Hi Guys, I have a Head Office with a SG230, Dell 6248 (Layer 3), and a number of Internal VLANS - all working fine Dell 6248 is the Core Router, vLANs 10, 11, 12, 13, 15 setup with Interfaces (10.0.10.x, 10.0.11.x etc), IP routing etc and all working fine. 10.0.10.x is the network the corporate servers are on. 10.0.x.254 is the vLAN routing interface for each subnet/vlan. SG230 (10.0.10.250) all setup and working fine, email scanning, web protection etc SG230 under Interaces and Routing - Static Routing: all Head office vLans ->Internal Interface, vLAN 50 (Site Office vlan) ->Interface Sitename VOIP Phone System is on vLAN 999 - 192.168.1.x Just added a new remote office for 4 workers and have setup a RED15W, Ubiquiti EdgeSwitch 24 (Layer 3 and POE - needed POE for Ubiquiti Security Cameras there), and 4 VOIP Phones Internet is via ADLS2 modem, PPPOE and up and running (connection does have a static IP) RED15W has been provisioned as Standard/Unified and an IP of 10.0.50.253 assigned during provisioning (used the Wizard in the SG230) It created a DHCP Scope - and that seems to be assigning IP's to the Machines and Phones at the Remote Site. All PC's and Phones are being assigned 10.0.50.x addresses with Red15w assigned as Gateway/DNS. I can also see active leases in the SG230 - DHCP for those devices. On the local machine I can mostly browse web pages, watch youtube video and see usage on the RED connection on the SG230 dashboard. PC's will not see server resources at Head Office (10.0.10.x) nor will VOIP Phones connect to Phone System at Head Office (192.168.1.204), nor can any site workstation PING anything at head office. So I thought it must be a routing issue andwent ahead and created on the Ubiquite EdgeSwitch - vLAN 50 (Untagged on all PC and Phone Ports and the uplink to Red15w), vLAN 10 (tagged on Red15w port), vLAN 999 (tagged on VOIP Phone Ports and tagged on RED15w port). I also created the vLAN interfaces for routing on the Ubiquiti Switch for each vLAN (10.0.10.252, 10.0.50.252 and 192.168.1.252 respectively) But still no internal traffic going between the sites. I'm missing something and not quite sure what it is - any advice or tips to get this site up and running?? I was thinking about putting a small RODC out there as well and sit it on 10.0.50.1 to help with users logging in locally. Any tips or advice would be GREATLY appreciated!!! Cheers David

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED15w Connected but no VLAN Traffic

Hi Guys,

I have a Head Office with a SG230, Dell 6248 (Layer 3), and a number of Internal VLANS - all working fine

Dell 6248 is the Core Router, vLANs 10, 11, 12, 13, 15 setup with Interfaces (10.0.10.x, 10.0.11.x etc), IP routing etc and all working fine. 10.0.10.x is the network the corporate servers are on. 10.0.x.254 is the vLAN routing interface for each subnet/vlan.
SG230 (10.0.10.250) all setup and working fine, email scanning, web protection etc
SG230 under Interaces and Routing - Static Routing: all Head office vLans ->Internal Interface, vLAN 50 (Site Office vlan) ->Interface Sitename
VOIP Phone System is on vLAN 999 - 192.168.1.x

Just added a new remote office for 4 workers and have setup a RED15W, Ubiquiti EdgeSwitch 24 (Layer 3 and POE - needed POE for Ubiquiti Security Cameras there), and 4 VOIP Phones

Internet is via ADLS2 modem, PPPOE and up and running (connection does have a static IP)
RED15W has been provisioned as Standard/Unified and an IP of 10.0.50.253 assigned during provisioning (used the Wizard in the SG230)
It created a DHCP Scope - and that seems to be assigning IP's to the Machines and Phones at the Remote Site. All PC's and Phones are being assigned 10.0.50.x addresses with Red15w assigned as Gateway/DNS. I can also see active leases in the SG230 - DHCP for those devices.
On the local machine I can mostly browse web pages, watch youtube video and see usage on the RED connection on the SG230 dashboard.

PC's will not see server resources at Head Office (10.0.10.x) nor will VOIP Phones connect to Phone System at Head Office (192.168.1.204), nor can any site workstation PING anything at head office.

So I thought it must be a routing issue andwent ahead and created on the Ubiquite EdgeSwitch - vLAN 50 (Untagged on all PC and Phone Ports and the uplink to Red15w), vLAN 10 (tagged on Red15w port), vLAN 999 (tagged on VOIP Phone Ports and tagged on RED15w port). I also created the vLAN interfaces for routing on the Ubiquiti Switch for each vLAN (10.0.10.252, 10.0.50.252 and 192.168.1.252 respectively)

But still no internal traffic going between the sites.

