Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Vlan Configuration between Cisco and Sonicwall

Hi,

I am new the Vlan configuration. Recently I have purchase cisco L3. I want my sonicwall  to be the primary L3 routing. We have around 2000 users. Users need to be get ip from sonicwall(DHCP).

My ip plan is as below.

Sonicwall Ip : 10.10.20.1

Cisco 3560 Management Vlan1 ip : 10.10.20.2

Vlan 10 : 10.10.0.1/255.255.252.0

Vlan 20  : 10.20.0.1/255.255.254.0

Vlan 30  : 10.30.0.1/255.255.254.0

vlan 40 : 10.40.0.1/255.255.252.0

Vlan 50  : 10.50.0.1/255.255.255.254.0

Vlan 60 10.60.0.1/255.255.255.0

Vlan 70 ip : 10.70.0.1/255.255.254.0

Vlan 80 : 10.80.0.1/255.255.254.0

All Vlan port will connected to respective building L2 switch(  like Vlan 10 Port 1 connected to Academic building cisco L2 switch, Vlan 20 port 2 connected to mechanical building L2 et.,) I have 8 access points. It connected to L2 switches. Access point controller connected to L3 switch. User will be get ip from sonicwall.

How can I configure L3 and L2 switch? Pl guide.

Thanks.

24 REPLIES

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

You'll need to have routing enabled to route between vlans with the "ip routing" command. (It may be on by default on the 3560X.) You'll need to create L3 svis to attach to the vlans on the switch after you create the vlans:

vlan 10

vlan 20

etc.

int vlan 10

ip address 10.10.0.1 255.255.252.0

no shut

int

switchport mode access

switchport access vlan 10

You can do this for all of the vlans. To get dhcp, let's assume the main dhcp server is on vlan 10. On every other vlan interface you would add "ip helper-address ". For example, if you dhcp server was 10.10.0.100, then on vlan 20, you would have a scope on the dhcp server for the 10.20.0.0 subnet. Then on the svi, you would add:

int vlan 20

ip helper-address 10.10.0.100

Technically, you won't need to do anything with vlans on the sonicwall. You just need to route back to the 3560 for all of your subnets, and you can do that with a static route or ospf/rip if the Sonicwall supports that. I would recommend ospf if you have the option....

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Thanks your reply John,

As per the Sonicwall guidence i have done the below configuration at L3, now all vlan is working and users get respetive ips, i have connected Access point controler to port no 15. The problem is cant communication between access point controler and access point(except Admin building Access point, which is connected to vlan 30).  Kindly guide me.

User Access Verification

Password:

Switch>en

Password:

Switch#sh run

Building configuration...

Current configuration : 4393 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$rv8J$rIMAenBP8yMbdlr2HbFPM.

!

!

!

no aaa new-model

system mtu routing 1500

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

!

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0

no ip address

shutdown

!

interface GigabitEthernet0/1

switchport access vlan 10

spanning-tree portfast

!

interface GigabitEthernet0/2

switchport access vlan 20

spanning-tree portfast

!

interface GigabitEthernet0/3

switchport access vlan 30

spanning-tree portfast

!

interface GigabitEthernet0/4

switchport access vlan 40

spanning-tree portfast

!

interface GigabitEthernet0/5

switchport access vlan 50

spanning-tree portfast

!

interface GigabitEthernet0/6

switchport access vlan 60

spanning-tree portfast

!

interface GigabitEthernet0/7

switchport access vlan 70

spanning-tree portfast

!

interface GigabitEthernet0/8

switchport access vlan 80

spanning-tree portfast

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

!

interface GigabitEthernet0/11

!

interface GigabitEthernet0/12

!

interface GigabitEthernet0/13

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

switchport access vlan 30

spanning-tree portfast

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

description trunk link to sonicwall

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

no cdp enable

spanning-tree portfast

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface GigabitEthernet1/3

!

interface GigabitEthernet1/4

!

interface TenGigabitEthernet1/1

!

interface TenGigabitEthernet1/2

!

interface Vlan1

ip address 10.10.20.2 255.255.255.0

no ip route-cache

no ip mroute-cache

!

ip default-gateway 10.10.20.1

ip classless

ip http server

ip http secure-server

!

snmp-server community public RO R0

!

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

Switch#

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

i did'not see any vlan in your config

you must create all vlan

interface valn 10

IP address ?

no shut

intterface vlan 20

ip address ?

no shut

interface vlan 30

ip address ?

no shut

also check from

sh ip int brief

all vlan exist are up if its not up that means its down .

