Sonicwall routing between interfaces. tunnel interface VPN) instead of a site-to-site one.
Sonicwall routing between interfaces. This functionality is available on all NSa, NSA and SuperMassive platforms. 168. Virtual interfaces provide many of the same features as physical interfaces, including zone assignment, DHCP Server, and NAT and Access Rule controls. 5 and earlier firmware. Static Routes Static routes are manually added to a routing table through direct configuration. A gateway is optional for DMZ or LAN zone interfaces. The tunnel status shows up and running but the traffic cannot pass through the VPN. 1q trunk link. x (interface IP of 192. The X0 lan is running subnet 192. To configure a physical interface on SonicWALL with a static IP Mode: Navigate to NETWORK | System | Interfaces. Failover between the Ethernet WAN (the WAN port, OPT port, or both) and the WWAN is supported through the WAN Connection Model setting. This is the primary means of configuring the device. Advantages of Numbered Tunnel VPN Simplified Troubleshooting: Unique IPs for each endpoint Sep 18, 2022 · Scenario:MPLS and WAN on same interface. Network > Interfaces The Network > Interfaces page includes interface objects that are directly linked to physical interfaces. Aug 14, 2025 · A zone is a logical grouping of one or more interfaces designed to make management, and application of Access Rules. Oct 14, 2021 · Route Based VPN configuration, introduced in SonicOS Enhanced 5. Nov 22, 2021 · This article list all the Site to Site VPN, Tunnel Interface VPN and Third-party VPN configuration knowledge base articles. So, it knows how to forward traffic between those networks. 16. All VLANs were set up Sep 27, 2023 · How to Configure a Tunnel Interface VPN (Route-based VPN) between two SonicWall UTM appliances running SonicOS 5. I plan on connecting this to our sonicwall X2 port and routing traffic from their network from X2 to our X0 port and vice versa. My trouble is the Sonicwall is not the default internet gateway either, so I can't assign the Sonicwall as the endpoints default static gateway. Virtual Interfaces (VLAN) Supported on SonicWALL security appliances, virtual Interfaces are subinterfaces assigned to a physical interface. The cryptography suites used to secure the traffic between two end-points are defined in the Tunnel Interface. If you have routers on your interfaces, you can configure the SonicWALL appliance to route network traffic to specific predefined destinations. 4914643605734924E12 (SNWL) Edited by Community Administrator May 8, 2025 at 8:18 PM Dant , In your case, just the access rule should be enough. Setting System criteria for SonicOSConfiguring Routed Mode Routed Mode provides an alternative for NAT for routing traffic between separate public IP address ranges. 5 firmware. The following example walks you through creating a route policy for two simultaneously active WAN interfaces. I have an L3 switch and am swapping out an old router for a SonicWall TZ210. A drop tunnel interface should be used in conjunction with a VPN tunnel interface, although a drop tunnel interface can be used standalone. Apr 11, 2022 · WAN Failover enables you to configure one of the user-defined interfaces as a secondary WAN port. For a SonicWALL appliance with a WWAN interface, such as a TZ 190, you can configure failover using the WWAN interface. 2 with a GW of 1. Zone-based security is a powerful and flexible method of managing both internal and external network segments, allowing the administrator to separate and Hello, I have a situation here - WAN connection X10 and multiple servers on X4 requiring public IPs (no nat) I need to pass whole public /29 subnet from X10 to X4 without setting up the static ip on X10 or X4 interfaces L2 bridge or Transparent bridge requires 1 ip to be setup on either interface so it's not an option May 2, 2021 · I have a Sonicwall TZ-350. 8. 1, and X1 is the WAN. I've set up a second local subnet on X2 with IP 192. You would just add a firewall access rules between the accessing VLAN and the NVR IP address. I cannot seem to ping the SonicWall VLAN interface for VLAN 101 from VLAN 102, for example. 0 Both interfaces are on the same “LAN” Zone, with interface trust between them. NOTE: Group level interface edits are only available for SonicWALL firewall appliances. The static route may contain the source, destination and service to the Tunnel Interface. 0/24 172. Below is a detailed guide for configuring a SonicWall router in a lab environment, including essential commands and verification steps. Dec 20, 2019 · This article lists all the popular SonicWall configurations that are common in most firewall deployments. The servers connected to the interfaces X2 and X3 should be configured with the IP addresses within the Transparent Range. a. Jul 28, 2022 · Configuring the servers connected to the PortShield interfaces X2 and X3. To view the default NAT policies preconfigure in the SonicWall click Manage | Rules|NAT Policies. Nov 14, 2024 · In SonicWall, a numbered tunnel refers to a VPN tunnel configuration where unique IP addresses are assigned to each endpoint (or interface) of the VPN connection. 2 Spice ups Topic Replies Views Activity Inter-VLAN routing on SonicWall Networking sonicwall , question 8 1968 November 14, 2016 routing VLans at the firewall/router Networking discussion , general-networking 6 Oct 10, 2020 · If you have routers on your interfaces and if you want to access the computers attached to the router, you need to configure static routes on the SonicWall security appliance on the Network | Routing page. Since the sub-interfaces are created on the firewall, the inter-VLAN routing will automatically be handled by SonicWall. If you have any additional queries, please let us know Jun 29, 2015 · I have a LAN (LAN 1) on the 192. In the Multicast Policies May 4, 2023 · What I want to do is establish a tunnel between a remote site and the Sonicwall which is running inside of azure. I want to be able to access a device Hi there, I'm sure I'm missing something incredibly simple here, but I've been struggling with getting an endpoint (workstation) the correct routing/NAT/access rules to be able to connect to a server on a different LAN across 2 separate interfaces. The following networks will be used for demonstration purposes during this article. Static routes can then be added to the Tunnel Interface for reaching the remote networks. On X4 Subnet, I can get to the Sonicwall admin page via both X0 and X4 interface address, but X4 cannot ping any other X0 addresses, and no X0 devices can reach X4 addresses. For a WWAN interface, GMS navigates directly to the Network > WWAN > Settings screen. Network Setup How is the X5 interface connected? Is it to both the upstream ISP router and the remote firewall with a common switch ? Or is this second IP range allocated to your X1 where your physical X1 is say for example 1. Routing Routing is the process of selecting a path for traffic in a network or between or across multiple networks. 255. For example, a subnet can be created to isolate a section of a company, such as finance, from network traffic I would just setup some virtual interfaces for VLANs on the Sonicwall and let that handle the routing. If configuring a WAN zone interface or the MGMT interface, type the IP address of the gateway device into the Default Gateway field. IPv4 and IPv6 IP addresses are accepted/displayed in the Network > Interfaces screens. 2 / 255. I have Sonicwall NSA 2400, it is configured with Percentage-Based WAN Load Balancing. That should take care of it. 19/24 (static) - This is connected to a switch X1, WAN zone, internet connection X2, LAN zone, IP: 10. Oct 28, 2022 · By enabling Routed Mode on the interface for the 172. ) Site to Site VPN and Route Based VPN configuration Configuring Aug 29, 2022 · SonicOS Enhanced firmware versions 4. A default gateway IP is required on the WAN interface if any destination is required to be reached through the WAN interface that is not part of the WAN subnet IP address space, regardless whether a default route is received dynamically from a routing protocol of a peer device on the WAN subnet. The advantages of Route Based VPN are: Any number of overlapping static routes can be added for the Jul 22, 2022 · Resolution for SonicOS 7. 2/24 (static) - This is directly connected to SonicWALL 2, port X0 SonicWALL 2 has the following interfaces: X0 Oct 23, 2015 · I have a sonicwall NSA 2400 firewall which has a LAN on X0, WAN on X3 (Failover WAN on X1). It depends on your network requirements and expected growth. Jun 29, 2021 · Description This article will guide you through the process of configuring the SonicWall to translate multiple networks for use across a Site to Site VPN. Oct 15, 2017 · List what ports you want to get thru and make rules/recursive rules for this. Router-on-a-stick is a term frequently used to describe a setup up that consists of a router and switch connected using one Ethernet link configured as an 802. Oct 14, 2021 · In this scenario, the customer has a site to site IPSec VPN tunnel between two SonicWall appliances. The advantages of Tunnel Interface VPN (Static Route-Based VPN) between two SonicWall UTM appliances include: The network topology configuration is removed from the VPN policy Nov 11, 2016 · Hi Folks, I’m hoping for a hand here. Oct 14, 2021 · When configuring a Site-to-Site VPN tunnel in SonicOS Enhanced firmware using Main Mode with the SonicWall appliances (Site A) and Fortinet Firewall (Site B) must have routable Static WAN IP address. NOTE: You can bridge the SonicWall WLAN with the interface that belongs to LAN or DMZ zone or in other words to any interface which