I have reviewed https://community.sophos.com/kb/en-us/133199 APX 530 / APX 740 ETH1 Interface FAQ
and
https://community.sophos.com/products/sophoswireless/f/questions-issues-bugs/117858/utilizing-eth1-on-apx-530-740-as-an-access-port-un-tagged-in-a-vlan/426399 Utilizing Eth1 on APX 530/740 as an access port (un-tagged in a VLAN)
but I have not found a satisfactory answer to my current issue.
Here is the scenario, I have a XG230 (SFOS 17.5.9) controlling a several access points. One of the access points, a APX 740 (Pattern 11.0.009) is in a position where I would like to pass though its connection.
The AP is running a guest SSID configured with a "separate zone" and a main SSID configured to bridge to VLAN 10. The AP itself is set to bridge to use VLAN 5 as is required when hosting a "Bridged to VLAN" SSID. The port the AP is on has an untagged network I would like to pass though, as well as VLAN 5 and 10.
The problem is when I set the AP to use a VLAN in the AP configuration (VLAN tagging true, AP VLAN ID = 5), I'm no longer able to reach any hosts connected to Eth1. Everything I have read suggests that Eth1 is a simple bridge of Eth0 regardless of the AP configuration but that doesn't seem to be the case when the AP is tagging itself to a AP management VLAN.
If the AP Vlan, main SSID, and intended VLAN for Eth1 was all the same, I could configure the AP to bridge to local LAN however, these are all intended to be separate. In some old documentation, a suggested work around was to assign the AP to VLAN 1 (presumably to use the default VLAN for management yet also allow SSID that are bridged to a separate Vlan) but that is no longer possible in the FW GUI.
Is this a bug or limitation that has not come though clearly in the above literature regarding Eth1? Is Eth1 unusable in all configurations involving APs hosting SSID that are bridged to tagged VLANs?
This thread was automatically locked due to age.
