Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
Hi,
I'm new with this equipments, i'm trying to configure VLANS between two equipments (SOPHOS -» Switch)
SOPHOS:
- WAN - DHCP from ISP router
- LAN PORT1
IP: 192.168.100.1/24 - ZONE LAN
1.10 - VLAN 10 - 192.168.10.1/24 - PORT 1 - ZONE LAN
1.20 - VLAN 20 - 192.168.20.1/24 - PORT 1 - ZONE LAN
Have DHCP configured for the physical port and each vlan.
The firewall is configured to allow any traffic for ZONE LAN
On the switch side:
Configured port 8 (connected to sophos PORT1) as trunk tagged
port 1 as vlan 10 untagged
port 2 as vlan 20 untagged
I cant get DHCP on the switchports 1 and 2 but if i configure manually ip address on the computers NIC i can ping the vlan respective vlan gateway (ex: 192.168.10.1) and have access the internet.
I'm missing any configuration as i'm using router on a stick?
do you have port 8 as tagged for both VLANs?ian
XG115W - v19.5.1 mr-1 - Home
If a post solves your question please use the 'Verify Answer' button.
Yes i do. Both switchports (port 1 - vlan 10 and port 2 - vlan 20) have the same issue, work with the respective vlan only if i set manual ips on the computers nic. I cant get dhcp for that ports/vlans.
The other ports arent in use.
Edit: on the firewall side i dont see any option to tag the vlan. I have the VID so im assuming the firewall is doing it by default
the XG creates the VID when you create your VLANs. Does your switch support L3 VLANs, though this shouldn't be an issue with v19.x and you do not need an addressor the physical port.
Ian
My switch is an aruban instant on 1930 8port JL680A.
For this configuration is requires l3?
I did a default config on the firewall, reconfigured with the same configs and now its working... wtf
I have created 6 vlans each one assigned to the first 6 switchport (vlan10 - swport1, vlan20 - swport2,...)
Vlan10: 192.168.10.1
Vlan20: 192.168.20.1
Vlan30: 192.168.30.1
...
From each vlan i can ping other vlans ip interface (ex. from vlan 30 i can ping 192.168.10.1) can this be blocked or its impossivel because its a switch virtual port?
I can ping only the svp ip and not the equipments itself on the other vlan so its not doing inter vlan routing and thats good. Can i block too pings to the other svp interface
from memory you have a firewall rule allow all inter lan traffic, disable it.
ian
The inter lan traffic is disable but i can ping the other vlans network IP.
I cant ping other vlans equipments but i can ping the vlan netword ip and i want to block this too.
Do a tracert to see where the traffic is going?
I configured port 7 and 8 as wan LAG with LACP, and connected those interfaced to my switch on port 7 and 8. On the switch side both ports are set as trunk with LACP enabled.
Everything seems fine but when i disconnect 1 of the 2 lag cables I can see 1 packet loss when ping 8.8.8.8. With this configured the packet should be sent by the other interface right?
Why im having this packet loss?
I notice with this configuration every 10-20pings 1 is loss even with 2 cables plugged.