This is my problem. I wanted to create a second VLAN on an HP procurve switch with a port that granted only internet access. Switches are layer 2 HP procurve 2524. My setup is basically Cisco 2600, one fast ethernet port which goes to sonicwall firewall and then one port on sonicwall to my switches. Am I correct in saying that I need to create a logical interface on the cisco 2600 with a seperate IP address in order to allow internet/give a gateway? Im assuming that interface 0/0 is set to 192.168.0.1 255.255.255.0 (its a small company). Is it sufficient to create interface 0/0.2 for the second vlan and give it ip 192.168.1.0 255.255.255.0? Im sure there are access rules that I need to add to sonicwall but I will handle that after I am sure that this is what I am looking for.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cisco 2600 and logical interfaces
- Thread starter cswift001
- Start date
SweetRevelation
Technical User
What is the order of your connections?
Switch -> Router -> FW?
Or
Switch -> FW -> Router?
Switch -> Router -> FW?
Or
Switch -> FW -> Router?
- Thread starter
- #3
VinceWhirlwind
Technical User
So does your firewall allow you to trunk VLANs?
SweetRevelation
Technical User
If you're going to keep it configured like that you have a couple of options.
Do you have more than one interface on the Sonicwall that can be IP'd and internal? Does it just have a WAN and LAN or are there more interfaces? If so you can IP one of those interfaces as the guest LAN and have an access port from the switch in the guest vlan going to that port on the firewall.
If you only have one LAN connection you would have to setup tagging on the firewall interface going to the switch and on the switch where it connects to the firewall.
I do not know if you can or how you would do this on a sonicwall, you'd prbably have more luck asking this question in the Sonicwall forum but I took a quick glance over there and saw no one had responded to your question there.
IF you had the router connected to the switch directly you could use subinterfaces on the router and tag on the switchport, that's easy, but with the way you have the network laid out... it doesn't really involve the Router at all in this part.
Maybe you'll be able to find something on tagging on Sonicwall interfaces(if it's allowed on that model), I wish you luck.
Do you have more than one interface on the Sonicwall that can be IP'd and internal? Does it just have a WAN and LAN or are there more interfaces? If so you can IP one of those interfaces as the guest LAN and have an access port from the switch in the guest vlan going to that port on the firewall.
If you only have one LAN connection you would have to setup tagging on the firewall interface going to the switch and on the switch where it connects to the firewall.
I do not know if you can or how you would do this on a sonicwall, you'd prbably have more luck asking this question in the Sonicwall forum but I took a quick glance over there and saw no one had responded to your question there.
IF you had the router connected to the switch directly you could use subinterfaces on the router and tag on the switchport, that's easy, but with the way you have the network laid out... it doesn't really involve the Router at all in this part.
Maybe you'll be able to find something on tagging on Sonicwall interfaces(if it's allowed on that model), I wish you luck.
- Status