Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 38 subscribers
  • Views 1115 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP Wrongly Assigned IP address for different interface

Sze Xian Yam

Current network having two interface with different subnet. Both interface connected to same switch without VLAN.

Port 1: 192.168.0.1/24

Port 6:192.168.100.1/23

DHCP Server

Aruba Access Point was placed in 192.168.100.x network, and having static IP Address 192.168.100.1-10, with gateway 192.168.100.1/23.

However user that connected to the access point are assigned with 192.168.0.x IP address.

Is there any way to allow user that connected with wireless access point to request IP Address only from .100 network, and user connected with LAN cable from switch request IP address only from .0 network?

XG210 (SFOS 17.5.15 MR-15)



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out, and welcome to the Sophos Community!

    Is there any DHCP relay configured on your firewall? 

    Could you please provide the packet capture on port 67 and 68 using the following command from the console:  tcpdump filedump 'port 67 or 68 -s0

    Reference KBA: Sophos XG Firewall: How to capture packets and download the Packet Capture

    Thanks, 

  • FormerMember
    +1 FormerMember

    Hi Yam, 

    You haven’t segmented your Layer 3 traffic on the switch. Aruba AP and LAN users are essentially in the same broadcast domain from the switch's perspective.

    The only rational way to achieve this is by segmenting your network through VLANs as both networks are connected on the same switch unless your switch has some smart abilities to forward requests coming from certain ports to go out with certain ports.

    Otherwise, you can Disable DHCP for the LAN range and add static IP entries on all the LAN machines. Keep the Aruba DHCP working.

    Hope this help :) 

  • +1

    Hi Sze Xian Yam,

    you are running two networks on the same layer 2 infrastructure. Doing so is not what you should do in network design. 

    1) You could define two VLANs on the switch (if you are able to do so). Connect everything that belogs to LAN to VLAN 1. Everything that belongs to WiFi to VLAN 2.
    You will need also to connect the corresponding interfaces to this VLANs.
    Or -  you can use tagged VLANs 1+2 on the firewall and on the uplink of the switch.

    2) You could use the same network for WiFi an LAN. If necessary use /23 instead of two /24 in order to have enough free IPs.

    Best regards,
    BeEf

Unfiltered HTML