belongs to a custom created zone of Type Trusted or Public. Jun 1, 2023 · WAN zone interfaces are not allowed to join a Native Bridge as a member, but other interfaces can be native‐bridged to a WAN interface, making the WAN interface a Native Bridge host. For configuration information, refer to Configuring WWAN Settings on page 305. This example refers to a SonicWall network security appliance installed in a Hewlitt Packard ProCurve switching environment. With this feature, users can now Oct 14, 2021 · This article describes the process of setting up two or more SonicWalls to distribute OSPF information within the same Area. Have X1 as primary WAN connection, want to route MPLS traffic over the same interface. The Tunnel Oct 11, 2012 · SonicWall 2400 - Unable to Communicate Between Subnets/Interfaces Networking sonicwall question marcestrada2266 (mestrada_geneva) October 11, 2012, 2:39pm Oct 23, 2012 · If you are trying to see which interface traffic is flowing on from the diagnostic section of the Sonicwall console you can use “Find Network Path” you can also use the Trace Route Tool as well. Jun 15, 2018 · I need a little help setting up my routing. The main differences between the two are interoperability with other manufacturers devices, and, as you pointed out, the use of routing policies instead of numbered VPN interfaces. The SonicWall adds routing policies etc once you configure VLAN sub-interfaces. All routing is done on the L3 switch. The secondary WAN port can be used in a simple “active/passive” setup to allow traffic to be only routed if the Primary WAN port is unavailable. For example, a subnet can be created to isolate a section of a company, such as finance, from network traffic Network > Interfaces The Network > Interfaces page includes interface objects that are directly linked to physical interfaces. Sep 28, 2023 · SonicWall UTM appliances running SonicOS Enhanced support Wan Failover and Load Balancing. More flexibility on how traffic is routed. You want to avoid using Reverse Nat to force data out a certain port. The static route policies will create static routing entries that make decisions based upon source address, source Netmask, destination address, destination Netmask, service, interface Jan 24, 2017 · At one site, for whatever reason, I cannot ping through the Sonicwall to the internet. LAN 1 is on the X0 interface, LAN 2 is on the X4 interface. The Tunnel Interface is created when a Policy of type Tunnel Interface is added for the remote gateway. Virtual Local Network > Interfaces The Network > Interfaces page includes interface objects that are directly linked to physical interfaces. 6 VLAN support enables organizations to offer meaningful internal security (as opposed to simple packet filtering) between various workgroups, and between workgroups and server farms without having to use dedicated physical interfaces on the SonicWall. Each of the providers is connected to a separate interface on the SonicWall firewall, using interfaces such as X1, X2, and X3. 1 for a single NAS device (no switch; the device For a SonicWALL appliance with a WWAN interface, such as a TZ 190, you can configure failover using the WWAN interface. tunnel interface VPN) instead of a site-to-site one. 10. 50. New Sonicwall user needs assistance with routing between interfaces. When I send a ping, I can see the traffic being transmitted from LAN to DMZ but nothing recieved. This setup allows each end of the tunnel to have a specific IP address, creating a numbered, point-to-point connection between two networks. This allows the SonicWall to maintain a persistent connection for WAN port traffic by “failing over” to the secondary WAN port, achieved when NOTE: Group level interface edits are only available for SonicWALL firewall appliances. X0 and X5 can be on same zone or you can have X5 on a different zone. 168 with Netmask 255. Mar 26, 2020 · A SonicWall security appliance can be connected inline over LAG (Link Aggregation group) to inspect the bypass traffic and allowing packets sent on the group to be bridged across to the destination transparently as well. If they are created on zone LAN, the LAN to LAN access rule should already be set to allow communication. The advantages of Tunnel Interface VPN (Route-Based VPN) between two SonicWall UTM appliances include. Jun 3, 2016 · Is the best way to go about it to use the Sonicwall to route between VLANS, or do I need to purchase an actual layer 3 switch? If I can/do use the Sonicwall as the routing device, does anyone have any documentation for going about doing so? Network > Interfaces The Network > Interfaces page includes interface objects that are directly linked to physical interfaces. Browsing works completely fine. I have two SonicWALL routers, each with an internet connection. Hi r/sonicwall Hoping this is the right place to