Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 7 subscribers
  • Views 22661 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AP30, 9.400, VLANs, and ESXi - need help

BarryG

Hi,

For many years I've been using an AP30 with VLANs on my Netgear GS108T 'smart' switch, most recently with UTM 9.355.


I've decided to move the UTM to a new VM server running ESXi 6.0u2, and I've setup a UTM 9.400 system (build from ISO).

Everything is working fine except the AP30... the UTM saw it briefly, but after I configured it, it's listed as 'inactive'.

Configuration:

Netgear:

Port 6: AP30; all VLANs TAGGED (1, 10, 11, 13)

Port 2: ESXi server; all VLANs TAGGED (1, 10, 11, 13)

ESXi: (pic below)

Internet/WAN connection on separate physical NIC3

Each VLAN on separate virtual NIC

I prefer to keep it this way if possible, rather than managing the VLANs in the UTM (that would cause more complications)

UTM:

eth3: VLAN1

eth1: VLAN13 - management network 192.168.11.0/24. AP30 should gets its IP here (192.168.11.211)

both of these NICs are in the 'allowed interfaces' for Wireless Protection, although I have also tried one at a time.

The settings for the AP are set for it to use VLAN13.

I can see the BOOTP/DHCP requests from the AP on eth3, but the UTM does not respond. I haven't setup a DHCP server on eth3, but there is one on eth1.


Pics to follow.

Anyone know how I can get this working?
I'm not sure if this is related to https://community.sophos.com/products/unified-threat-management/f/52/t/75751

Thanks!
Barry



This thread was automatically locked due to age.
  • 0 in reply to BarryG

    Can anyone confirm if my idea above will work?

    Thanks,

    Barry

  • 0 in reply to BarryG

    Hi Barry,

    yes, what you described above will work.

    Regards,
    Emanuel

  • 0 in reply to etaube

    Hi, I setup an old (former UTM) machine as a temp UTM (using the asg-9.401-11.1.ISO) to try to get the AP30 flashed...


    I setup DHCP on the second interface, and plugged the AP30 into a NON-managed/non-VLAN switch with PoE and connected it to the UTM.


    On the UTM, with tcpdump, I can see BOOTP/DHCP packets from the AP30, but I do not see a response from the UTM. Also, nothing shows up in wireless.log other than the startup messages.

    I forgot to check the DHCP log.

    Do I need to RESET the AP30 somehow?


    Thanks,

    Barry

  • 0 in reply to BarryG

    Hi Barry,

    on which VLAN do you see the DHCP requests? You can see this by "tcpdump -eni ethX". It is propably 1 or 13, then you need to provide a vlantagged interface on your UTM. This means for example if your AP is plugged into eth4 and the dhcp requests are coming with vlan 13 you need to configure a new vlan interface with hardware eth4 and vlantag 13. For this interface you also need a dhcp server and you need to add it in allowed interfaces under wireless protection.

    Regards,
    Emanuel

  • 0 in reply to etaube

    Hi,

    Previously, I was seeing VLAN tagged packets on VLAN1, and non-tagged BOOTP/DHCP requests as well.

    Last night, I only was looking at untagged packets.

    Are you saying I need to setup the VLANs on the new UTM because I was using VLANs before? 

    Because the docs don't seem to indicate it's necessary for a new setup... which is why I'm asking if I can do a RESET.

    I'm not using a VLAN switch on this temporary UTM, if that matters, and my goal is to get the AP30 to work on my ESXi system with NO VLAN tags needed.

    Thanks!
    Barry

  • 0 in reply to BarryG

    BTW, I never had to setup VLAN1 on the UTM previously; the UTM picked up the AP without it.

    Does the 9.400 firmware bug cause it to now be necessary to setup VLAN1 myself?

    Thanks

  • 0 in reply to etaube

    Emanuel, I got it working after adding the VLANs to the temp UTM.

    After the firmware updated, I plugged it into my home network, and (after 4 minutes!) it started appearing in the logs and I was able to get it working with Bridge-to-LAN.

    Do I need to worry about anything else, or will it continue to work without any VLANs from now on?

    Thanks!
    Barry

  • 0 in reply to BarryG

    It will continue to run from now on and you don't need to worry about anything else.

    Regards,
    Emanuel

Unfiltered HTML