Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 12281 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Voip VLAN behind RED 15

Predrag Milenkovic

Hello!

We are running UTM 210 on central location and RED 15 on remote locations. UTM Eth0 port is in bridge with RED devices. Recently we decide to start to use local Telco VoIP services.

They gave us their L2 switch with 2 VLANs predefined: 2629 for voice and XXX (I cannot recall now :)) for Internet. On our side we have created tagged VLAN 2629 on all switches on central location as well as on remote locations. On our core switch we have defined port 26 as VLAN 2629 untagged and connected it to Telco switch ("Voice" port).

Telco gave us just VLAN IDs - IP phones are using autoprovision and after we manually set VLAN they are getting IP addresses from Telco DHCP server as well as other settings.

On central location everything is working just fine - IP phones are getting IP addresses and other settings and they are working properly.

On remote locations IP phones cannot get IP address - so they are not working.

This is our layout:

What we did wrong?

Thank you in advance



This thread was automatically locked due to age.
  • 0

    Hi,

    I think you need a RED50 to support the VLAN tagged packet, RED15 does not support VLANs. Refer to, How to configure the Switch Port VLAN tagging for a RED 50.

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    As far as I know this is not correct.

    I have a similar scenario implemented and it works. 

    It is true that the RED 15 cannot handle VLANs itself but you can configure the switch so that the VLANs are transferred into the RED tunnel. Therefore the UTM is able to handle the VLAN which needs to be binded onto the red interface.

    In this case I would suggest looking at the VLAN configuration at the remote location.

  • 0

    Hi Predrag and welcome to the UTM Community!

    The "trick" described by Charmacas is the only solution I know with the RED 15.

    As for the RED 50, an SG 115 with a Network Protection is more flexible and costs less than a RED 50 with warranty extensions.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hey ,

    sorry for bothering you but i dont want to open a new thread because my question ist similar.

    The described "trick" only works with Standard/Unified and not with Standard/Split mode, or am i wrong?
    I am asking because there are several statements over the years. VLans weren't supported in Standard/Split but worked nevertheless over the tunnel at least until August 2017 (for example). I know the Note of the Manual.

    Do you know if i clould use vlans through an RED50 tunnel in Standard/Split, provided by an switch (not the red itself) or is it restricted as described in the Knowledgebase?

    Thank you

  • 0 in reply to wiLLow

    Hallo willow,

    I don't know, but I suspect that you're correct.  Instead of RED 50s, I've used UTM 120s and now SG 115s, so I've never seen one!  Over a six-year lifetime, an SG 115 with Network Protection is less expensive than a RED 50 with warranty extensions.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Does the xg to red15 bridge support tagged traffic?  

    If not 2 links from switches to the fw’s and ips on ports of fw in the subnets on those vlans.   I think.  

    Does the remote side have ip interface for vlan 2629.  If so does it have the ip helper address to the dhcp server and know how to get there either by def gateway or ip route to central sw

    Also I would move the link from telco to xg to a 2nd switch port - since tagged traffic - set port on sw as truck w native of 1 and allowed vlan 2629.  

    I bet traffic on remote side def to central side sw.    moving link will fix prob.  

Unfiltered HTML