DHCP not dishing out IPs, nor can traffic get out with a static ip on VLANs.

Hi,

what a convoluted network.

Please provide a network drawing and explain what you are trying to achieve.

Ian

This was my first diagram of a network, I hope it's detailed enough for you!

Hi Gage,

In your first pot you said you had a bridge setups am trying to understand what you want with the bridge?

That network is not that difficult to setup and I take it you have purchased and old SG210 and converted it to XG v18? If so you don't need the VLANs just use the physical ports.

Also you are going to confuse yourself with where each VLAN is terminating.

Ian

I tried using the physical ports too, they gave the same result I'm having now. 

I'm using vlans (and my access point since it supports vlan tagging) for testing instead using of the physical ports. I'd rather not have down time on my services until I have a chance to really test and understand the setup.

Yes, I've got converted it from UTM to XG v18.

I didn't mention bridges at all, and I'm certainly not confused. Maybe your referring to the limited access thing, in which I'll elaborate there.

I plan on setting firewall rules restrict connections between subnets, and then setting rules allowing specific access to each other. For example, maybe the wifi subnet would have access port 80 and 443 to something like an Emby server on the servers subnet.

Your original network shows a br0 and does not show any of the physical ports.

Are you VoIP phones on VLAN3? Where does VLAN3 exterminate, the switch or the XG?

You will need a DHCP server for each VLAN and you will not need a firewall rule to allow traffic to the DHCP server. If planning on using static addresses I would suggest you limit your DHCP address ranges because the XG cannot handle static addresses within a range, they need to be outside the range. You will not be able to assigned the same device name in different subjects, another limitation on XG.

Ian

Ah, I see. Everything connected on the network right now is all on the default lan network, and completely unrestricted or running on a vlan. The br0 your seeing just connecting all the ports on my SG 210 to lan, except for the only one I use for WAN. My access point is running a test wifi network that's set to bridge to the test vlan, and I'm just connecting laptop's and mobile device's testing it. Regardless, I created rules allowing any traffic just in case, and I have created a DHCP server for the vlan with the correct configuration and even linked that in the screenshots. Despite what you might be thinking, I'm not stupid and I'm pretty sure this isn't user error.

The diagram I gave you was showing what I was trying to do, here what my network actually looks like as of this moment.

I'd use a spare port on my SG 210, and just setup my test network and connect my AP that way, but I don't have a power cord available for the AP and my ethernet switch has PoE.

I'd use a spare port on my SG 210, and just setup my test network and connect my AP that way, but I don't have a power cord available for the AP and my ethernet switch has PoE.

I don't think you are stupid and never implied as such, just I think you are trying to make life very difficult forself with your planned setup..

Your new diagram shows the VLAN3 and the DHCP being connected on different interfaces to the SG210 that will cause you DHCP issues.

The WIFI configuration will need to connect to the LAN not to a seperate port to get the DHCP to provide addresses.

Ian

They aren't on different interfaces, it's just how I displayed it.

So, I went and retrieved a power cable for my AP, and created the same setup with a different port this time, and now everything seems to be working. Now the question is, why didn't the exact same setup work before with the vlan.