I'm missing something and not quite sure what it is - any advice or tips to get this site up and running?? I was thinking about putting a small RODC out there as well and sit it on 10.0.50.1 to help with users logging in locally.

Any tips or advice would be GREATLY appreciated!!!

Cheers

David

This thread was automatically locked due to age.

Parents

0 Dread over 7 years ago

Quick followup:

From a workstation on-site I can actually ping the Internal Interface of the SG230 at Head Office - but can't get to the Dell Switch on the same subnet.

So Workstation onsite (10.0.50.22, GW 10.0.50.253) - RED15 (10.0.50.253) - Internal Interface of SG230 at Head Office (10.0.10.250) pings fine

Workstation onsite (10.0.50.22, GW 10.0.50.253) - RED15 (10.0.50.253) - through tunnel - Dell 6248 VLAN 50 Interface (10.0.50.254, also tried vlan 10 interface of 10.0.10.254) no pings :(

Still looking for hints/tips :)
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 7 years ago in reply to Dread

David, I would have to see a diagram to wrap my head around your topology. Do you need a common VLAN on both sites?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Dread over 7 years ago in reply to BAlfson

Cheers Bob - give me an hour or so to knock up a quick diagram. Working from home today as I have a couple of flooring guys coming to give me some quotes ;)
Cancel
Vote Up 0 Vote Down

Cancel
0 Dread over 7 years ago in reply to Dread

OK, basic Network Diagram attached - hopefully text is not too small? Let me know

Essentially all we want to do is:

4 Win 10 Workstations to connect to Corporate Domain at Head Office, just like the do at Head Office (DC, Exchange, Sharepoint etc all on vLAN10)

4 VOIP Phones that need to get to and from Phone System Server at 192.168.1.204 (vLAN 999). Tested VOIP handsets on different subnets at Head Office and with the intervlan routing there it works fine

Because we have a number of vLANs at Head Office to segregate network traffic I thought it was a 'no brainer' just to simply setup a new vLAN (vLAN50) for the new remote site and the RED product literature brags about 'just plug it in and away you go ;)

I was thinking about putting an RODC at the site (10.0.50.1) and setting it up as a site in AD as well. A number of different users will rotate to the new site so it would allow thm to log onto the PC's onsite locally - but the RODC would need to be able to communicate via the RED Link as well.

In my pre-Sophos days I was using a Cisco 5510 and crappy Netgear products using IPSEC to do exactly this and it worked well.

Any tips or hints would be extremely welcome - as its starting to frustrate me ;)

Images from UTM Screens:

Let me know if you need any more info!
Cancel
Vote Up 0 Vote Down

Cancel
0 Dread over 7 years ago in reply to Dread

Adding some screenshots from the Dell 6248 at Head Office

vLAN 50 setup - setup exactly the same as all the other Internal vLANs for Workstations

vLAN 50 Interface setup

IP Subnet bindings manually setup on switch

vLAN Routing Summary

vLAN Route Table

default route

I am back at Head Office today and forgot to grab screenshots of the vLAN setup on the Ubiquiti EdgeSwitch at the Site. But in essence I have set it up exactly the same in most regards

Ubiquiti Switch: 10.0.51.1 - Management on vLAN1 (Native)

Added vLANs 10, 50 and 999

vLAN interface setup for each new vLAN:

vLAN 50 - 10.0.50.252

vLAN 10 - 10.0.10.252

vLAN 999 - 192.168.1.252

Routing Tables/Summaries look ok with the relevant vLAN Int as the 'Next Hop' and default route set to: 0.0.0.0 - 10.0.50.253 (Newsite Interface on UTM, which is pingable by all workstations on site)

Untagged vLAN50 on Ports 1-8 and Port 24 (Uplink to Red15W)

Tagged vLAN999 Ports 1-4 (VOIP Phones) and Port 24

Tagged vLAN10 on Port 24
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 7 years ago in reply to Dread

That's a lot to wrap my head around, even with all of the documentation. I can tell that you're really good with Cisco, TCP/IP & networking, but that this is the first time you've configured using UTM WebAdmin...

I probably would have configured VLAN Interfaces on the UTM and let it create all of the routing instead of having to create and keep track of static routes. First, although I haven't tried it, I would bridge reds1 with eth0 and then define all of the VLANs on br0 - that might get the VLAN tags through the RED tunnel.

Sorry I can't be of more help, David, but this would be at least a half-day consulting gig.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Dread over 7 years ago in reply to BAlfson

Bugger! Cheers Bob was hoping a glaringly obvious misconfigured route was the problem :(

I've opened up a Support Case and pointed them to this thread - hopefully we can work out the issue ASAP ;)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Dread over 7 years ago in reply to BAlfson

Bugger! Cheers Bob was hoping a glaringly obvious misconfigured route was the problem :(

I've opened up a Support Case and pointed them to this thread - hopefully we can work out the issue ASAP ;)
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data