Thread Info
  • State Not Answered
  • Replies 8 replies
  • Subscribers 6 subscribers
  • Views 10212 views
  • Users 0 members are here
Options
Suggested

Switch VLAN to second Switch with AP and XGS firewall

SGH

need help with VLANs

we have XGS2100, APX120 AccessPoints and Sophos Switches
All products have latest firmware

Configuration for 1 Sophos Switch was no problem, this is current config
All configuration is trough Sophos Cloud Central (Firewall, Switch & Wireless)

Firewall XGS -->> Sophos Switch -->> AccessPoints

Firewall
Port6 192.168.1.1/24  (AccessPoints)
Port6.101 - 192.168.100.1/24 (VLAN101 - DATA1)
Port6.102 - 192.168.101.1/24 (VLAN102 - DATA2)
Port6.103 - 192.168.102.1/24 (VLAN103 - DATA3)
Port6.104 - 192.168.103.1/24 (VLAN104 - DATA4)

Switch1
Port 1-2 Default VLAN:1 Untagged  (LAN & MGM)
Port 10-20 AP VLAN:100 Untagged
Port 10-20 DATA1 VLAN:101 Tagged
Port 10-20 DATA2 VLAN:102 Tagged
Port 10-20 DATA3 VLAN:103 Tagged
Port 10-20 DATA4 VLAN:104 Tagged

AccessPoint1
APX120  (IP: 192.168.1.2)  connected to Port 11 [switch1]
SSID: WIFI-DATA1 VLAN ID: 101
SSID: WIFI-DATA2 VLAN ID: 102
SSID: WIFI-DATA3 VLAN ID: 103
SSID: WIFI-DATA4 VLAN ID: 104

Firewall [Port6] -->> Switch1 [Port10]


For the second switch I am not able to get AP online
What is the VLAN setting?

Firewall XGS -->> Sophos Switch1 -->> Sophos Switch2 -->> AccessPoints


Can I use Switch1 [Port 20] -->>  Switch2 [Port 10]
Should both switches have VLAN:100 Untagged

If I missed importand info please let me know

Thank you!



Added TAGs
[edited by: Raphael Alganes at 3:59 AM (GMT -8) on 23 Feb 2024]
  • 0

    Have a look here:

    https://doc.sophos.com/central/customer/help/en-us/ManageYourProducts/Switches/SwitchManagement/SwitchManagementVlans/index.html

    Main take away from this document is: Sophos Switches handle "trunk ports" a little different than other vendors.

    You have to define and add all VLAN on a port, that you want to be transported to another switch.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    I use Sophos Central to manage all products.

    Your link shows management inside the switch and example is where computers connect to the switch.
    I want to know how to connect to another Sophos switch

    I have configured like in the URL (Manage your products)
    If I logon to the device [switch1] it is like in de document 

    Untagged ports: From the drop-down menu, select which ports are untagged. These ports only allow traffic to pass from the single VLAN.

    Port 1-2 Default VLAN:1 Untagged (LAN & MGM)
    Port 10-20 AP VLAN:100 Untagged

    Tagged ports: From the drop-down menu, select which ports will be tagged. These are trunk ports, allowing traffic from multiple VLANs to pass through a single port.

    Port 10-20 DATA1 VLAN:101 Tagged
    Port 10-20 DATA2 VLAN:102 Tagged
    Port 10-20 DATA3 VLAN:103 Tagged
    Port 10-20 DATA4 VLAN:104 Tagged

    VLAN table [switch1]

    VID

    		 Name Port status
    1 Default 1U, 2U
    100 AP 10U, 11U, 12U, 13U   xxxxxx 20U
    101 DATA1 10T, 11T, 12T, 13T  xxxxx 20T
    102 DATA2 10T, 11T, 12T, 13T  xxxxx  20T

    GVRP advertisment is ON by default

    How should VLAN table [switch2] be configured?

  • 0 in reply to SGH

    Hello,

    the two ports that you will ue to connect the switches with each other have to be configured identically. The VLANs have to be the same as on the first switch.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    thanks for your quick reply.

    Your solution is also what I have tried but did not work

    Configuration of switch1 and switch2 are the same

    I connect Switch1 [Port 20] -->> Switch2 [Port 10]
    Switch1 [Port 20]

    VID

    		 Name Port status
    1 Default 1U, 2U
    100 AP 10U, 11U, 12U, 13U   xxxxxx 20U
    101 DATA1 10T, 11T, 12T, 13T  xxxxx 20T
    102 DATA2 10T, 11T, 12T, 13T  xxxxx  20T

     

    Switch2 [Port 10]

    VID

    		 Name Port status
    1 Default 1U, 2U
    100 AP 10U, 11U, 12U, 13U   xxxxxx 20U
    101 DATA1 10T, 11T, 12T, 13T  xxxxx 20T
    102 DATA2 10T, 11T, 12T, 13T  xxxxx  20T


    On Switch2 I have connected AccesPoints  (both AP work on Switch1)
    Switch2 [Port 11]   AccessPoint2   APX120
    Switch2 [Port 12]   AccessPoint3   APX120

  • 0 in reply to SGH

    How do you mange the AccessPoints?

    With XGS or with Central?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    with central

    All the sophos products are managed by central

    XGS
    Wireless
    Switches
    Endpoint
    Server Protection
    DNS

  • 0 in reply to SGH

    how is the firewall connected to the switch? Please show the config details and the DHCP-server configs.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    was this not in my first post?

    Firewall XGS -->> Sophos Switch -->> AccessPoints

    Firewall
    Port6 192.168.1.1/24 (AccessPoints)

    Firewall [Port6] connects to Switch1 [Port10]
    Switch has Port 10-20 AP VLAN:100 Untagged

    Switch1 [Port11]  connects to AccessPoint1


    APX120 (IP: 192.168.1.2 from DHCP) connected to Port 11 [switch1]

Unfiltered HTML