This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I have one SSID bridged to AP LAN and one SSID bridged to VLAN?

Hello

Im trying to get the following working:

I want one SSID for access of the internal network (without vlan tagging, 192.168.43.xx) -> Bridge to AP LAN

And one SSID for our guest network (with vlan tag 40, 172.16.29.xxx) -> Bridge to VLAN

Now I want to enable this on our UTM 9.4 but its refusing his config.

Error

The VLAN settings of the access point 'xxx' conflicts with the client traffic option: 'Bridge to VLAN' of the SSID 'guestnet'.

enabling vlan tagging on ap:

The VLAN settings of the access point 'xxx' conflicts with the client traffic option: 'Bridge to AP LAN' of the SSID 'internalnet'.

In the manual on Page 435 i found the following:

<quote>

l Bridge to AP LAN: You can bridge a wireless network into the network of an access point, that means that wireless clients share the same IP address range.

Note – If VLAN is enabled, the wireless clients will be bridged into the VLAN network of the access point.

</quote>

but this isnt working?

Can anybody help me?

Thanks

Tobi



This thread was automatically locked due to age.
Parents
  • Tobi,

    I feel like this used to work without an issue before 9.4...  I just tried doing this yesterday on a device that was 9.4 and I receive the same error.  If you find anything out from support please advise the results.

    Thanks,
    Hugh

  • Yep, getting the same error here too. Can't setup an ssid with a native vlan and an ssid with a tagged vlan at the same time.

    I've even tried ssid with tagged and another ssid with tagged. results in the same.

  • OK, might have a result. Won't know until I'm back at work tomorrow.

    Set up as follows:


    SSID with Bridged to AP LAN <<< this is your normal setup. Instead, set this to "bridge to vlan" and enter vlan ID eg 1

    Under "Advanced", tick "vlan tagging" and put the same vlan ID in eg 1

    Now add your other SSID with "bridge to vlan" and enter Vlan ID eg 20

    The access point will now accept multiple vlans. I couldn't get it to do this before and I'm not sure it will work until I get to work and see if the clients have picked up leases etc.

  • You should not assign VLAN 1 in the UTM.  That is used by Wireless Protection, and is reserved.  Using VLAN 1 causes strange problems.  For example Problem with the communcation between default VLAN and custom VLANs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • hello there

    i tried this already and it doesn't work. 

    i think its an bug in the utm software because the manual is clear about how to do it.

    to be honest i'm disappointed about the support that sophos (or should i say not) provided. they did follow up 1 time and then somebody replied and said its im at the wrong portal or something. if somebody of you know how to get real support feel free to try and please report back

    thanks 

    tobi

  • Good spot Bob. So to get this working as I have above, we can't really have a native vlan so if you are going to do ssid to vlan's, every network must be vlan tagged and you shouldn't use vlan1

Reply Children
No Data