Bridge wlan and ethernet port on SG310

Hi All

On our SG310 I have set up a wlan (SSID: kltv) and added a dhcp server for that wlan (interface). It's working like a charm and all wireless clients are getting an ip (10.21.32.x) and can access the internet. Now I need to add a wired network (by using a new/unused ethernet port on the SG310) which shares the same subnet (10.21.32.x) as the the wlan (kltv).

I have tried to change the wlan interface from "ethernet" to "ethernet bridge" and bridge/select the wlan (kltv) and an unused eth6 NICs, but it doesn't work. Now only the eth6 wired clients get ip addresses and can access the internet. The wireless clients can't obtain an ip address anymore and therefore no network connection.
When I change the interface back to "ethernet" the wireless works again, but the wired network is gone, of course.

I think it should work by doing it this way, or am I missing something here?

I already have another wireless network (SSID: staff) set up bridged to AP LAN in "Wireless Networks" and it must stay that way. The wlan (kltv) is configured as seperate zone. I'd rather not use VLANS to solve this, if thats possible.

Can't find any posts that could help, so I hope you can lead me in the right direction.

Parents
  • Hi, BAlfson

    Thank you for your reply. I guess I was a bit unclear. You can say I want two separate instances of wireless networks bridged to each of its seperate LANs.

    Here is my what we have now:

    A wireless network ("Staff") bridged to AP LAN. Interface eth0 and subnet 10.70.32.x. Radius authentication and DHCP is handled by our local server 2019. All access points and desktop PCs are connected to this network.

    We also have an additional wireless network ("kltv") for students and guests. Interface wlan0 and subnet 10.21.32.x. Radius authentication on server 2019 and dhcp handled by dhcp server on the UTM itself.

    All is working fine.

    Here is what I am trying to do:
    I want to add a LAN (add an a new unused ethernet port on the UTM) on the same subnet as "kltv" so I can have both wired and wireless devices on the same subnet. I have tried to change the interface type to "Ethernet Bridge" on the kltv interface and bridge NICs wlan0 and eth6. The problem is that now only the wired clients gets an ip (10.21.32.x), the wireless client can't. When I change back the kltv interface to "Ethernet" the wireless works again, but of course I loose the wired part on eth6.

    I have also tried to create a new wireless network with WPA2 personal authentication so that all is handled only by the UTM itself, but same result.

    I hope this makes it a bit clearer what I want to achieve. I been working on this for days reading, searching the web and this forum and I think i should be possible.

    I really hope that you or someone else in here can point me in the right direction or at least say it isn't possible to have this setup.

    Kind regards,

  • Please insert a picture of the Edit of the kitv Wireless Network.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Sure.

    Edit wireless:

    And also edit interface:

    I think everything is right. Not working though :-(

    Kind regards,

  • That looks perfect.  What happens if you do the following?

    1. Edit kltv
    2. Uncheck wlan0
    3. Check eth7
    4. Save
    5. Edit kltv
    6. Uncheck eth7
    7. Change to Ethernet
    8. Save
    9. Edit kltv
    10. Change to Ethernet Bridge
    11. Check wlan0
    12. Save

    If that doesn't resolve this, maybe you need another EtherType.  It would time to get Sophos Support involved.

    Cheers  - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi, BAlfson

    I think I already have tried something like that, but I will give it another go on monday.

    Frustrating, but at least I read your replies as "this should be possible".

    Thanks.

  • I set this up for a client almost 5 years ago:

         

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi again

    I have tried your above suggestion, but the wlan on the list is missing. I can only choose from my unused eth ports.
    There is a strange thing though. The wlan actually shows up on the list, but disappears almost immediately. It looks buggy, but I could be wrong. I have attached a video of the behaviour.

    By the way, I tried a few other things and reconfigured a bit, so the kltv is now wlan2 in the video.

