlan20
ip address 10.20.0.1 255.255.254.0
ip helper-address 10.10.20.1
!
interface Vlan30
ip address 10.30.0.1 255.255.254.0
ip helper-address 10.10.20.1
!
interface Vlan40
ip address 10.40.0.1 255.255.252.0
ip helper-address 10.10.20.1
!
interface Vlan50
ip address 10.50.0.1 255.255.254.0
ip helper-address 10.10.20.1
!
interface Vlan60
ip address 10.60.0.1 255.255.255.0
ip helper-address 10.10.20.1
!
interface Vlan70
ip address 10.70.0.1 255.255.254.0
ip helper-address 10.10.20.1
!
interface Vlan80
ip address 10.80.0.1 255.255.254.0
ip helper-address 10.10.20.1
!
interface Vlan90
ip address 10.90.0.1 255.255.255.0
ip helper-address 10.10.20.1
!
ip default-gateway 10.10.20.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.20.1
ip http server
ip http secure-server
!
snmp-server community public RO R0
!
!
line con 0
line vty 0 4
password
login
line vty 5 15
password
login
!
end
Switch#
08-22-2013 11:32 PM
Dear Vinish,
You made right configuration over in L3 switch. Once again check out the L2 switch configuration. I thought the problem over in Sonic wall.
Thanks and regards,
Chandhuru.M
08-22-2013 11:51 PM
Dear Chandhuru,
Thanks for your reply, i have attched my sonicwall ARP configuraion. pl see
08-23-2013 12:24 AM
Dear Vinish,
Can you able to get VLAN ARP description in L3 switch. Using 'sh arp' command to get it and make sure the L3 switch could able to get ARP description. Let me know.
Thanks and regards,
Chandhuru.M
08-23-2013 12:29 AM
Dear Chandhuru,
i am able to get VLAN ARP in L3. but my issue is i need to get same as my sonicwall, so that i can do Mac finding.
Switch#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.80.1.91 22 6c62.6da3.1766 ARPA Vlan80
Internet 10.50.0.56 59 4437.e661.c0c0 ARPA Vlan50
Internet 10.70.1.77 6 0011.11c6.ca00 ARPA Vlan70
Internet 10.20.0.30 0 6c62.6d8c.588f ARPA Vlan20
Internet 10.80.0.91 8 4437.e661.2315 ARPA Vlan80
Internet 10.50.0.57 4 4437.e661.d520 ARPA Vlan50
Internet 10.30.1.20 107 0025.111b.da42 ARPA Vlan30
Internet 10.70.0.77 5 d43d.7ead.38ce ARPA Vlan70
Internet 10.20.1.30 8 6c62.6d8f.217e ARPA Vlan20
Internet 10.10.0.1 - 6c41.6a91.cc41 ARPA Vlan10
Internet 10.20.0.28 120 d43d.7e12.cbd2 ARPA Vlan20
Internet 10.30.1.23 134 d43d.7e12.cb17 ARPA Vlan30
Internet 10.80.0.88 123 6c62.6da3.1765 ARPA Vlan80
Internet 10.20.1.28 31 8c89.a5f6.72bf ARPA Vlan20
Internet 10.30.0.23 0 001f.d033.06da ARPA Vlan30
Internet 10.80.1.88 12 8c89.a5f6.7230 ARPA Vlan80
Internet 10.80.1.95 3 001f.d034.3163 ARPA Vlan80
Internet 10.80.0.95 0 d43d.7ead.3ed1 ARPA Vlan80
Internet 10.10.0.5 5 6c62.6d8c.538b ARPA Vlan10
Internet 10.80.1.93 111 4061.8663.6373 ARPA Vlan80
Internet 10.10.0.6 0 e839.35b0.684a ARPA Vlan10
Internet 10.80.0.93 3 4061.8663.6368 ARPA Vlan80
Internet 10.10.0.7 0 0021.5a5d.2c94 ARPA Vlan10
Internet 10.30.0.28 61 001f.d034.36de ARPA Vlan30
Internet 10.20.1.23 100 d43d.7e12.cad5 ARPA Vlan20
Internet 10.40.2.40 3 4437.e667.f84c ARPA Vlan40
Internet 10.80.0.82 3 4437.e668.1cd1 ARPA Vlan80
Internet 10.10.0.8 0 6c62.6da6.9735 ARPA Vlan10
Internet 10.10.1.8 16 001f.d031.9f05 ARPA Vlan10
Internet 10.30.1.28 27 001f.d030.622f ARPA Vlan30
Internet 10.20.0.23 6 d43d.7e12.cb22 ARPA Vlan20
Internet 10.80.1.82 0 d43d.7e12.cbdb ARPA Vlan80
Internet 10.10.0.9 32 0017.6110.933c ARPA Vlan10
Internet 10.10.2.8 72 8c89.a5f6.7033 ARPA Vlan10
Internet 10.50.0.50 0 4437.e661.c110 ARPA Vlan50
Internet 10.70.1.71 3 6c62.6da3.171e ARPA Vlan70
Internet 10.20.1.20 29 8c89.a5f6.726e ARPA Vlan20
08-23-2013 12:45 AM
Dear Vinish,
So that, from your post i came to know that L3 switch can able get ARP description and also L3 communicate with sonicwall. It means internet can be passing through the sonicwall and L3 to all VLANs so problem is not in L3 configuration.
My thought was sonicwall can able to get management VLANs ARP description only. It cant able to get the other VLANs ARP description. Just verify with your soniwall expert.
Thanks and regards,
Chandhuru.M
08-23-2013 12:53 AM
Dear Chandhuru,
Thanks for your reply, i will talk to them & let you know.
03-07-2014 01:45 AM
Hi,
i want stop intervlan comunication between Vlan70 and all Vlans. how will i do that. pl guid
02-09-2021 06:43 PM
Hi All...
I have cisco 3650 switch. I have configured the vlan 10 and vlan 20 at the moment.
I also assigned port gi1/0/24 10.8.2.2 and connect to my Primary Sonicwall 10.8.2.1
And from my Primary Sonicwall connected to my ISP.
All the above have successfully connected to internet and able to communicate within the vlan.
I have another Secondary Sonicwall and already set as HA to my Primary Sonicwall. (Done & successfull)
But now i need to connect to my Secondary Sonicwall to my switch 3650 (the same switch as above) to port gi1/0/23.
How can i configure on that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide