Hello
for branch offices we are using accesspoints that do local switching for each SSID to a separate VLAN.
Branches have a L3 switch installed that routes the local VLANs via the RED-interface of the HQ-UTM
HQ UTM has a static route pointing the remote VLANs via the L3 switch.
L3 switch does DHCP relay to HQ-DHCP servers (and for that requires an IP address in each VLAN)
So far so good :)
Trouble now is that we now need to deploy a GUEST-SSID in the remote offices with the following requirements:
Problem is: L3 switch requires IP for DHCP relay but afaik automatically routes between its local networks once an IP is assigned to a VLAN therefore requirement one is broken
Any ideas how to solve this issue?
This affects multiple remote GUEST-SSIDs
Thanks for advice
Hello Balfson,
did not go the Support-Way and decided to do a little experimenting with a RED10 I had in my office:
Here is a working example config:
UTM
Interface type Ethernet - Hardware RED10 - IP 10.x.0.1/24
Interface type Ethernet VLAN - Hardware RED10 - IP 192.168.x.1/24
Static route: 10.x.0.0/16 via 10.x.0.2 (L3 Switch in branch)
DHCP-range for Guest-VLAN interface of RED
RED has WAN connected and LAN1 to Switch port 1/1
Switch
Port 1/1 is member of VLAN 1 and GUEST-VLAN. PVID is 1. Port is set to untag PVID and tag GUEST-VLAN
Port 1/x has AP connected. Is member of all SSID VLANs (tagged) + untagged AP-Management-VLAN
Switch routes between all SSID VLANs, AP-Management-VLAN and VLAN1. Does not route GUEST-VLAN
DHCP relay for routed VLANs to HQ DHCP server
This configuration works with the RED10 just fine. Also tested for network separation et cetera. Looks good to me. I also attached a schematic
Maybe the only benefit of the RED50 is that VLANs can be directly assigned to the LAN-NICs of the RED? (not sure never used a RED50 yet. Always either RED10 or small UTM)
Best greets
Quote