Jawad

Jawad

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

In order to route out of the vlan (port 15 being an access port), you'll need to have an svi attached to the vlan. Create a vlan 30 interface (int vlan 30) and assign the respective address to it. Make sure that you change the devices on that vlan to use the interface vlan 30's ip address as their default gateway.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

thanks,

can you provide me full command, so that i can configure the same and resolve this proble,

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

On L3 Switch Configure These vlans as below

interface vlan 1

ip address 10.10.20.1 255.255.255.0

no shut

interface vlan 10

ip address 10.10.0.1 255.255.255.252.0

no shut

interface vlan 20

ip address 10.20.0.1 255.255.254.0

no shut

interface vlan 30

10.30.0.1 255.255.255.254.0

no shut

interface vlan 40

ip address 10.40.0.1 255.255.252.0

no shut

interface vlan 50

ip adress 10.50.0.1 255.255.255.254.0

no shut

interface vlan 60

ip adddress 10.60.0.1 255.255.255.255.0

no shut

interface vlan 70

ip adress 10.70.0.1 255.255.254.0

no shut

interface vlan 80

ip address 10.80.0.1 255.255.255.254.0

no shut

VLAN 1

name  Management

Vlan 10

name Academic

Vlan 20

name Mechanical

Vlan 30

name Admin

Vlan 40

name Diploma

Vlan 50

name MBA

Vlan 60

name Workshop

Vlan 70

name E&TC

Vlan 80

name Computer

ip routing

interface fastethernet 0/24

***Description Connected to Academic Building Switch ***

switchport trunk encapsulation dot1q

switchport mode trunk

switchprot trunk allowed vlan 1,10,20,30,40,50,60.70,80

interface fasterthernet 0/23

***Description Connected to Mechanical Building Switch ***

switchport trunk encapsulation dot1q

switchport mode trunk

switchprot trunk allowed vlan 1,10,20,30,40,50,60.70,80

interface fasterthernet 0/22

***Description Connected to Access Point Switch ***

switchport trunk encapsulation dot1q

switchport mode trunk

switchprot trunk allowed vlan 1,10,20,30,40,50,60.70,80

interface fasterthernet 0/20

***Description Connect to SonicFW ***

switchport mode access

switchprot access vlan 1

L2 Switch Configuration will be same for all l2 switches

interface vlan 1

ip address 10.10.20.5 255.255.255.0 (for management purpose just change ip on other L2 Switches)

no shut

interface vlan 10

no shut

interface vlan 20

no shut

interface vlan 30

no shut

interface vlan 40

no shut

interface vlan 50

no shut

interface vlan 60

no shut

interface vlan 70

no shut

interface vlan 80

no shut

VLAN 1

name  Management

Vlan 10

name Academic

Vlan 20

name Mechanical

Vlan 30

name Admin

Vlan 40

name Diploma

Vlan 50

name MBA

Vlan 60

name Workshop

Vlan 70

name E&TC

Vlan 80

name Computer

ip defaul-gateway 10.10.20.2

interface fastethernet 0/24

*** Description will be contted to l3 Switch***

switchport mode trunk

switchprot trunk allowed vlan 1,10,20,30,40,50,60.70,80

Now Keep IN mind

all respective clients that belong vlan

1,10,20,30,40,50,60.70,80

gateway will be their respective vlan that u have created for each client on l3 Switch

e.g

vlan 10 client

gateway will be L3 Switch vlan  IP

10.10.0.1

vlan 20 cleint

gateway will be l3 switch vlan ip

10.20.0.1

etc... like dat

***Do Rate All Helpful Posts***

Jawad

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Adding

L2 Switches if u want to assing interface to vlan

just go under that interface

interface fastethernet 0/1

switchport modes access

switchport access vlan x (which ever u want to assign)

Jawad

Jawad
New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Thanks for your support, i will configure and let you know.

New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Hi,

thanks for your support, i like to be add the below DHCP on my sonicwall and user will need to be get this scope from sonicwall, can you pl tell how can i configure at L3?

10.10.0.21 - 10.10.3.254

10.20.0.21 - 10.20.1.254

10.30.0.21 - 10.30.1.254

10.40.0.21 - 10.40.3.254   

10.50.0.21 - 10.50.1.254

10.60.0.21 - 10.60.0.254

10.70.0.21 - 10.70.1.254

10.80.0.21 - 10.80.1.254

Hall of Fame Super Gold

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Wrong forum, post in "LAN and switching". You can move your posting using the Actions panel on the right.

New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

i have move this forum to Lan & switching.

New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Does anyone have any advice on how to get my VLANs connected to the internet?

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

vinish u have not provided feedback of above configuration which i provided.

for internet to work u will have to add default route in your 3560

ip route 0.0.0.0 0.0.0.0 (next ho gateway Internet Device IP)

****Do Rate All Helpful Posts****

Jawad

Jawad
New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Hi, Jawad, your configuration is very very helpful for me and my team, thanks for your helpful support. i have done all configuration on L3 & sonicwall, now user able to get respective VLan ip & internet. i need your support always. once again thanks.

