Multiple VLANs on SD-RED 60 and XG firewall

Hi 

I have an XG 210 at the main office and SD-RED 60 at a remote site. 

I would like to have data (2) and VoIP (10) VLANs routing to the main office LAN. 

I have setup the RED without VLANs in switch mode and all works fine, but when I change to VLANS (Tagged Trunk Port) nothing connects. The switch port connected RED is set to trunk mode with the VLANS added.  

If I do a tcpdump interface RED1 I see traffic from a test host on the RED side, a tcpdump on port1 LAN interface of the XG shows no packets from the RED interface. 

I have the LAN to LAN firewall rule set. 

Subnets at the 2 sites are not the same. What am I missing? 

Thanks

 



Added TAGs
[edited by: emmosophos at 7:18 PM (GMT -7) on 8 Apr 2021]

Top Replies

  • Hi ,

    Thank you for reaching out to Sophos Community.

    Can you please post a snapshot of RED interface configuration?

    I'd request you to check the packet flow in CLI by running the below command.…

  • Hi ,

    Thank you for reaching out to Sophos Community.

    Can you please post a snapshot of RED interface configuration?

    I'd request you to check the packet flow in CLI by running the below command.

    ==> Login to SSH > 4. Device Console

    console> tcpdump 'host <test host IP of RED network> -e

    eg: console> tcpdump 'host 192.168.168.1 -e

    -e will show you whether traffic is being tagged with VLAN ID or not.

    Click here to find more information on "How to configure a RED 60 with VLANs".

    Thanks,
    Yash Kothari
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, use the 'Verify Answer' link.
  • Hi Yash

    Ran this command: tcpdump interface reds1 'host 192.168.20.140 -e'

    20.140 being a test PC on the RED side Vlan 2.

    09:15:09.175674 reds1, IN: 40:b0:34:4f:c6:ef > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 2, p 0, ethertype ARP, Request who-has 192.168.20.2 tell 192.168.20.140, length 46

    Thanks

  • Hi Yash

    I think I've solved this one. I ended up using another VLAN with ID 3 on the RED side, I then added a VLAN interface with IP to the RED for this VLAN. I also used a different subnet on the RED side. DHCP is working now and I can now connect between VLAN remote site and local LAN. I don't know why VLAN with ID 2 didn't work. 

    Thanks for your help tho!