  • Definitely you will want to get a case started with Sophos Support.  Show us what you get with the following command as root:

         cc get_object_by_name itfhw awe_network 'kltv'

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
  • Strange.  What do you see with: 

        cc get_objects itfhw awe_network|grep \'name

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes, it looks strange. My other wlan also says '0'.

    When I type cc get_objects itfhw awe_network|grep \'name, I get:

    'name' => 'wlan0 (Remote Wireless Network)',
    'name' => 'wlan2 (Remote Wireless Network)',
    'name' => 'MJS',

  • There is no wlan1.  What do you see with:

         cc get_object_by_name itfhw awe_network MJS

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I get this:

    fw01:/home/login # cc get_object_by_name itfhw awe_network MJS
    {
              'autoname' => 0,
              'class' => 'itfhw',
              'data' => {
                          'ap_bridgemode' => 'lan',
                          'bridge' => '',
                          'client_isolation' => 0,
                          'comment' => '',
                          'crypto_alg' => 'aes',
                          'description' => 'Remote Wireless Network',
                          'dot11r' => 0,
                          'dynamic_vlan' => 0,
                          'encryption_mode' => 'wpa2_enterprise',
                          'freq_bands' => 'ag',
                          'hardware' => 'wlan1',
                          'hide_ssid' => 0,
                          'interface_name' => 'wifi1',
                          'mac' => 'xxxx',
                          'mac_filter' => 'disable',
                          'mac_list' => '',
                          'mesh_id' => '',
                          'mesh_mode' => 'none',
                          'mesh_subtag' => '',
                          'name' => 'MJS',
                          'network_mode' => 'mixed_bgn',
                          'network_name' => 'MJS',
                          'psk' => '',
                          'r0kh_secret' => 'xxxxxxxxx',
                          'ssid' => 'MJS',
                          'ssid_vlantag' => '',
                          'status' => 1,
                          'time_scheduling' => 0,
                          'time_select' => [],
                          'uapsd' => 1,
                          'utf8_ssid' => 1,
                          'vlantag' => 101,
                          'wep128' => '',
                          'wep_authentication' => 'open'
                        },
              'hidden' => 0,
              'lock' => '',
              'nodel' => '',
              'ref' => 'REF_ItfAwe2',
              'type' => 'awe_network'

    I've put in the x's.

  •      ap_bridgemode' => 'lan',

    That's bridged to LAN.  What happens if you delete that wireless network and create a new one identical to it, but not bridged to the LAN?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi, BAlfson

    I really appreciate your help. That would mess up our network a little bit. Luckily it's holidays next week, so I give it a try tomorrow and see if it at least will enable me to create that ethernet bridge between eth6 and wlan2. If that is what you are suggesting.

  • Hi again

    It didn't make a difference. I even deleted all my wlans and recreated them, but I still am unable to create that ethernet bridge.

  • I hope you have started a Support case ,cause this is a strange one!

    Let's try the following commands again:

         cc get_objects itfhw awe_network|grep \'name

    and

         cc get_object_by_name itfhw awe_network ????

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • After deletion and recreation of all the wlans I get the same:

    fw01:/home/login # cc get_objects itfhw awe_network|grep \'name
                            'name' => 'wlan0 (Remote Wireless Network)',
                            'name' => 'MJS',
                            'name' => 'wlan2 (Remote Wireless Network)',

    fw01:/home/login # cc get_object_by_name itfhw awe_network
    0
    fw01:/home/login #

    I haven't started a support case yet. I am a little torn between opening a case, or doing a whole new install and configure it all from scratch and see if that helps.
    A couple of years ago I had a support case (also some wireless stuff), which they did not follow entirely through, so the problem was not 100% resolved. They did some manual changes in our UTM and access points (I don't exactly know what), and since then I have noticed some strange behaviour/bugs from time to time. So as you might have guessed, I am not entirely happy with things.

  • Hmmmm...  You're right, it might pay to get  two or 3 backups off the box and then re-image from ISO and restore.  Let us now!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA