Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 10366 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN Setup Problems

JohnMcKinnon

I have been trying to setup a VLAN connection between the Sophos XG Home Firewall and my Linksys WRT 1900AC router. I setup everything as instructed in the Sophos article at this address: https://www.sophos.com/en-us/support/knowledgebase/123127.aspx. The VLAN connection works fine on the UTM 9.3 firewall, but I cannot get it to work on the new XG OS. I have tried doing everything I could think of to fix it, but I have exhausted my knowledge here. Here is what my configuration is:

Port 1 is set to LAN with a static IP address. The IP address is set to 172.16.16.16. Netmask is /24 (255.255.255.0).

VLAN setup:


Physical Interface: Port 1

Zone: LAN

VLAN ID: 3

IP Assignment: Static

IPv4/Netmask: 10.10.10.1 (/24 255.255.255.0) [Not sure about this part, just copied what was in the Sophos article.)

The router is set to VLAN ID 3 and it is tagged.

I appreciate any help that can be given.

Thanks so much,


John



This thread was automatically locked due to age.
Parents
  • 0

    Hi John,

    Thanks for choosing Sophos.

    I require some details to investigate further. 

    1. Have you configured Firewall Rule to communicate the respective VLAN networks ?

    2. Is the Firmware version SF-OS MR 1.1 ? If not, I suggest you an upgrade !

    3.  What is that you capture when a ICMP Ping is initiated to test the reachability of a host in the VLAN. You can learn more about Packet Capture from the below link:

    https://www.sophos.com/en-us/support/knowledgebase/123189.aspx

    Regards

    Sachin Gurung

  • 0 in reply to sachingurung

    Greetings,

     

    I am experiencing a similar issue it sounds with an XG running 16.05.2MR-2.  We have a LAG configured to tag VLAN's to a down stream pair of Cisco NX3500's.  We have a native VLAN set on the LAG and connectivity is fine, however, we have VLAN 320 over the same LAG that cannot reach the IPv4 address configured on the XG.

    Connectivity from the VM's attached to VLAN 320 to a temp IP on the NX3500 works fine, doing a packet capture on the XG, it appears to show that the XG is not DOT1Q tagging the VLAN according to the L2 header. 

    Is there any CLI based commands or checks that can be done to verify that the VLAN tagging is set properly on the LAG.  I have shutdown a leg on the LAG and made no difference to the issue. 

     

     

    Cheers,

    -michael

Reply
  • 0 in reply to sachingurung

    Greetings,

     

    I am experiencing a similar issue it sounds with an XG running 16.05.2MR-2.  We have a LAG configured to tag VLAN's to a down stream pair of Cisco NX3500's.  We have a native VLAN set on the LAG and connectivity is fine, however, we have VLAN 320 over the same LAG that cannot reach the IPv4 address configured on the XG.

    Connectivity from the VM's attached to VLAN 320 to a temp IP on the NX3500 works fine, doing a packet capture on the XG, it appears to show that the XG is not DOT1Q tagging the VLAN according to the L2 header. 

    Is there any CLI based commands or checks that can be done to verify that the VLAN tagging is set properly on the LAG.  I have shutdown a leg on the LAG and made no difference to the issue. 

     

     

    Cheers,

    -michael

Children
No Data