Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 4241 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need advice - how to setup multiple switches on SG 125?

John Dillworth

Hello! This will be my first time posting with the Sophos Community, and I'm relatively new when it comes to networking.

BACKGROUND...

We use the Sophos SG 125 (running UTM 9.509-3) mostly for its firewall and routing, and not much else is active at the moment.

Our network is spread among three Cisco SG200 managed switches, and I'd like to improve how they're connected to the SG 125.

Our 26 port switch connects our PCs and other devices, including our daisy-chained 10 port switch that's connected to our VoIP phones and Wi-Fi access points. Our second 10 port switch is currently not connected to the SG 125 at all, and it's simply an isolated LAN for now.

The LAN interface (ETH0) is configured as "Ethernet" to use IP address 192.168.1.1 with /24 netmask and is connected to our 26 port switch.

...OBJECTIVES...

I want to connect the first 10 port switch to ETH4 and move the Wi-Fi access points so that only the VoIP phones will be connected to this interface.

The other 10 port switch will be connected to ETH5 and get the Wi-Fi access points, which need to be able to talk to the LAN on ETH1.

...AND QUESTIONS

Can I configure ETH4 as "Ethernet" to use IP address 192.168.2.1 with /24 netmask and have DHCP assign relevant IP addresses to the phones?

And would ETH5 be configured as "Ethernet Bridge" to allow the Wi-Fi access points to communicate with the LAN?

 

If there's anything I'm missing, I would appreciate any guidance you have to offer. Thank you for your time and consideration!



This thread was automatically locked due to age.
  • +1

    I dont know how many free ports has your sg125.

    But if you have free ports:

    Configure each port to desired lan.

    Example: eth1 (lan1 192.168.1.1), eth2 (lan2 192.168.2.1)

    Buid VLAN on switches with their respective IP for each lan. The ports on the switch where UTM is connected (in this case 2 of them), must be configured as  access (not trunk).

    You can do trunk betwen 2 switches and have both networks (lan1 lan2) there to desired ports, but SG will regulate the rules

    In this way you control in SG125 how the two or more networks are connected, regulating the traffic with firewall rules.

    From my experience I will not recommend network Bridge.

    A topology might be helpful to achieve the best

  • 0 in reply to Ol Deda

    Well, that turned out to be easier than I thought - thanks so much for your advice!

    I ended up setting up port ETH4 for the phone switch as "Ethernet" on 192.168.2.0/24, followed up by adding the new network to my firewall rules, DHCP, and NAT.

    Seems to be working quite well.

    For our second 10 port switch, I connected the Wi-Fi access points and simply plugged it into our main 26 port LAN switch. As far as I can tell, the Wi-Fi seems to be working great just like usual.

    My next step is to learn more about how to prioritize the phone switch's traffic over the LAN switch, but thanks again for your help with getting this part done.

Unfiltered HTML