Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wireless/switch/vlan setup

Typical network

  • ISP modem (bridged mode) -> Sophos firewall port 2
  • Firewall port 1 -> Sophos 1000 series switch port 28 (through an RJ45/SFP adapter)
  • Switch port 2,4,6,8,10 -> APX120 1,2,3,4,5

VLAN Requirement

  • Staff VLAN (10)
  • Guest VLAN (20)
  • VoIP VLAN (30)
  • Networking devices VLAN (40)

I plan to set up network as following. Is it about correct?

1) Add four VLANs to Port 1

  • Staff: 10.10.10.1/24
  • Guest: 10.10.20.1./24
  • VoIP: 10.10.30.1/24
  • Networking: 10.10.40.1/24

2) Add DCHP servers accordingly

3) Add a new zone (Guest) and add Guest VLAN to this zone

4) All APs: VLAN 40 (networking)

5) Add a Staff WiFi SSID, VLAN tag 10

6) Add a Guest WiFi SSID, VLAN tag 20

7) Switch port 2,4,6,,8,10: untagged VLAN 1; tagged VLAN 10,20,30,40

8) Switch port 28: untagged VLAN 1; tagged VLAN 10,20,30,40

9) Switch port 12,14,16,18,20: untagged VLAN 30, tagged VLAN 10 (those ports connect to VoIP phones, which have a PC port for staff desktop PC). Does Sophos support LLDP-MED? I believe so, as staff PC will need to stay in VLAN 10 (Staff), not 30 (VoIP)

Thanks!



Added TAGs
[edited by: Erick Jan at 5:09 AM (GMT -8) on 12 Jan 2024]