Dell sonicwall x series Скачать руководство пользователя страница 21 | Manualshive

Страница: 21 / 45

background image

Dell SonicWALL X-Series Solution Deployment Guide

Configuring the X-Series Solution in various topologies

21

Topics:

•

About links

A common link carries data and management traffic. Common links carry all PortShield traffic and all the
PortShield groups.

A dedicated link can carry only one PortShield group, and that group must be portshielded to the dedicated port
on the TZ appliance.

An isolated link can carry management traffic OR data traffic, but not both at the same time. Isolated links
usually have separate connections between the firewall and the X-Switch for management traffic and data
traffic.

About uplink interfaces

Uplink interfaces can be viewed as “trunk” ports set up to carry tagged/untagged traffic. When an extended
switch is added with firewall uplink and X-Switch uplink options, the port on the firewall configured as the
firewall uplink and the port on the extended switch configured as the switch uplink are set up automatically to
receive/send tagged traffic for all IDV VLANs. The IDV VLAN of the tagged traffic allows the firmware to derive
the PortShield host interface for the traffic.

Criteria for configuring an uplink interface

•

The interface should be a physical interface; virtual interfaces are not allowed.

•

The interface should be a switch interface. (On some platforms, some firewall interfaces are not
connected to the switch. Such interfaces are not allowed.)

•

The interface cannot be a PortShield host (some other firewall interface cannot be portshielded to it) or
a PortShield group member (cannot be portshielded to another firewall interface).

•

The interface cannot be a bridge primary or bridge secondary interface.

•

The interface cannot have any children (it cannot be a parent interface for other child interfaces).

Connecting the X-Series switch
management port to a TZ firewall

The interface connected to the management port of the X-Switch must have an IP address from the same subnet
as the switch. For example, if the management connection between the switch and the TZ is through X2, then
X2 must have an IP address from the same subnet, such as

192.168.2.1/24

.

«
...
19
20
21
22
23
...
»

Содержание sonicwall x series

Страница 1: ...Dell SonicWALL X Series Solution Deployment Guide ...

Страница 2: ...and names mentioned herein may be trademarks of their respective companies X Series Solution Deployment Guide Updated May 2016 Version 6 2 5 232 003255 00 Rev A Legend CAUTION A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed WARNING A WARNING icon indicates a potential for property damage personal injury or death IMPORTANT NOTE NOTE TIP MOBILE ...

Страница 3: ...ut a default gateway 15 Provisioning with a default gateway 16 Adding the X Series switch to SonicOS 17 Adding an extended switch 17 Deleting an extended switch 19 Configuring the X Series Solution in various topologies 20 About topologies 20 About links 21 Connecting the X Series switch management port to a TZ firewall 21 Configuring the different topologies 22 Configuring a common uplink 22 Conf...

Страница 4: ...ality and X Series switches on page 7 Recommended reading on page 8 TZ X Series Solution a unified approach Critical network elements such as a firewall and switch need to be managed usually individually The Dell SonicWALL X Series Solution allows unified management of both the firewall and the switch using the firewall management interface UI and GMS For example the maximum number of interfaces a...

Страница 5: ...nces These TZ Series appliances TZ600 TZ500 TZ500W TZ400 TZ400W TZ300 TZ300W Support these X Series switches X1008 X1008P X1018 X1018P X1026 X1026P X1052 X1052P X4012 NOTE The X Series Solution is not supported on the SOHO W appliance HA High Availability IDV Interface Disambiguation via VLAN The reconfiguring of ports portshielded to firewall interfaces on the extended switch as access ports of t...

Страница 6: ...tch using the SonicOS management interface and Dell SonicWALL GMS version 8 1 SP1 or higher GMS supports all configuration operations such as provisioning of an extended switch configuration of extended switch interface settings and manageability of extended switch global parameters For information about managing extended switches with GMS refer to the latest SonicWALL GMS Administration Guide Hig...

Страница 7: ...in Table 2 Configuration of the PoE PoE ports on the X Series switch is managed from the UI of the X Series switch and not the Network Portshield Groups page on the TZ series appliance Table 2 X Series switch PoE PoE and SFP SFP support This X Series switch Supports X1008 1 PoE PD port by default port 8 is the PD port X1008P 8 PoE ports up to 123W total by default ports 1 through 8 support PoE X10...

Страница 8: ...ell SonicWALL X Series Solution Dell SonicWALL integration with Dell X Series Switches FAQ 185430 Dell SonicWALL TZ X solution How to provision X Series switches on SonicWALL TZ series firewalls 185057 Dell SonicWALL X Series Solution How to provision Dell X Series Switches on a SonicWALL TZ High Availability HA system 186085 Dell SonicWALL X Series Solution How to manage Dell X Series switch s ad...

