Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED 60 untagged and VLAN Issue

We are a medium sized automotive dealership group with 11 locations all with a connection back to a centralized XGS2100.  A few of the stores are on the same campus and are connected back to the XGS2100 via private buried fiber each having their own port on the XGS2100.  Two of our stores have their own XG and XGS devices connected back to the XGS2100 via site-to-site VPN.  One connects via a RED 20 and the last one has a RED 60.  Every one of our stores have the same network setup (different subnet IPs of course).  The untagged subnet is the main corporate network, VLAN 8 is for BYOD, VLAN 99 is guest wifi, and lastly VLAN 100 is VoIP.  Each store has Unifi switches with the appropriate VLANs and trunking/tagging configuration.  We have absolutely no issues at any of our stores except the one with the RED 60.  Searching the Sophos community forums, it appears there's a lot of confusion on how the RED 60 handles untagged and tagged VLAN traffic and I'm one of those people.

If I have the RED 60 on switch mode, the untagged network passes and works like a charm, but of course the other VLANs do not.  If I change the RED 60 to VLAN mode, no matter what type of port configuration on the RED I set up, it won't pass a single packet, tagged nor untagged.  The following screenshot is the first attempt and in my mind should be the correct configuration.  I have a regular switchport only on the native network (VLAN1) plugged into the RED port1 and then a switchport that is trunked with all VLANs plugged into RED port2.  This does not work for untagged or tagged traffic.  I also tried changing port1 to a hybrid port and that also doesn't work.

The RED 20 we have at one of our stores works perfectly even though it doesn't have the whole switch/VLAN options on it.  It just passes all untagged and tagged like you would expect it to.  If anyone can give me any insight on how to overcome this issue, I will be eternally grateful as we are looking to replace an older XG at one of our stores with a RED 60.  If I have failed to provide enough information, please let me know and I will be happy to provide.



This thread was automatically locked due to age.
Parents Reply Children