I upgraded many Dell 6248 switches to the latest and greatest firmware over the weekend. I have been experiencing more packet loss than I would ever want to see on an internal LAN. Connecting from the servers on the same switch would yield a periodic lost packet for no apparent reason. There were some clues on the switch with logged “spanning tree topology changes” in the log file. During this log event, I would drop packets not only on the local switch, but other connecting switches as well. All of these switches are configured with Rapid STP, LAG groups between them, and two VLANs. Reading up on the dell site, I saw some good advice entailing turning on “Port Fast” on every port that isn’t an edge link between switches, namely ports connected to switches and servers. This advice appears to be valid. With the latest firmware I could go to Global STP settings and simply enable Port Fast. It was smart enough to not turn it on for the LAG groups and switch interconnects with multi-vlans on them. So far so good…over the past few hours I haven’t had any dropped packets.
Problem: We are using an old D-Link hotspot to allow guest access in our building. This D-Link feed a VLan that is distributed to 7 D-Link access points. These APs support multiple SSIDs on different VLAN making them very convenient for distributing multiple wireless networks around the facility. The new Sonicwall has Guest Services, but how can we make it all work together? It seems like Sonicwall wants us to use their own proprietary (and expensive) access points. In our server room we have a port dedicated to feeding the VLAN through the building. I connected that port to X5 on our Sonicwall TZ210. Now the configuration on the SW. First, let’s add a new Zone and call it Guest. For initial testing I am leaving the security settings turned off. Now let’s configure port X5 to be in our Guest zone with a static IP address of 192.168.1.1 on a standard Class C subnet. Do this from Interfaces. I have enabled management and ping plus user logins on this interface. After testing I will disable the management except for Ping. Make sure you enable login so your users can actually log in! Verify a firewall rule exists for traffic from the GUEST to WAN zones. With my firmware, this was automatically created. I enabled some bandwidth limiting on it as well. Now turn on the DHCP server for this interface with the appropriate settings. Note that it is configured for interface X5. Make sure the DHCP server is actually enabled in the top check box. I forgot this part the first time around. Anyone that connects to the VLAN or physical network on X5 should now receive a DHCP address in your range and be greeted in a web browser with the Sonicwall Login page. Adding users is very easy! Just head down to Users|Guest Accounts and you can have them automatically generated for you or create your own. You can also specify how long they are active for. You can also click on Guest Status to see your logged in guests!