Страница 9: ...appliance through the X Series switch user interface 1 Ensure the TZ series appliance is running SonicOS 6 2 5 1 or higher If necessary upgrade the appliance s firmware 2 On the X Series switch locate the white label containing the default IP address Network Mask user ID and password Record this information as you will need it when configuring the switch on the firewall IMPORTANT If the topology h...

Страница 10: ... change to Managed mode 4 Connect the X switch console By an RJ45 cable to a PC in the same subnet as the X switch if configuring through the X switch GUI Through Telnet 9600 baud if configuring through the CLI 5 Power on the X Series switch 6 In your PC browser go to 192 168 2 1 The login screen for the X switch displays NOTE If the X switch is not in Managed Mode then it cannot be managed with S...

Страница 11: ...the X Series switch s IP does not change dynamically when the DHCP server is enabled on the firewall ensure Static IP is selected for IP Address Source instead of Dynamic IP DHCP which is the default 11 Verify the Static IP Properties information 12 Configure the IP addresses of the switch in the appropriate fields for example NOTE The username is admin and the password is admin NOTE Selecting Sta...

Страница 12: ...Password and Re enter Password fields 15 Click Next The Switch Information page displays 16 Complete the Switch Information and SNMP Settings pages as described in the Dell Networking X1000 and X4000 Series Switches User Guide 17 Click Next The Simple Network Management Protocol SNMP Settings page displays 18 Complete the SNMP Settings page as described in the Dell Networking X1000 and X4000 Serie...

Страница 13: ...xt The Summary page displays 20 Click Finish The configuration is written in the Startup configuration of the X switch 21 Configure the interface as VLAN 1 22 Ensure the firewall can reach the X Series switch by pinging the X Series switch from the firewall before provisioning managing the switch from the firewall ...

Страница 14: ...oning an X Switch on a TZ series appliance 14 Adding a default gateway through the X Switch UI To add a default gateway to a switch through its UI 1 In the UI select Switch Management IPv4 Addressing or IPv6 Addressing The Edit IPv4 Addressings page displays ...

Страница 15: ...efault gateway on page 16 Provisioning without a default gateway To provision the X Series switch on a TZ series firewall without a default gateway 1 Provision the X Series switch by performing Step 1 through Step 7 in Provisioning through the X Series switch user interface on page 9 2 Enter the following CLI commands console configure terminal console config username admin password console config...

Страница 16: ...ision the X Series switch by performing Step 1 through Step 7 in Provisioning through the X Series switch user interface on page 9 2 Enter the following CLI commands console configure terminal console config username admin password console config interface vlan 1 console config if ip address 192 168 2 1 255 255 255 0 console config if exit console config ip default gateway 192 168 2 2 console conf...

Страница 17: ...Add Switch button The Add External Switch dialog displays 6 From the ID drop down menu select the ID of the switch 1 default or 2 7 From the Switch Model drop down menu select the model of the external switch The default is X1008 8 In the IP Address field enter the IP address of the switch obtained from the label on the switch 9 In the User Name field enter the user ID obtained from the label on t...

Страница 18: ...he STP State drop down menu select Disabled Enabled default 18 If you are adding an X1008 X1018 X1026 X1052 or X4012 switch go to Step 22 19 In the PoE Alert Usage Threshold field enter the percentage of power consumed before a trap is generated The range is 1 to 99 with a default of 95 20 From the PoE Traps drop down menu select whether PoE traps are enabled Disabled default Enabled If this optio...

Страница 19: ...Dell SonicWALL X Series Solution Deployment Guide Adding the X Series switch to SonicOS 19 22 Click Add Deleting an extended switch To delete an extended switch 1 Click the Delete icon ...

Страница 20: ...s The key supported topologies for the TZ X Series Solution are Common uplink configuration Dedicated uplink configuration Hybrid configuration with common and dedicated uplink s Isolated links configuration for management and data traffic HA and PortShield configurations with dedicated uplink s VLAN s with dedicated uplink s configuration SonicPoints with dedicated uplink configuration IMPORTANT ...

Страница 21: ... up automatically to receive send tagged traffic for all IDV VLANs The IDV VLAN of the tagged traffic allows the firmware to derive the PortShield host interface for the traffic Criteria for configuring an uplink interface The interface should be a physical interface virtual interfaces are not allowed The interface should be a switch interface On some platforms some firewall interfaces are not con...

