# Sonicwall Interface configuration HELP!



## GSLEX0586 (Apr 27, 2012)

So here is the scenario..

I have a single device (WiFi AP) that needs to be placed on a port that will spit out 2 different sets of IPs on 2 diff networks hence why i created a secondary VLAN.

The problem i'm having is my primary LAN is plugged into Port X0 on the sonicwall. i've attempted to bridge over the XO settings (which also has an XO:V2) to my X3 port so i can simply plug in my access point but im getting no luck in this configuration. Sonicwall spits back some DHCP error by configuring it like this.

I tested it with a client machine and it receives no IPs from that secondary VLAN network. It seems DHCP can't "bridge over" from 1 port to another. Any options?

My whole point is this single access point will host wifi access for in-house users in the LAN and also provide guest network restricted access, all of a single device (Ubiquiti access point)


----------



## Wand3r3r (Sep 17, 2010)

You do understand it is not nessisary to subnet ip in addition to the vlans?
The vlans do the dividing just fine. You don't need the complexity of subnetting on top of that. That is only done on huge networks.

It does not make sense to me that with one AP you are going to have guest and users access and expect to keep them separate. Usually its set to just one unless this AP has features I am not aware of like its really two APs in one.

All of the sonicwall lan ports should be connected to the sonicwall dhcp server.


----------



## GSLEX0586 (Apr 27, 2012)

The ubiquiti access point supports multiple SSID's on one device and then you have the choice of using VLAN's to seperate VLANS per SSID.

What I want is i want one device to host:

PRIMARY SSID: 192.168.2.1 network
Guest network: 192.168.1.1 network

Sonicwall Port X0 is connected to my primary LAN switch
Sonciwall port x1 is my primary WAN port
I need the device to plug into port X3 and host the 2 different LANs


----------



## Wand3r3r (Sep 17, 2010)

sonicwall port X3 would need vlan1 [primary] and vlan2 [guest]
ebiquiti port would need the same
port X0 would need to have vlan1 but not vlan2

I would suggest you get this working first before trying to do the subnettting which would require you somehow to bring up a second dhcp server on the sonicwall. None of my sonicwalls support this. Otherwise you need another router between the ubiquiti and the sonicwall to supply dhcp/nat 192.168.1.x to 192.168.2.x


----------



## GSLEX0586 (Apr 27, 2012)

i cannot configure VLANs on port x3 since its setup as a "bridge" from X0. 

If i setup X3 as a complete new LAn and setup VLAN this would work but then wouldnt this essentially create 3 seperate networks?


----------



## TheCyberMan (Jun 25, 2011)

X0, X2 and X3 are vlans on their own trying to bridge X0 and X3 will spit out an error cannot be done Lan to Lan bridging on sonicwall to my knowledge. You can bridge W0(Wlan) to X0(Lan).

They are seperated by default. If you wish to use netbios or DHCP you would use IP helper for this in addtiion to accompanying firewall rules to allow communication between the different vlans or subnets.


----------



## GSLEX0586 (Apr 27, 2012)

i dont want communcation between the VLANS hence one being our primary lan and the other being our guest network. I just want to set this up without having to buy a whole different hardware device when this access point supports up to 4 different SSIDs at a time as long as my sonicwall is configured correctly


----------



## Wand3r3r (Sep 17, 2010)

ideally you would have two lan networks; primary and guest.
They would be separate due to the vlans.
Ideally the wired primary would go into one sonicwall port
The primary wifi would go into a 2nd sonicwall port 
and the Guest wifi would go into a 3rd sonicwall port

All the ports would be natted to the internet.

Does the ubiquiti have two lan ports?


----------



## TheCyberMan (Jun 25, 2011)

So the primary Lan is on sonicwall and guest network also by default they will be seprated but adding a discard rule in the firewall rules between w0 and Lan will make it more secure.

If guest network and default wireless network are on ubiquliti which in turn are connected to sonicwall then use different wireless encryption keys on ubiquliti.


----------



## GSLEX0586 (Apr 27, 2012)

no, it's one single unit with one single port with the option to enable VLAN on the device's software.


----------



## GSLEX0586 (Apr 27, 2012)

^^but by even using diff encryption keys, they would both be on the same LAN network segment. ie:

i don't want the users on the guest network to see anything on my primary LAN network whatsoever.


----------



## TheCyberMan (Jun 25, 2011)

They wouldn,t if they are on different subnets on sonicwall by default UPNP is disabled and discard rule after allowed rules would enforce to the max.

Setting different subnets restricts access by default so set guest network on a different subnet.


----------



## GSLEX0586 (Apr 27, 2012)

so with my configuration right now, how would you suggest i do this:

Primary LAN gateway: 192.168.30.1
Subnet Mask: 255.255.254.0
DHCP Scope: 192.168.30.100-254

Guest network: ??????

I only need about 50 available IPs at most for the guest network.


----------



## TheCyberMan (Jun 25, 2011)

So set your guest nework on a different subnet and encryption to *WPA2 AES* and key different to what your key is now on W0.


----------



## Wand3r3r (Sep 17, 2010)

Subnet Mask: 255.255.254.0

That gives you a ip range of 192.168.30.0 - 192.168.31.255 for a total of 510 hosts.

I am sure that is not what you want. That is a supernet subnet mask.

255.255.255.192 gives you 62 hosts

for guests you could use 255.255.255.224 which gives you 30 hosts.


----------



## GSLEX0586 (Apr 27, 2012)

should i be configuring this on a whole different port?


----------



## TheCyberMan (Jun 25, 2011)

Set the 255.255.255.192 on your primary Lan port replacing the 255.255.255.254.

Set 255.255.255.224 for your guest wireless network.


----------