ask this question. Here's my setup. For example, OSPF determines interface metrics by dividing its reference bandwidth (100mbits by default) by the interface speed – the faster the link, the lower the cost and the more preferable Oct 31, 2022 · NOTE: This is an example where the Tunnel Interface is an Unnumbered interface without a borrowed interface IP. 5, creates a Tunnel Interface between two end points. While both establish a secure tunnel between appliances, a route policy controls the traffic that passes through the tunnel, giving you mo re flexibility for the services (ports) you want to open across the tunnel as well as redundancy to reroute traffic in case of an . The interfaces displayed on the Network > Interfaces page depend on the type of SonicWALL appliance. Configuring SonicWALL PortShield Interfaces PortShield architecture enables you to configure some or all of the LAN ports into separate security contexts, providing protection not only from the WAN and DMZ, but between devices inside your network as well. In the Interface Settings table, point the arrow Nov 30, 2023 · This article explains how to configure a Secondary subnet on the LAN interface to manage the SonicWall appliance. Jun 5, 2025 · Protocol Type – Distance Vector protocols such as RIP base routing metrics exclusively on hop counts, while Link state protocols such as OSPF consider the state of the link when determining metrics. Using a static route, a switch can learn about a route to a remote network that is not directly attached to one of its interfaces. A default gateway IP is optional on a LAN interface. Adding a Tunnel Interface Route-based VPN configuration is a two-step process: Create a Tunnel Interface. 26. This article covers one particular method (Ratio-Based Load Balancing) in a deployment scenario where the installation has three available internet service providers. Zones in SonicWall is logical method of grouping one or more interfaces with I've tried with the different gateways on both interfaces. 0 network, NAT VLAN subinterfaces have most of the capabilities and characteristics of a physical interface, including zone assignability, security services, GroupVPN, DHCP server, IP Helper, routing, and full NAT policy and Access Rule controls. I can't think of the last time I ran into a CPU/memory issue on a Sonicwall. We have an existing cisco router that connects to another remote location. Configuring Routed Mode Routed Mode provides an alternative for NAT for routing traffic between separate public IP address ranges. I started a new sysadmin job a few months ago (previous admin died unexpectedly so I came in with little to no documentation) and previously had no exposure to sonicwall until now. In this scenario, we will be adding two more networks on X2 and X3 interfaces respectively. Typically mine stay below 20% usage doing all network management. 0/24 network. Oct 23, 2024 · SonicWall has a default outgoing NAT policy preconfigure for each interface configured under the Manage | Network | Interfaces page translating all outgoing requests into the IP address of the SonicWalls primary WAN port (WAN Primary IP). (Other WAN configuration: DHCP,&nbs Nov 19, 2020 · There are several advantages to implementing a route-based VPN (a. Int x0: LAN Int x2: DMZ Int x3: WAN I’ve set up routing to route from DMZ to LAN and vice versa then went under Access Rules and made two access rules allowing a server on the DMZ to ommunicate with LAN and vice versa. 100. 254. 0 network, NAT Oct 14, 2021 · The following guidelines will ensure success when configuring Tunnel Interfaces for advanced routing: SonicWall recommends creating a VLAN interface that is dedicated solely for use as the borrowed interface. I really appreciate all of the help. X0 is the default LAN with IP 192. For this example, a secondary WAN interface needs to Sep 1, 2022 · The below resolution is for customers using SonicOS 6. Nov 26, 2012 · As recommended by David Schwartz, the way I solved this problem was to create a NAT entry in the SonicWall that translated the "Source Address" from the 192. Jan 27, 2023 · Connecting two interfaces of the same subnet (using port shield) to different switches can be a loop nightmare depending on your topology. SonicWALL 1 has the following interfaces: X0, LAN zone, IP: 172. k. Static Link Aggregation with the ability to May 31, 2023 · On the Bridged to drop-down menu select the Interface that is setup as your LAN Zone, by default this is the X0 on the SonicWall. The advantages of Tunnel Interface VPN (Static Route-Based VPN) between two SonicWall UTM appliances include: The network topology configuration is removed from the VPN policy If you have routers on your interfaces, you can configure the SonicWALL appliance to route network traffic to specific predefined destinations. The default gateway could either be the upstream ISP router address or the SonicWall WAN interface IP. Even though they are physically on two different ports of a switch, they are virtually on two different subnets, and traffic on different subnets needs to go through a router (or layer 3 switch) in order to communicate. The communication between these VLANs depends on the access rules and what zones these sub-interfaces are added with. 0/24 Routed Mode Configuration By enabling Routed Mode on the interface for the Jun 2, 2015 · Hello, I have a Sonicwall NSA 2400 with 3 interfaces. In effect, each context has its own wire-speed PortShield that enjoys the protection of a dedicated, deep packet inspection firewall. 