New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

hi,

i had done all configuration, now all Vlan is working fine and VLan users able to get internet. Now my problem is sonicwall did't get any VLAN ARP entry except 10.10.20.x. I had talk to sonicwall expert, he say need to be check & configure at Cisco L3 then only ARP entry wiill catch Sonicwall. Can you please tell me how can i configure at L3.

Thanks.

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Hi Vinish,

     Can you please show me the VLAN ARP configuration description so that i can resolve your issue.

Thanks and regards,

Chandhuru.M

Thanks and regards, Chandhuru.M
New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Hi Chandhur,

pl see the L3 configuration.

User Access Verification

Switch#sh run

Building configuration...

Current configuration : 6453 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$rv8J$rIMAenBP8yMbdlr2HbFPM.

!

!

!

no aaa new-model

system mtu routing 1500

ip routing

!

!

!

!

crypto pki trustpoint TP-self-signed-1787939840

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1787939840

revocation-check none

rsakeypair TP-self-signed-1787939840

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

!

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0

shutdown

!

interface GigabitEthernet0/1

shutdown

!

interface GigabitEthernet0/2

shutdown

!

interface GigabitEthernet0/3

shutdown

!

interface GigabitEthernet0/4

shutdown

!

interface GigabitEthernet0/5

shutdown

!

interface GigabitEthernet0/6

shutdown

!

interface GigabitEthernet0/7

shutdown

!

interface GigabitEthernet0/8

shutdown

!

interface GigabitEthernet0/9

shutdown

!

interface GigabitEthernet0/10

!

interface GigabitEthernet0/11

description connected to Academic Building L2

switchport access vlan 10

switchport mode access

!

interface GigabitEthernet0/12

description connected to Mechanical building L2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90

switchport mode trunk

!

interface GigabitEthernet0/13

description connected to admin L2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90

switchport mode trunk

!

interface GigabitEthernet0/14

description connected to Diploma

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90

switchport mode trunk

!

interface GigabitEthernet0/15

description connected to MBA

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90

switchport mode trunk

!

interface GigabitEthernet0/16

description connected to Workshop L2

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet0/17

description connected to E&TC

switchport access vlan 70

switchport mode access

!

interface GigabitEthernet0/18

description connected to Computer

switchport access vlan 80

switchport mode access

!

interface GigabitEthernet0/19

description connected to AP controloer

switchport mode access

!

interface GigabitEthernet0/20

description connected to Test switch

switchport access vlan 90

switchport mode access

!

interface GigabitEthernet0/21

switchport access vlan 90

switchport mode access

!

interface GigabitEthernet0/22

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,30,40,50,60,70,80,90

switchport mode trunk

!

interface GigabitEthernet0/23

description connected to E5500

switchport mode access

!

interface GigabitEthernet0/24

Shutdown

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface GigabitEthernet1/3

!

interface GigabitEthernet1/4

!

interface TenGigabitEthernet1/1

!

interface TenGigabitEthernet1/2

!

interface Vlan1

ip address 10.10.20.2 255.255.255.0

no ip mroute-cache

!

interface Vlan10

ip address 10.10.0.1 255.255.252.0

ip helper-address 10.10.20.1

!

interface Vlan20

ip address 10.20.0.1 255.255.254.0

ip helper-address 10.10.20.1

!

interface Vlan30

ip address 10.30.0.1 255.255.254.0

ip helper-address 10.10.20.1

!

interface Vlan40

ip address 10.40.0.1 255.255.252.0

ip helper-address 10.10.20.1

!

interface Vlan50

ip address 10.50.0.1 255.255.254.0

ip helper-address 10.10.20.1

!

interface Vlan60

ip address 10.60.0.1 255.255.255.0

ip helper-address 10.10.20.1

!

interface Vlan70

ip address 10.70.0.1 255.255.254.0

ip helper-address 10.10.20.1

!

interface Vlan80

ip address 10.80.0.1 255.255.254.0

ip helper-address 10.10.20.1

!

interface Vlan90

ip address 10.90.0.1 255.255.255.0

ip helper-address 10.10.20.1

!

ip default-gateway 10.10.20.1

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.20.1

ip http server

ip http secure-server

!

snmp-server community public RO R0

!

!

line con 0

line vty 0 4

password

login

line vty 5 15

password

login

!

end

Switch#

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Dear Vinish,

     You made right configuration over in L3 switch. Once again check out the L2 switch configuration. I thought the problem over in Sonic wall.

