Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall

dave247

It seems that I have continual LAN broadcast traffic spilling over to my WLAN interface (X3). It IS being dropped by SonicWall but I have about 300K critical logs per day because of this.

Environment: I have switches with basic LAN traffic and then for each switch, I have a few ports configured to connect to a SonicPoint AP. PVID of these SonicPoint ports is 2 and then I am also allowing VLAN 200 tagged traffic (for guest). These ports all trunk back to the X3 WLAN interface on my SonicWall and access between LAN (X0), WLAN(X3) and WLAN (X3:200) guest are managed with access rules. Right now, LAN and WLAN have access to each other but WLAN guest only has access to WAN.

Common sense as well as SW support says that I should only be getting these messages if there is something else plugged into the ports besides SonicPoints or if something is mis-configured. The firewall rules don't seem to be a factor at all as I have both set deny any any and allow any any to and from LAN/WLAN. I have also checked all the physical connections as well as the configurations and nothing seems to have changed. I can't figure out the cause of this. It started a few weeks ago which coincidentally is around the time I upgraded the SW firmware & replaced the switch that it connects to. I want to say it's probably in related to one of those two things, but I was careful not to mess anything up and I can not spot any configurations that appear to be wrong.

SonicWall Zones:

• X0 LAN - 10.1.2.0/24
• X3 Wifi (connect to switch ports with PVID 2) 10.1.3.0/24
• X3:200 Wifi-Guest (tagged as 200 and connected to switch ports PVID 2) 192.168.1.0/24

SonicWall logs is constantly reporting these critical alerts:

• Message: "Drop WLAN traffic from non-SonicPoint devices
• Source: 10.1.2.X (LAN devices), [port #], X3
• Destination IP & MAC: 10.1.2.255/FF:FF:FF:FF:FF:FF (broadcast traffic), [port #]
• IP Protocol: UDP

My Dell N3000 switch configs look like this (ports configured for SonicPoints):

switchport mode general
switchport general pvid 2
switchport general allowed vlan add 2
switchport general allowed vlan add 200 tagged

Any help is appreciated!

Dashrender

what is the settings on the switch for the port that connects to SW X3?

Dashrender

Is the default VLAN disabled for the port that connects to the SW X3 port?

dave247

@dashrender said in Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall:

what is the settings on the switch for the port that connects to SW X3?

Same as all the other wifi ports. This was set up with the help of Dell and SonicWall a while back and it has worked for over a year without getting these errors, so I want to say it was set up correctly, or at least in a way that worked.

dave247

@dashrender said in Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall:

Is the default VLAN disabled for the port that connects to the SW X3 port?

Those commands set the PVID to 2 and allow tagged traffic of 200. So yes, default VLAN (1) is disabled on the wifi ports.

Dashrender

@dave247 said in Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall:

@dashrender said in Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall:

Is the default VLAN disabled for the port that connects to the SW X3 port?

Those commands set the PVID to 2 and allow tagged traffic of 200. So yes, default VLAN (1) is disabled on the wifi ports.

sure, but what about the port that connects to the sonicwall firewall, not the AP ports.

dave247

@dashrender said in Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall:

@dave247 said in Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall:

@dashrender said in Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall:

Is the default VLAN disabled for the port that connects to the SW X3 port?

Those commands set the PVID to 2 and allow tagged traffic of 200. So yes, default VLAN (1) is disabled on the wifi ports.

sure, but what about the port that connects to the sonicwall firewall, not the AP ports.

The ports are configured exactly the same for both the SonicPoint access points and the X3 interface on the SonicWall.

dave247

Problem solved. Turns out I had to manually remove VLAN 1 access from the configured ports. Apparently this must be done for all general mode ports on Dell N series switches.

dbeato

@dave247 said in Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall:

Problem solved. Turns out I had to manually remove VLAN 1 access from the configured ports. Apparently this must be done for all general mode ports on Dell N series switches.

Yes, because that is the default PVID of the ports.

dave247

@dbeato said in Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall:

@dave247 said in Can't figure out the cause of LAN broadcast traffic spilling over into WLAN zone on SonicWall:

Problem solved. Turns out I had to manually remove VLAN 1 access from the configured ports. Apparently this must be done for all general mode ports on Dell N series switches.

Yes, because that is the default PVID of the ports.

Yes but I had changed the PDIV of the port from the default value to 300. So, I thought that VLAN 1 access would stop and only VLAN 300 would be allowed.