Страница 22: ...hield group to which it belongs Figure 1 shows a typical integration topology of a TZ500 firewall with an X1026P switch The firewall uplink interface is X3 The X Series switch uplink interface is 2 This uplink between X3 on the firewall and port 2 on the extended switch is an common link set up to carry PortShield traffic between H1 and H3 and H2 and H4 The uplink is also the one on which the X Se...

Страница 23: ... 3 Navigate to the Network Interfaces page 4 Ensure that X3 has an IP address in the range 192 168 2 x 24 5 Navigate to the Network PortShield Groups page 6 Click the External Switch Configuration tab 7 Click the Add Switch button The Add External Switch dialog displays 8 Configure the ID through Confirm Password options as described in Adding the X Series switch to SonicOS on page 17 9 Select the...

Страница 24: ...rom their respective drop down menus 11 For information about configuring the Advanced tab see Adding the X Series switch to SonicOS on page 17 12 Click Add The External Switch Configuration tab shows the link between X3 and the X switch port 2 Status a green Enabled icon Switch Management port 2 Firewall Uplink X3 Switch Uplink port 2 13 Click the Port Graphics tab ...

Страница 25: ...s where a dedicated 1G link is needed for a particular firewall interface Cases where this configuration is necessary VLANs are used for example another switch behind the X switch There will be a large volume of traffic and there needs to be a separate uplink for this traffic The risk associated with such a configuration is using up interfaces on the firewall fairly soon Figure 2 shows a dedicated...

Страница 26: ...configure a dedicated uplink with or without setting up the common uplink to carry all PortShield traffic for the different firewall interfaces In both cases the common uplink is used to manage the extended switch Topics Configuring a dedicated uplink without a common uplink on page 26 Configuring a dedicated uplink with a common uplink on page 28 Configuring a dedicated uplink without a common up...

Страница 27: ...down menu 7 To provision the extended switch for a dedicated uplink without a common uplink ensure the Firewall Uplink and Switch Uplink options are set to None 8 For information about configuring the Advanced tab see Adding an extended switch on page 17 9 Click Add The dialog closes 10 Click either the Port Graphics tab Port Configuration tab 11 On the Port Graphics tab a Select the desired PortS...

Страница 28: ... in Provisioning an X Switch on a TZ series appliance on page 9 2 Set up the common uplink as described in Adding an extended switch on page 17 The External Switch Configuration tab is updated The External Switch Configuration and Port Graphics tabs are updated NOTE For this example a cable is connected to TZ port X3 and switch port 2 which has a human icon in the port icon This connection is a co...

Страница 29: ...ment Guide Configuring the X Series Solution in various topologies 29 On the Port Graphics tab the icons for TZ port X3 and switch port 2 are the same color and contain an up arrow 3 Click either the Port Graphics tab Port Configuration tab ...

Страница 30: ...ion in various topologies 30 4 On the Port Graphics tab a Select the desired PortShield Interface s b Click the Configure button Port Configuration tab click the Edit icon of the desired PortShield Interface The Edit Switch Port dialog displays 5 Select the Dedicated Uplink option ...

Страница 31: ...r the remaining firewall interfaces with no dedicated uplinks Figure 3 shows a hybrid uplink integration topology of a TZ400 firewall with an X1026P switch The dedicated uplink between X0 on the firewall and port 11 on the extended switch is set up to carry PortShield traffic for X0 The common link between X3 on the firewall and port 2 on the extended switch carries PortShield traffic for firewall...

Страница 32: ...s in a delay in forwarding management traffic If data traffic will be congested consider configuring separate links for management traffic and data traffic Although similar to a common link configuration the isolated management data configuration runs separate uplinks for management traffic and data traffic This configuration ensures that even with a high amount of data traffic management traffic ...

Страница 33: ...ce on page 9 2 Set up the data uplink as described in Adding an extended switch on page 17 3 Navigate to the Network PortShield Groups page 4 Click the External Switch Configuration tab 5 Click Add Switch The Add External Switch dialog displays 6 Configure the ID through Confirm Password options as described in Adding an extended switch on page 17 7 To specify the port on the switch via which the ...

Страница 34: ... Switch Uplink options from their respective drop down menus 9 Click Add The extended switch configuration is displayed on the Network PortShield Groups External Switch Configuration tab The Port Graphics tab displays The extended switch port 1 is management it is grey with a human icon in it The data uplink is between X3 and extended port 2 ...

