We just purchased
some SonicPoints and a NSA240 firewall for our network, and are having issues
getting the existing Cisco equipment to allow the traffic...our core switch is
a Cisco WS-C3560X-24T-L (10.0.0.2) and we also have a 2821 ISR at 10.0.0.1. These addresses are on the management
VLAN. The 3560 has a default route to
10.0.0.1, and the 2821 has a default route to 192.168.10.2 (the NSA 240)
Our default LAN
(VLAN 100) is 192.168.10.x/24, and we created two new VLANs on the SonicWALL
for the second and third virtual APs on the SonicPoints (192.168.40.x/24, VLAN
125 and 192.168.50.x/24, VLAN 150).
The first virtual AP
is configured with no VLAN and works like a champ. The second and third ones are configured on
VLANs 125 and 150 respectively and will authenticate clients but don't get a
DHCP address and can't pass traffic when given a static IP in the range.
Here's show vlan on
the 3560:
1 default active Gi0/3, Gi0/4
100 DATA active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Fa0/25, Fa0/27, Fa0/28, Fa0/29
Fa0/30,
Fa0/31, Fa0/32, Fa0/33
Fa0/34, Fa0/35, Fa0/36, Fa0/37
Fa0/38, Fa0/40, Fa0/41, Fa0/42
Fa0/43, Fa0/44, Fa0/45, Fa0/46
Fa0/47, Fa0/48
125 Wireless1 active
150 Wireless2 active
200 VOICE active Fa0/1, Fa0/2, Fa0/3, Fa0/4
VLAN Name Status Ports
----
-------------------------------- --------- -------------------------------
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11,
Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Fa0/25, Fa0/26, Fa0/27, Fa0/28
Fa0/29, Fa0/30, Fa0/31, Fa0/32
Fa0/33, Fa0/34, Fa0/35, Fa0/36
Fa0/37, Fa0/38, Fa0/39, Fa0/40
Fa0/41, Fa0/42, Fa0/43, Fa0/44
Fa0/45, Fa0/46, Fa0/47, Fa0/48
No, for the AP that
you want to use vlan 125, configure switch access vlan 125. For the port that
has the AP that will use 150 configure switchport access vlan WS-C3560X-24T-S not both.
没有评论:
发表评论