Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 1008 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLANs on XG135

Chris Homer

Hi

Looking to setup a XG135 with 3 VLANs, all seems to be working 

What I've done post wizard and firmware upgrade:

Removed Port8 from the br0 interface and created two VLAN (10 and 20) interfaces on Port8 with appropriate IP addresses
Setup DHCP on VLAN20, non on VLAN10 as Windows will be doing DHCP there.

Connected my switch with the vlans also defined on a tagged uplink to the XG.

Everything works as expected, plugging into the appropriate port on the switch results device is on the correct VLAN and can it ping the VLAN interface and out to the internet.

I've not set any policies yet, thats the next stage.

However I have a few additional queries:

Can I make the trunk port a LAG? (not ever setup a LAG on the XG tbh)

What should the IP on the physical interface Port 8 be? I assume the physical interface of port 8 is fixed in VLAN1, so will never be reachable in from my switch.
Should I leave it on DHCP (although it will never get an address) or set a static address

What do I do with the br0 interface setup by the wizard and it's address - leave and ignore? Delete?

Anything else I should be aware of?

Cheers :)



This thread was automatically locked due to age.
  • 0

    Hi  

    Thank you for contacting us.

    Verify the pre-requisites to configure LAG.

    1. The device that SF links with through LAG (e.g. a switch) must support LACP (802.3ad) mode. Refer to the switch/device's manual for configuration details.
    2. All of the interfaces in the SF LAG group must have the same physical characteristics (some examples are: Interface Speed and Full-Duplex, which is applicable to LACP mode).
    3. Only the unbound physical interfaces of SF can be a member of the LAG group

      The XG supports two types of LAG:

      1. Active –Backup which is used for link redundancy
      2. LACP for load lancing

      When the XG is configured to do Active-Backup LAG, it will bundle the defined number of interfaces into the LAG and one interface will work as an Active Slave and the rest will work as Backup Slaves. In events of an interface failure, the next link will take over as Active Slave to forward the traffic. This feature is mainly used for link redundancy.

      To configure this, define the LAG on the required interfaces and then take SSH access to the XG firewall and go to option 4. Device Console. Execute the following command,

      set network lag-interface xyz lag-mgt mode active-backup (here, xyz is the name of the LAG interface

      For more information on LAG, please follow the given link https://community.sophos.com/kb/en-us/123100

      For information related br0 query, you may try to check the similar thread https://community.sophos.com/products/xg-firewall/f/initial-setup/101782/how-to-split-initial-br0-interface-into-lans