1 subnet. The cisco has a port that we can use as a gateway to access the other locations network. 9 firmware and above. If a static route is bound to a tunnel interface, SonicWall recommends configuring a static route bound to a drop tunnel interface for the same network traffic. 0/24 Routed Mode Configuration By enabling Routed Mode on the interface for the 172. Define the routes between the vLans and specify the appropriate gateways. Jun 7, 2022 · When a SonicWall has two or more Internet Service Provider WAN Links, and you want to force only certain IP Addresses or types of traffic through one specific ISP, you must create a policy-based route to push that traffic as per requirement. X firmware. 0 network, NAT translations will be automatically disabled for the interface, and all inbound and outbound traffic will be routed to the WAN interface configured for the 10. The Native Bridge feature works with WLAN zones on TZ/SOHO Wireless appliances and on all SonicWall platforms with a SonicWave or SonicPoint wireless access point. 20. Mar 26, 2020 · This article covers how to configure a BGP route based VPN between a SonicWall firewall and Microsoft Azure. DHCP, and NetBIOS to pass thru then enable the helper. The Network > Interfaces page includes interface objects that are directly linked to physical interfaces. 253) and everything is working fine Nov 11, 2022 · In this SonicWall tutorial video, learn how you can create network segmentation on a single switch and physical interface by using VLANs on your SonicWall Fi Configuring Routed Mode Routed Mode provides an alternative for NAT for routing traffic between separate public IP address ranges. If the switches the Sonicwall is connecting to are not connected to each other, then it wouldn’t be an issue. X2 network will contain the printers and X3 will contain the Servers. In Network | system | Multicast | Click Enable Multicas t checkbox. Virtual interfaces allow you to have more than one interface on one physical connection. I can see packets from 500 and 4500 coming to and from my remote device and the sonicwall, so from an Azure POV everything seems fine. Behind the Sonicwall I can ping everything in the LAN, and I can hit all my other sites over the site-to-site VPNs no problem, but I can’t get to even the default gateway. The Allow Interface Trust setting in the Manage | Network | Zones | configure zone and Enable Allow Interface Trust. 0 and higher includes L2 (Layer 2) Bridge Mode, a new method of unobtrusively integrating a SonicWall security appliance into any Ethernet network. It tanks the unit performance. The borrowed interface must have a static IP address assignment. SSahu1. 1. Mar 13, 2023 · The SonicWall UTM appliance has a web-based graphical user interface for configuring the security appliance. Network > Zones A zone is a logical grouping of one or more interfaces designed to make management, such as the definition and application of Access Rules, a simpler and more intuitive process than following strict physical interface scheme. The network topology configuration is removed from the VPN policy configuration. 2. Then access rules will be created to allow access between the default LAN zone and Printer zone but deny access from May 15, 2024 · NOTE: This is an example where the Tunnel Interface is an Unnumbered interface without a borrowed interface IP. Sep 28, 2023 · How To configure a Site to Site VPN tunnel between a SonicWall and Linksys VPN Router in aggressive mode? Site to site VPN between a SonicOS Enhanced and a Cisco IOS device? Oct 13, 2018 · yes, but the routing on Sonicwalls is pretty much automatic. X This release includes significant user interface changes and many new features that are different from the SonicOS 6. May 24, 2014 · Yes, you do need to have InterVLAN routing configured in order for two different VLAN's to communicate. unless you are talking hundreds of routes it shouldn't put too much CPU load on it. LAN to LAN firewall rules are set to permit all. If you need DNS. NOTE: Due to the way this is processed, the same application can be completed for a Tunnel Interface (Route Based VPN). But if that switches connected via a normal uplink, then each to the Sonicwall, that going to introduce a loop, and you better hope spanning tree Dec 20, 2021 · Resolution for SonicOS 7. Jul 20, 2023 · The X0 interface on the SonicWall, by default, is configured with the IP 192. 