Our network has a pair of wifi devices configured as a bridge which was installed several years ago. In my ignorance and before a UTM had been installed I configured the management interfaces for these two devices with IP addresses on a /27 subnet.
Since then the network has grown substantially to meet new requirements. Managed switches were installed at each end of the bridge, various vlans were configured as the network grew and the wireless bridge, connected between trunk ports on the switches at each end, carried all the traffic to all the required subnets.
All this worked across the bridge without any problem until I had a prompt to update my firmware and found that I could no longer access the management ports of the wifi devices.
I have the wifi bridge device configuration details but I need advice accessing the management interface because I have some difficulty gaining physical access to plug and play so must work entirely through the network.
I could reconfigure the managed switch temporarily so that the connection to the bridge device port is configured as an access port on the existing management subnet but this would take the bridge out of action.
Is there any means for connecting to the wifi device without stopping the trunk connection over the bridge.
Just starting to think about this because, although there is a solution using the managed switch, there may be a solution using the UTM capability. Any suggestions would be much appreciated.
You may add an additional IP / alternative Subnet at the interface where WiFi components are connected.
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
Many thanks for the reply. I think I understand and had been thinking along these lines but am not sure exactly what will work. At present the copper connection to the wifi AP is from a port on managed switch which is configured with all relevant vlans which are intended to go over the wireless bridge. These are connected to the port as Tagged so all traffic leaves the port tagged and is sorted out at the other end with another managed switch.
Unfortunately when I configured the management port on the wifi device I did not set a management vlan (we didn't use them then) but used a small subnet (/27 mask).
Years later and through forgetfulness I used the same subnet for one of the vlan networks with overlapping addresses, in that I used the same address but /25 mask.
My (very limited) understanding is that to connect to the wifi I need to connect so required traffic exiting the port is Un-tagged. I can create a subnet on the UTM and know the wifi device address will not conflict with another on subnet because I control the reserved addresses, but will the fact that the device is in band cause a problem or will the subnet mask prevent this problem. Well beyond my network knowledge here!
I will try it, but not this week as I don't want to risk breaking the bridge until I know there is a quiet window. Meanwhile any further help would be appreciated.
The supplier of the wifi devices which I am using for a bridge advises they do not support management vlans. The devices are configured as WDS bridge and work well carrying four subnets which are on vlans from a managed switch at each end.
Is it possible to have one port on a switch configured for both T-agged traffic on one subnet and U-ntagged traffic another. I cannot get this to work but cannot see why and am not getting any errors, just no success. Getting very confused.
Some (or the most) switch vendors allow some tagged and one untagged vlan at the same port.
With cisco and extreme i have build this some time ago.
Thanks for this. At least I am not totally up the creek.
Will have to check details again. Am working through four switches and plenty of scope for errors along the way.
Since the devices I am using as wireless bridge cannot work with vlan management connection I have reconfigured my networks slightly to avoid possible conflicts and created a separate subnet just for the bridge devices. All working as required now. Many thanks for the help and suggestions.