Страница 35: ... on the X Series switch Ports 12 and 14 on the X Series switch are portshielded to X3 with the dedicated uplink option enabled Ports 13 and 15 on the X Series switch are portshielded to X4 with the dedicated uplink option enabled Ports 2 and 4 are portshielded to X3 Ports 3 and 5 are portshielded to X4 When the secondary unit acts in active HA mode traffic between H1 and X3 is carried over the ded...

Страница 36: ...ect X0 of the primary and secondary directly to the ports on the X series switch In this case two switch ports are used on the X series for management traffic Figure 6 shows a a TZ300 HA pair with an X1026 switch and two dedicated links X0 of the primary unit is connected to port 1 X0 of the secondary unit is connected to port 7 When the switch is provisioned the primary switch management is set t...

Страница 37: ...re the options as described in Configuring a common uplink on page 22 except a Select the Primary Switch Management and Primary Switch Management interfaces from their respective drop down menus 4 Click Add Configuring VLAN s with dedicated uplink s For more information about X Series Solution support for VLAN see Dell SonicWALL X_Series Solution Support for SonicWALL Virtual Interfaces VLANs 1897...

Страница 38: ...e 39 Dedicated Uplink for VLAN Topology In a dedicated uplink configuration a given link between the firewall and the X Series switch designated as the dedicated uplink is set up to carry traffic for all VLANs configured under the firewall interface plus PortShield traffic corresponding to the firewall interface Figure 7 shows a TZ500 with an X1026P switch Figure 7 VLAN with dedicated uplink topol...

Страница 39: ... firewall interfaces along with VLAN s support 2 Configure the dedicated link by a Choosing an extended switch port that is connected physically to the firewall interface b Portshielding the port to the firewall interface c Choosing the dedicated link option 3 Select the extended switch port on which VLAN s need to be enabled 4 Portshield the switch port to the firewall interface 5 Configure the r...

Страница 40: ...igured as a trunk to carry VLAN 100 by selecting Enabled for the VLAN Trunk option and choosing VLAN 100 from the available list of VLANs 5 Similarly Port 11 is portshielded to X5 and configured as a trunk to carry VLAN 150 by a Selecting Enabled for the VLAN Trunk option b Choosing VLAN 150 from the available list of VLANs 6 Portshield port 12 to X5 and configure it as an access for VLAN 200 by a...

Страница 41: ...k to carry PortShield traffic for the firewall interfaces and enable support for VLAN s with in a dedicated uplink configuration Figure 8 shows a TZ500 with an X1026P switch The link between X3 and port 2 on the extended switch is configured as a common uplink for carrying PortShield traffic for the different firewall interfaces excluding the firewall interface for which a dedicated uplink is setu...

Страница 42: ...ccess points be connected through dedicated links because SonicPoint access points carry several VLANS and dedicated links pass through VLAN tunnels The dedicated links act as trunks passing tagged traffic from the access point through the X Series switch to the TZ firewall For non SonicPoint access points and for SonicPoints without particular management the port in the TZ firewall can be configu...

Страница 43: ...Series switch see Dell SonicWALL TZ Series and Dell SonicWALL X Series solution managing SonicPoint ACe ACi N2 access points SW13970 To configure a dedicated uplink for SonicPoints 1 Provision the switch as described in Provisioning an X Switch on a TZ series appliance on page 9 2 Set up the data uplink as described in Adding an extended switch on page 17 3 Configure the uplinks as described in Co...

Страница 44: ...e with a valid maintenance contract and to customers who have trial versions To access the Support Portal go to https support software dell com The Support Portal provides self help tools you can use to solve problems quickly and independently 24 hours a day 365 days a year In addition the portal provides direct access to product support engineers through an online Service Request system The site ...

Страница 45: ...ed topologies 20 TZ series appliances 5 I interface uplink 21 isolated link 21 L link common 21 dedicated 21 isolated 21 M Managed Mode button 10 P PoE Power over Ethernet 5 PoE Power over Ethernet Plus 5 S switch extended See extended switch 4 U uplink common configuration 22 extended switch 21 firewall 21 interface 21 X Switch 21 uplink interface criteria for configuring 21 Index ...

Отзывы:

Нет отзывов

Похожие инструкции для sonicwall x series

GoSilent GSC-100

Бренд: Silent Circle Страницы: 10

Бренд: Mackie Страницы: 28

Бренд: IBASE Technology Страницы: 16

Spam Firewall Outbound

Бренд: Barracuda Networks Страницы: 2

Бренд: Sophos Страницы: 68

CloudGen Firewall F1000 CE0

Бренд: Barracuda Страницы: 8

Бренд: Watchguard Страницы: 34

Airwall-250 Series

Бренд: TEMPERED Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды