SonicWall firewalls can act as wireless LAN controllers for SonicPoint Access Points. The limitation is that the controller must be on the same layer 2 broadcast domain as the access points. This is actually fairly easy to work around if you have HP Procurve managed switches to work with.
In this example the SonicWall and core 2910AL switch are on the first floor and the access points are connected to a 2910Al on the fourth floor. The switches are connected by fiber using LACP aggregation or trunks in HP terms.
The key is that the WLAN management VLAN is untagged on ports that the SonicWall and SonicPoints are connected to so that the access points can find the SonicWall during boot up. The management vLAN is Tagged on the trunk ports.
The actual WLAN vLANs are Tagged on each port that the SonicWall and access points are connected to and on the trunk ports.
SonicWall Configuration
X5 WLAN
X5:v140 ZONE WLAN-Corp
X5:v150 ZONE WLAN-Guest
Zones
WLAN-CORP
WLAN-Guest
Firewall Access Rules
WLAN-Corp -> LAN allow any any
WLAN-Guest -> LAN Deny any any
Virtual Access Point profiles
Corporate
Guest
Virtual Access Points
SSID
Private - VLAN 140
Guest-Access - VLAN 150
Virtual Access Point Groups
WiFi
Corporate
Guest
Core Switch configuration - Procurve 2910AL
interface 18
name "SW X5 WLAN"
interface 23
name "Trunk3-4th-Floor"
exit
interface 24
name "Trunk3-4th-Floor"
trunk 23-24 Trk3 LACP
vlan 1
name "DEFAULT_VLAN"
untagged 1-11,14-16,20,Trk1-Trk3
no untagged 12-13,18
no ip address
exit
vlan 200
name "WLAN-MGT"
untagged 18
tagged Trk3
no ip address
exit
vlan 150
name "WLAN-Guest"
tagged 18,Trk3
no ip address
exit
vlan 140
name "WLAN-Corp"
tagged 18,Trk3
no ip address
exit
4th Floor Switch Configuration
Interface 4
name "SonicPoint ConfRM2"
Interface 18
name "SonicPoint ConfRM1"
trunk 47-48 Trk1 LACP
vlan 1
name "DEFAULT_VLAN"
untagged 1-3,5-17,19-46,Trk1
ip address 10.1.1.252 255.255.255.0
no untagged 4,18
exit
vlan 140
name "WLAN_CORP"
tagged 4,18,Trk1
no ip address
exit
vlan 150
name "WLAN_GUEST"
tagged 4,18,Trk1
no ip address
exit
vlan 200
name "WLAN_MGT"
untagged 4,18
tagged Trk1
no ip address
Hi
ReplyDeleteGreat article! I have Sonicwall firewall and two Sonicpoints connected to HP ProCurve 1800-24G switch (core switch, I only have one). Port 22 on HP switch is connected to SonicWall firewall X6 WLAN interface. Ports 7 and 12 are connected to Sonicpoints. Everything is working fine with wireless except Sonicwall firewall can't find Sonicpoints.
How can I configure this Managment VLAN in HP switch because the WEB interface only allows port based configuration, not VLAN based configuration?
Current configuration is
VLAN ID VLAN Members
1 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
50 7,12,22
60 7,12,22
70 7,12,22
VLAN Port Config
Port/
Trunk Packet Type PVID
Port 7 Tagged Only None
Port 12 Tagged Only None
Port 22 Tagged Only None
Br,
Raine Holm