Starting with Wireless AP and Sophos XG

I'm new to the use of Wireless Protection in my XG330 i purchased a AP15 to test.

 

Activated the Wireless protection (Full guard subscription on xg330 cluster) (global options.jpg)

connected the AP15 of the LAN zone, the AP have been recognized and succesfully activated. (01active AP.jpg)

created a Access Point Group (access point groups.jpg)

create a wireless network (general settings.jpg) and put in zone Wifi (zone.jpg)

created the dhcp server (general settings.jpg)

now from a PC i see the SSID and can connect (active clients.jpg)

But i don't obtain an ip address

 

I do something wrong but i don't know what, maybe someone can give me a hint ?

here you can find the attached referred in () with the extract of some logs

 

01Active-AP.JPG

 

access-point-groups.JPG

 

active-clients.JPG

 

general-settings.JPG

 

global options.jpg

networks.jpg

 

wireless-network.JPG

 

zone.jpg

 

 Best Regards

Roberto

 

Edit : after a while i found the dhcpd service is marked as DEAD in XG Control Center and i cannot start it

 

 

 

 

 

And in Advanced Shell \ dhcpd.log i find this

 

   

  • Roberto,

    if you delete this DHCP and you enable DHCP on the LAN interface, does the dhcp server service start?

    Also, the AP is on a separate zone and not bridged to LAN as the IP is different, correct?

    Thanks

  • In reply to lferrara:

    Hi lferrara

     

    1) Yes, If i enable a dhcpserver on a LAN interface the server start succesfully but the dhcp does not runs on wlan

     

    DHCPD_PORTS 'wlnet1,lag0.11'
    Adding interface 'wlnet1'
    Adding interface 'lag0.11'
    Internet Systems Consortium DHCP Server 4.3.6-P1
    Copyright 2004-2018 Internet Systems Consortium.
    All rights reserved.
    For info, please visit www.isc.org/.../
    Config file: /cfs/system/dhcp/dhcpd.conf
    Database file: /tmp/dhcpd.leases
    PID file: /var/run/dhcpd.pid
    Wrote 0 leases to leases file.
    write_lease: JSON: <{ "filename":"/tmp/dhcpd.leases", }>

    write_lease: OPCODE <write_dhcp_lease> executed successfully

    Listening on LPF/lag0.11/00:e0:20:ac:b5:05/lag0.11
    Sending on   LPF/lag0.11/00:e0:20:ac:b5:05/lag0.11

    No subnet declaration for wlnet1 (no IPv4 addresses).
    ** Ignoring requests on wlnet1.  If this is not what
       you want, please write a subnet declaration
       in your dhcpd.conf file for the network segment
       to which interface wlnet1 is attached. **

    Sending on   Socket/fallback/fallback-net

     

    2) Yes, the idea is to use lan connection we have in all our buildings but connect wireless on a dmz

  • In reply to Roberto Corti:

    Are you running latest XG firmware version?

    I will try to configure separate ap on my lab and let you know if dhcp starts.

    Regards

  • In reply to lferrara:

    Yes, running XG330 (SFOS 17.5.9 MR-9)

     

    Regards

    Roberto

  • In reply to Roberto Corti:

    Roberto,

    I tried on my lab (v18) and DHCP works as expected. Take note I did not delete the bridge to AP SSID.

    DHCP is already started and creating a new SSID (separate) will just reload the dhpc service and assign IPs.

    Can you try to create a SSID "bridge to AP LAN" and then create a separate AP zone and check if it works?

    Thanks

  • In reply to lferrara:

    if i understand : for do this i must connect the AP to another zone/port and this (in this moment) can't be done..

    (PS in my LAN i already have another dhcp server (a Windows Server) if i bridge to APLan the AP15 i can connect and receive an ip address from this dhcp)

  • In reply to Roberto Corti:

    Roberto,

    if you create the Bridge to AP lan, the XG will create the new SSID on the same LAN interface where the AP is connected.

    This is not a big problem, as the AP will have an ip on the LAN zone and you can create a DHCP that leases only 1 ip.

    Once you have done this step, you can create the "create separate zone" and try if DHCP works as expected.

    Regards

  • In reply to lferrara:

    No, can't run in this way as it get the address from the dhcp already existing on the LAN.

  • In reply to Roberto Corti:

    OK, found the clue.

    For some weird weird reason the virtual wlan network interface to which the AP was connected gone "sciroppata"  (broken, lost all parameters), created completely new interface, new dhcp server and not it works. :-)

     

    now i must only find the way to delete this interface

     

    Thanks for the support

    Roberto