Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 3668 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN routing and interfaces in Sophos UTM

Heli0s

 I currently have a UTM setup with three different interfaces (WAN, LAN, and DMZ). The LAN and DMZ interfaces have DHCP servers setup with different subnets. The UTM is connected to a trunked port on a managed switch, which is also connected to a wireless AP (which is also on a trunked port). The AP has multiple SSIDs. The DMZ interface is configured to be an "Ethernet VLAN" with an IP of 10.50.0.1/24, a VLAN tag of 10, and the associated DHCP is on the same subnet. The LAN interface is configured as an type "Ethernet".

The AP allows me to tag certain SSIDs with a VLAN. When a client connects to an untagged SSID, it gets an IP address from the LAN interface DHCP client. When a client is connected to a guest SSID with a VLAN tag of 10, it doesn't get an IP at all. Is there a way to ensure that the tagged traffic is correctly routed to the correct interface/DHCP?



This thread was automatically locked due to age.
Parents
  • 0

    Heli0s,

    That could be a couple of reasons.

    First I would check if you get an IP, when you configure an access port in VLAN10 on the managed switch. If you get one, DHCP and the VLAN tag on the trunk ports are OK, so you should check the access point settings.

    If you get no IP, you should check if you get access to the DMZ/Internet when you configure an static IP of the range 10.50.0.1/24 on your client.

    If you get an connection, you have a problem with DHCP.

    If you get no connection, you have a problem with the trunk from the UTM to the switch. Check also the firewall logs if something is blocked.

     

    I've the same setup with an OpenWRT router. It was a bit tricky but now it works.

     

    Jas Man

     

Reply
  • 0

    Heli0s,

    That could be a couple of reasons.

    First I would check if you get an IP, when you configure an access port in VLAN10 on the managed switch. If you get one, DHCP and the VLAN tag on the trunk ports are OK, so you should check the access point settings.

    If you get no IP, you should check if you get access to the DMZ/Internet when you configure an static IP of the range 10.50.0.1/24 on your client.

    If you get an connection, you have a problem with DHCP.

    If you get no connection, you have a problem with the trunk from the UTM to the switch. Check also the firewall logs if something is blocked.

     

    I've the same setup with an OpenWRT router. It was a bit tricky but now it works.

     

    Jas Man

     

Children
No Data
Unfiltered HTML