Thanks and regards,

Chandhuru.M

Thanks and regards, Chandhuru.M
New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Dear Chandhuru,

Thanks for your reply, i have attched my sonicwall ARP configuraion. pl see

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Dear Vinish,

     Can you able to get VLAN ARP description in L3 switch. Using 'sh arp' command to get it and make sure the L3 switch could able to get ARP description. Let me know.

Thanks and regards,

Chandhuru.M

Thanks and regards, Chandhuru.M
New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Dear Chandhuru,

        i am able to get VLAN ARP in L3. but my issue is i need to get same as my sonicwall, so that i can do Mac finding.

Switch#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.80.1.91             22   6c62.6da3.1766  ARPA   Vlan80

Internet  10.50.0.56             59   4437.e661.c0c0  ARPA   Vlan50

Internet  10.70.1.77              6   0011.11c6.ca00  ARPA   Vlan70

Internet  10.20.0.30              0   6c62.6d8c.588f  ARPA   Vlan20

Internet  10.80.0.91              8   4437.e661.2315  ARPA   Vlan80

Internet  10.50.0.57              4   4437.e661.d520  ARPA   Vlan50

Internet  10.30.1.20            107   0025.111b.da42  ARPA   Vlan30

Internet  10.70.0.77              5   d43d.7ead.38ce  ARPA   Vlan70

Internet  10.20.1.30              8   6c62.6d8f.217e  ARPA   Vlan20

Internet  10.10.0.1               -   6c41.6a91.cc41  ARPA   Vlan10

Internet  10.20.0.28            120   d43d.7e12.cbd2  ARPA   Vlan20

Internet  10.30.1.23            134   d43d.7e12.cb17  ARPA   Vlan30

Internet  10.80.0.88            123   6c62.6da3.1765  ARPA   Vlan80

Internet  10.20.1.28             31   8c89.a5f6.72bf  ARPA   Vlan20

Internet  10.30.0.23              0   001f.d033.06da  ARPA   Vlan30

Internet  10.80.1.88             12   8c89.a5f6.7230  ARPA   Vlan80

Internet  10.80.1.95              3   001f.d034.3163  ARPA   Vlan80

Internet  10.80.0.95              0   d43d.7ead.3ed1  ARPA   Vlan80

Internet  10.10.0.5               5   6c62.6d8c.538b  ARPA   Vlan10

Internet  10.80.1.93            111   4061.8663.6373  ARPA   Vlan80

Internet  10.10.0.6               0   e839.35b0.684a  ARPA   Vlan10

Internet  10.80.0.93              3   4061.8663.6368  ARPA   Vlan80

Internet  10.10.0.7               0   0021.5a5d.2c94  ARPA   Vlan10

Internet  10.30.0.28             61   001f.d034.36de  ARPA   Vlan30

Internet  10.20.1.23            100   d43d.7e12.cad5  ARPA   Vlan20

Internet  10.40.2.40              3   4437.e667.f84c  ARPA   Vlan40

Internet  10.80.0.82              3   4437.e668.1cd1  ARPA   Vlan80

Internet  10.10.0.8               0   6c62.6da6.9735  ARPA   Vlan10

Internet  10.10.1.8              16   001f.d031.9f05  ARPA   Vlan10

Internet  10.30.1.28             27   001f.d030.622f  ARPA   Vlan30

Internet  10.20.0.23              6   d43d.7e12.cb22  ARPA   Vlan20

Internet  10.80.1.82              0   d43d.7e12.cbdb  ARPA   Vlan80

Internet  10.10.0.9              32   0017.6110.933c  ARPA   Vlan10

Internet  10.10.2.8              72   8c89.a5f6.7033  ARPA   Vlan10

Internet  10.50.0.50              0   4437.e661.c110  ARPA   Vlan50

Internet  10.70.1.71              3   6c62.6da3.171e  ARPA   Vlan70

Internet  10.20.1.20             29   8c89.a5f6.726e  ARPA   Vlan20

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Dear Vinish,

     So that, from your post i came to know that L3 switch can able get ARP description and also L3 communicate with sonicwall. It means internet can be passing through the sonicwall and L3 to all VLANs so problem is not in L3 configuration.

     My thought was sonicwall can able to get management VLANs ARP description only. It cant able to get the other VLANs ARP description. Just verify with your soniwall expert.

Thanks and regards,

Chandhuru.M

Thanks and regards, Chandhuru.M
New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Dear Chandhuru,

        Thanks for your reply, i will talk to them & let you know.

New Member

Vlan Configuration between Cisco C3560X and Sonicwall E5500 ?

Hi,

      i want stop intervlan comunication between Vlan70 and all Vlans. how will i do that. pl guid

8317
Views
15
Helpful
24
Replies
CreatePlease to create content