Sunday, September 9, 2012

SonicPoints with Procurve Switches

SonicWall firewalls can act as wireless LAN controllers for SonicPoint Access Points. The limitation is that the controller must be on the same layer 2 broadcast domain as the access points. This is actually fairly easy to work around if you have HP Procurve managed switches to work with.

In this example the SonicWall and core 2910AL switch are on the first floor and the access points are connected to a 2910Al on the fourth floor. The switches are connected by fiber using LACP aggregation or trunks in HP terms.

The key is that the WLAN management VLAN is untagged on ports that the SonicWall and SonicPoints are connected to so that the access points can find the SonicWall during boot up. The management vLAN is Tagged on the trunk ports.

The actual WLAN vLANs are Tagged on each port that the SonicWall and access points are connected to and on the trunk ports.

SonicWall Configuration
X5 WLAN
X5:v140 ZONE WLAN-Corp
X5:v150 ZONE WLAN-Guest

Zones
WLAN-CORP
WLAN-Guest

Firewall Access Rules
WLAN-Corp -> LAN allow any any
WLAN-Guest -> LAN Deny any any

Virtual Access Point profiles
Corporate
Guest

Virtual Access Points
SSID
Private - VLAN 140
Guest-Access - VLAN 150

Virtual Access Point Groups
WiFi
 Corporate
 Guest

Core Switch configuration - Procurve 2910AL
interface 18
   name "SW X5 WLAN"
interface 23
   name "Trunk3-4th-Floor"
exit
interface 24
   name "Trunk3-4th-Floor"
trunk 23-24 Trk3 LACP
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-11,14-16,20,Trk1-Trk3
   no untagged 12-13,18
   no ip address
   exit
vlan 200
   name "WLAN-MGT"
   untagged 18
   tagged Trk3
   no ip address
   exit
vlan 150
   name "WLAN-Guest"
   tagged 18,Trk3
   no ip address
   exit
vlan 140
   name "WLAN-Corp"
   tagged 18,Trk3
   no ip address
   exit

4th Floor Switch Configuration
Interface 4
  name "SonicPoint ConfRM2"
Interface 18
  name "SonicPoint ConfRM1"
trunk 47-48 Trk1 LACP
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-3,5-17,19-46,Trk1
   ip address 10.1.1.252 255.255.255.0
   no untagged 4,18
   exit
vlan 140
   name "WLAN_CORP"
   tagged 4,18,Trk1
   no ip address
   exit
vlan 150
   name "WLAN_GUEST"
   tagged 4,18,Trk1
   no ip address
   exit
vlan 200
   name "WLAN_MGT"
   untagged 4,18
   tagged Trk1
   no ip address



1 comment:

  1. Hi
    Great article! I have Sonicwall firewall and two Sonicpoints connected to HP ProCurve 1800-24G switch (core switch, I only have one). Port 22 on HP switch is connected to SonicWall firewall X6 WLAN interface. Ports 7 and 12 are connected to Sonicpoints. Everything is working fine with wireless except Sonicwall firewall can't find Sonicpoints.
    How can I configure this Managment VLAN in HP switch because the WEB interface only allows port based configuration, not VLAN based configuration?
    Current configuration is
    VLAN ID VLAN Members
    1 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
    50 7,12,22
    60 7,12,22
    70 7,12,22
    VLAN Port Config
    Port/
    Trunk Packet Type PVID
    Port 7 Tagged Only None
    Port 12 Tagged Only None
    Port 22 Tagged Only None


    Br,
    Raine Holm

    ReplyDelete