Wifi configuration - Bridge to AP LAN

Hi Peter,

on the XG you need an IP address on the physical interface. Then you will need a DHCP server on your VLAN 10 with a different range to the physical interface network.

You will need to create the AP with a VLAN aware being your VLAN 10 if you want your WIFI users to access the VLAN 10. Otherwise you set the AP to LAN (which is the physical port.

Ian

Thanks Ian, Port 1 has the LAN IP assigned, VLAN 10 is assigned to Port 1, with its own separate IP range, with a separate associated DHCP server. That is all working fine. VLAN 10 (voice) does not need to be accessible to wifi clients. I just need wifi users to access the untagged LAN. I've now set up a wireless network with client traffic in "Separate Zone" (remembering what happened when I selected Bridge to LAN) and Zone as LAN. I've applied a separate IP range and applied a separate DHCP server.

I'm at home now so I can't test if this works, but will wifi clients be able to access the Port 1 network?

Hi Peter,

I have a spare AP,, so later today I will try your configuration on my XG.

Ian

Hi Peter,

I added the spreadsheet AP55 to the XG in the physical interface network. These changed did not break my XG VLAN configuration. I am connected using the existing VLANs over the AP.

I am having a little issue with the XG DHCP server telling lies which I will sort out later when I get home.

Ian

I think the problem here is my lack of experience with the Sophos wifi methodology. It's quite different to what I'm used to. At this point I have:

Wireless network - Staff

- client traffic in separate zone, zone is LAN, IP address is separate from Port 1 LAN, DHCP server is assigned to that IP range

Wireless network - Guest

- same as above, except zone is WiFi, and IP/DHCP is separate again

Access points

- assigned both Staff and Guest to default LocalWifi0

- bridge to ethernet is NOT selected - I can only select Port1, which breaks the voice VLAN already assigned to Port1

- band - I can only select 2.4 or 5.

- channel is auto

Access point groups

- Localwifi0 group - added both wireless networks

The Staff network allows clients to connect now, and they get an IP, but no internet access. Doesn't work when I switch zone to wifi either. There is a Guest-to-WAN firewall rule that allows all, with the wifi zone as the source.

Hi Peter,

I see your issue, you cannot use port 1 as a VLAN on the XG.

Ian

So.... cannot use port 1 on the XG for VLAN whilst using a wireless network that needs access to the same network as port1 (not the VLAN)?

At the moment, port 1 acts as a trunk to a managed switch that then provides untagged and tagged traffic for data and voice respectively. Do I have to separate the LANs instead and configure the VLAN on another port and connect that to the same switch? That's very unusual.

Hi Peter,

no you just can't use VLAN 1. You can use port 1 and configure VLANs on it.

While setting up the test AP access I broke my XG and network switch. The AP does not get an IP address even though it is assigned a reserved address.

Ian

To clarify, I'm using VLAN10 assigned to port 1. Not VLAN1.

Hi Peter,

understand.

To get this to work you need to have port not assigned to anything eg as if it were not connected to a managed switch.
I cannot get an IP address assigned to my AP on non VLAN connection to my switch. So I will not be able to provide any more assistance or thoughts.

Ian

Hi Peter,

understand.

To get this to work you need to have port not assigned to anything eg as if it were not connected to a managed switch.
I cannot get an IP address assigned to my AP on non VLAN connection to my switch. So I will not be able to provide any more assistance or thoughts.

Ian

OK thanks - hopefully I can get this working with help from some others. I have other ports that could assign addresses to, but I'm not sure how/why this would help.

Okay, got it to work. AP is connected on the VLAN port of the switch (U) but configured to bridge to LAN. Receives an IP from the LAN address range.

You should be able to go from there.

Ian

I'm not sure what you mean by "AP is connected to the VLAN port of the switch". The AP is integrated in the XG. When I edit the AP, I have an option to Bridge to Ethernet, and I can only select a physical port as the "Port to Bridge", not a VLAN. If I select Port 1 (the only one configured, untagged for data traffic, VLAN 10 for voice traffic) then the AP and Port1 are bridged and the VLAN is removed. No good.

I don't have any other port option. The only way I could get Port 3 or 4 to appear would be to set this to the same subnet as Port 1, then bridge to that. Wouldn't that create a loop condition if I also plug that physically into the network switch? If I don't plug it into the network switch, the port wouldn't be active, correct?

Hi Peter,

sorry I was not aware it is the inbuilt AP.

Ian

Apologies for the confusion - it was in the first few words: "I'm trialling an XG105W".

Hi Peter,

my apologies, I have had a problem with my eyes where I could not read everything correctly. Some very bad irritation which has been fixed thankfully.

I think you will need to ask your reseller/partner or maybe even log a support case. From past posts the the inbuilt WIFI is difficult to configure.

Ian