6. It is a flexible method of managing both internal and external network segments, allowing the administrator to separate and protect critical internal network resources from unapproved access or attack. Create a static or dynamic route using Tunnel Interface. The gateway device provides access between this interface and the external network, whether it is the Internet or a private network. A site-to-site VPN ensures secure communication between remote networks by creating an encrypted tunnel. L2 Bridge Mode is ostensibly similar to SonicOS Enhanced Transparent Mode in that it enables a SonicWall security appliance to share a common subnet across two interfaces, and to perform Stateful and deep-packet Oct 31, 2023 · Resolution for SonicOS 7. If I have all the VLAN interfaces under the LAN (X0) interface, will the sonicwall automatically route the information between them or do I still need to have that setup on the L3 switch? Jun 5, 2025 · Link Aggregation provides the ability to group multiple Ethernet interfaces to form a trunk which looks and acts like a single physical interface. Configuring LAN Interface Configuring the WAN (X1) connection Configuring other interfaces (X2, X3 or DMZ etc) Port forwarding to a server behind SONICWALL Configuring remote VPN connections (GroupVPN, GVC, SSL-VPN, L2TP, etc. 0. 0 network. 1 subnet, and another LAN (LAN 2) on the 192. This is also called Virtual Interface or VLAN (Virtual May 15, 2015 · X4 - 10. By placing the SonicWall in Layer 2 Bridge mode, the X0 and X1 interfaces become part of the same broadcast domain/network (that of the X1 WAN interface). 4. Oct 14, 2021 · If you have routers on your interfaces and if you want to access the computers attached to the router, you need to configure static routes on the SonicWall security appliance on the Network | Routing page. I was able to get the 2 networks communicating by using the default network gateway appliance. Enable Multicast support on your SonicWall security appliance. Static routes must be defined if the network connected to an interface is segmented into subnets, either for size or practical considerations. Add Zone window or the General tab of an existing zone automates the creation of Access Rules to allow traffic to flow between the Interfaces of a zone instance. 0/28 ? Nov 19, 2015 · I’ve created routing between VLANs on our L3 switch but thought about this after the fact. Directly from the Sonicwall I can ping out no problem. 0/24 network to the SonicWall's interface address on the 192. Jun 24, 2023 · To enable inter-vLan routing on your SonicWALL appliance, go to the routing settings and configure the necessary routes. This is used when Advanced Routing is not needed and only static routes are used for remote networks. 1 and a second range of 2. Consider the topology in Routed Mode Configuration, where the firewall is routing traffic across two public IP address ranges: 10. It’s also the same on Nov 30, 2023 · The following article explains how to configure Virtual Sub-Interfaces on the SonicWall appliances. This feature is useful for high end deployments requiring more than 1 Gbps throughput for traffic flowing between two interfaces. The SonicOS scheme of interface addressing works in conjunction with network zones and address objects. In this setup, the switch is configured with multiple VLANs and the router performs Routes will be auto-configured by the SonicWall when you configure the X0 and X5 interfaces with respective IP subnets. This chapter contains the following sections: Virtual Interfaces (VLAN) Supported on SonicWall Security Appliances, virtual Interfaces are subinterfaces assigned to a physical interface. The below resolution is for customers using SonicOS 7. The SonicOS Enhanced scheme of interface addressing works in conjunction with network zones and address objects. LAN Interface: X0 PRI Interface: X1 T1 Interface: X2 My question is, given any LAN->WAN traffic Jun 10, 2020 · This article explains the steps for Router on a Stick configuration using SonicWall switch while using common uplink or dedicated uplink. Sep 28, 2023 · Configuring the SonicWall WAN interface (X1 by default) with Static IP address provided by the ISP. Consider the topology in Routed Mode Configuration, where the security appliance is routing traffic across two public IP address ranges: 10. This avoids conflicts when using wired connected interfaces. I have a default route to one of the VLAN interfaces on the SonicWall, but only traffic on the same VLAN reaches the Internet. dfzk mr4h pjns6a ah4l 2cntexh 6czuppq u8ii7o reqabcvu hoguzp twbdcl