Hi! I just created a new VLAN and DHCP server with firewall rule and clients are not able to get an IP address. My goal is to have my guest WIFI network (and if I can get this working, my IoT network) on a separate VLAN. I've restarted my switch, firewall, and DHCP server, removed and re-created everything a few times but no joy.
My newly created VLAN interface:
My new network IP host:
My newly created DHCP server on the firewall for the new VLAN:
The new firewall rule to allow traffic from the 192.168.200.0 network to the WAN (placed in top position):
I have a Unifi AP connected but have also tried a wired laptop to another dedicated VLAN port on the switch with the same results: can't get an IP address
Thanks for any help!
Thank you for contacting the Sophos Community.
I see in your other post you have the same VLAN configured for a different purpose https://community.sophos.com/sophos-xg-firewall/f/discussions/136551/vlan-clients-receives-ip-from-dhcp-but-can-t-access-internet, make sure you are not overlapping the subnets!
No this is for a different site. I'm just using the same VLAN 200 for all my sites for guest wifi networks.
Hi dsurfer ,
Tcpdump will help us to find whether the request reaches Firewall or not from the switch
console> tcpdump interface PortA.200 'port 67 or 68
09:12:51.593198 PortA.200, IN: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 50:22:00:06:00:00, length 300
If no IN packet is received with the above tcpdumps, we need to confirm from the switch VLAN configuration and VLAN interface are properly set on the switch.
tcpdump command :
tcpdump interface <interface> 'port <port-number>'
Thanks and Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
There doesn't seem to be anything when checking:
Please check with other managed switch, as you have issues with the switch end.
below is the configuration of the working switch.