A LAG group on the X1018P managed switch is real easy but switch port configuration is not available on the TZ 500. Is there a way to set it up for 2 ports like x0 and x2 on the firewall and e15 and e16 on the switch? How would I configure the firewall ports? Is this a PortShield Group????
Routing – How to set up a Link Aggregation for 2 ports between a Sonicwall TZ500 and a Dell XP1018P
dellroutingsonicwallswitching
Related Solutions
You are correct, if you have a free interface (eg. X6) on each router connect ISP-LAN at each site to that interface. I don't know if the SonicWALLs support VRRP but it is not needed. DHCP will not cross subnets unless you enable an IP Helper.
The ISP-LAN connection replaces your VPN but you will need to add some routes (which would have been implied or created previously due to the VPN). I'm guessing your ISP will refer to this has a managed VPN, an MPLS or a VLAN network.
However you will need to know what IPs/network your ISP has assigned to each ISP-LAN (where you have "???" in your picture).
First Case: IF your ISP has given you IPs on your subnets at each site (eg. 10.10.1.254 at Site 1 and 192.168.1.254 at Site 2) then you can route via these IPs. Assign (or leave) X6 on the LAN (same as X2/X3/etc). Then go to Network | Routing. You will need to create a route on each site (or you could use RIP, but not needed for 2 sites).
At Site 1 your route will be something like:
Source: Any
Destination: Site2 Subnet (192.168.1.0 / 255.255.255.0)
Service: Any
Gateway: ISP-LAN IP (10.10.1.254)
Interface: LAN/X0 (since it's on the LAN)
Metric: 20 (should be fine)
Create a similar route at Site 2 (but Destination of Site 1's Network using the Gateway of ISP-LAN at Site 2 [192.168.1.254]). I've done this for clients when this is how the ISP has configured things (used IPs on the local LAN to provide access via "the cloud").
Second Case: HOWEVER, if the ISP has used a DIFFERENT subnet for the ISP-LAN connection (such as 172.16.1.x or something) then you will need to configure X6 to be on that subnet, you won't need NAT. I've also done this for clients (where the ISP provides a 3rd subnet to join to 2 sites) -- in this case X6 will be on that 3rd subnet and the routes will be created automatically [just allow access with firewall rules].
So a QUESTION for you: What is the IP/subnet of the ISP-LAN at each site? Is it as you have in your picture (the X6 / ??? IPs) or is it something else?
EDIT: (since I can't add a comment)
I'm glad that helped. You would have DHCP traversing if the ISP configured the link as a Layer 2 link (essentially a VLAN) between the 2 ISP routers -- DHCP wouldn't cross Layer 3 without assistance but will Layer 2 (like on a switch). Now that you have added a different subnet to the link (your 10.0.0.1/30 subnet) you should be fine (the routers won't pass DHCP broadcast traffic beyond the subnet).
You can configure the routes with Probes so that they will deactivate if something fails, if you convert your VPN from an IPsec Policy VPN to a Tunnel Based VPN (which uses routes for the VPN) you can have it fail-over if you wanted. BUT since the ISP's VLAN and the Internet based VPN are running through the same ISP router the chance of only ONE failing is slim. (if you had a different back-up ISP then having a backup VPN would be a good idea)
As for the speed issue, I would check if you have BWM enabled on either router, other than that contact your ISP.
As far as the VLAN for access port 1, that looks like what you need.
Depending on how you have STP configured on the network, you should think about using RSTP. Also, STP guard on the access ports may be a good thing to do.
The default native VLAN is 1, but you don't need a native VLAN, or you can set it to any VLAN. This is only relevant for trunk ports.
Best Answer
You can't do it on Sonicwall device. TZ series doesn't support link aggregation. Check this doc http://documents.software.dell.com/sonicos/6.2.3.1/release-notes/document-download?ParentProduct=847