+1 I have zero experience with Sonicwall, but being a Juniper user for years, this is something you can accomodate should you have a spare interface on your Juniper FW. You assign it a zone to it, if you like, or simply make in an "untrusted" port and route out to and from it, assign DHCP and policies.
On Wed, Aug 3, 2011 at 1:44 PM, Paul Hutchings <[email protected]>wrote: > Does the Sonicwall have the concept of “Zones” and can it act as a DHCP > server with different scopes per interface?**** > > ** ** > > Using a Juniper as an example, you configure an interface as a Zone > (called, say, “Guest”) and assign it an interface and run a DHCP server on > that interface.**** > > ** ** > > Paul**** > > ** ** > > *From:* David Lum [mailto:[email protected]] > *Sent:* 03 August 2011 15:27 > > *To:* NT System Admin Issues > *Subject:* VLAN N00b**** > > ** ** > > So…I bought a wireless AP and it looks like I get to delve into learning a > little VLANing.**** > > ** ** > > Environment:**** > > DNS,DHCP server (2003 SBS server, Domain controller)**** > > Second DC (2003 R2 Server) > SonicWall Firewall > Dell PowerConnect 3448**** > > 17 Domain PC’s**** > > HP M110 Wireless AP with non-domain PC’s using this to get to the Internet. > **** > > ** ** > > Desired result for WLAN clients: **** > > **· **Able to get to the Internet, but not be able to see any > domain systems. **** > > **· **DNS configured to non-domain server (SonicWall would be OK)* > *** > > ** ** > > I can VLAN with the PowerConnect and make it so that AP can only get to the > firewall, but my issue then is how will any clients get assigned an IP > address. I can configure the Sonicwall to hand out IP’s but then I lose > control of IP’s (reservations, etc) from the SBS system.**** > > ** ** > > It looks like I should divorce DHCP from the SBS server and put it on the 2 > nd DC and allow the AP to see the one DC and the Sonicwall.**** > > ** ** > > Here’s a document I found helpful: > > http://www.dell.com/downloads/global/products/pwcnt/en/howto_config_private_vlans.pdf > **** > > ** ** > > From that, the SBS server and all domain PC’s would be in Community 10**** > > The AP would be in Community 11 > The firewall and 2nd DC (now doing DHCP) would be promiscuous. Is that too > big of a risk? The HP110 can do RADIUS and I did install that capability on > the 2nd DC but I don’t really know what I’m doing here.**** > > ** ** > > This would get me close to my desired result. Can RADIUS be used to > conditionally hand out IP addresses? What would be nice is the ability to > have it so VLAN1 (Community 10 in the diagram) gets some IP settings, VLAN2 > (Community 11) gets others – namely a different DNS server.**** > > ** ** > > All thoughts and comments welcome.**** > > *David Lum* > Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ------------------------------ > *MIRA Ltd* > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England > Registered in England and Wales No. 402570 > VAT Registration GB 100 1464 84 > > The contents of this e-mail are confidential and are solely for the use of > the intended recipient. If you receive this e-mail in error, please delete > it and notify us either by e-mail, telephone or fax. You should not copy, > forward or otherwise disclose the content of the e-mail as this is > prohibited. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
