Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 5039 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet access only on specific SSID

Tonys

I'm very new with Sophos and networking.

I have serveral wireless auranet accesspoints with possible to set VLAN id to each SSID.

My sophos xg setup is Port1 = LAN, Port2 = WAN

Can I just add VLAN interface with same ID as wireless accesspoints?

In the VLAN interface page there is few options to fill.

Physical Interface, Port 1 or Port2?

Zone, LAN or WAN

IP Assignment,  Static or DHCP (Needed for?)

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    you will need to set a vlan on the port 1 interface with a static address in a different address range to the original port for each AP (SSID) and the associated network. You will then need to configure rules to allow each device to access the internet.

    DHCP (you can use static assignments but you will need a DHCP server to do so) is needed for each AP (SSID) and devices that connects via it. 

    Ian

Reply
  • 0

    Hi,

    you will need to set a vlan on the port 1 interface with a static address in a different address range to the original port for each AP (SSID) and the associated network. You will then need to configure rules to allow each device to access the internet.

    DHCP (you can use static assignments but you will need a DHCP server to do so) is needed for each AP (SSID) and devices that connects via it. 

    Ian

Children
  • 0 in reply to rfcat_vk

    Thank you very much, here is what I tried out but I don't get any IP so I tried to set a static ip on the client to 192.168.10.50, GW 192.168.10.1.

    No internet or possible to ping 192.168.10.1

     

  • 0 in reply to Tonys

    Hi,

    could be an issue with XG or the wireless APs. 

    So you can verify it via console / tcpdump.

    You are tagging via AP everything on ID 2000. 

    So go to the shell (SSH port 22) and go to advanced Shell (Option 5 - 3).

    There you will have a linux shell.

    Now enter this command: 

    tcpdump -vv -ni Port1 '( vlan and ( ether[14:2] & 0xfff == 2000 or ether[14:2]) )

    Or 

    tcpdump -ni Port1.2000 

    Post a screenshot of it.

    Cheers