Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 21 replies
  • Subscribers 28 subscribers
  • Views 3966 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN AP Assignment

Joe Schmoe

Running XG85, setup VLANs as such:

 

I have a wireless AP that assigns VLAN ID of 22, and on my managed switch, I set the port that connects the AP to the XG85 to Tagged (PVID=1).

 

While I'm able to connect to the AP, I'm not getting the ip set via DHCP on XG85.


What am I missing?

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Joe Schmoe

    Hi Joe,

    my apologies, I thought you were using a Sophos AP.

    To make that work you would need to have the port it is connects to as tagged for each VLAN.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    No reason to apologize!

     

    So I have the port on the switch set to be Tagged for VLAN22 but for some reason the XG isn't dishing out an IP so the device ends up with a 169.54.... IP.  I'm just trying to figure out if the problem exists on the XG and if so, where.

  • 0 in reply to Joe Schmoe

    Is the XG end also tagged, but what is the actual management interface on the AP set as? Does the XG actually see the AP?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    On the AP, the mgmt VLAN is set to 1, the SSID is set to VLAN22.

    On the XG:

     

    The XG does see the AP bc if I look in the DHCP lease list, it's there.

  • 0 in reply to Joe Schmoe

    Joe,

    you need to change port 1 physical IP address from the 10.0.0.x/24 to something like 10.10.0.0/24.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    OK - gimme a sec to do that.


    Dumb question then, to access the XG interface, what do I need to configure to still access the XG from the 10.0.0.0/24 net?

  • 0 in reply to Joe Schmoe

    Hi Joe,

    you should be able to access the XG GUI from any of your networks, through untagged ports on your switch and they can be on VLAN 1 which is the default XG VLAN.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    So I just changed Port 1 to 10.10.0.0/24 leaving the VLANs on 10.0.0.0./24 and 10.0.11.00/24.  As soon as I did that, all of the devices on my network lose connection to the internet and they fail to get a valid IP on the VLAN from DHCP.

  • 0 in reply to Joe Schmoe

    Basically it means your devices were picking up IP addresses from your port 1 DHCP server not their VLAN servers. Your firewall rules are only allowing port 1 out. You need a firewall rule for each of your VLANs

    When using VLANs you do not normally want traffic of the physical port leaving the internal network.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    rfcat_vk said:

    Basically it means your devices were picking up IP addresses from your port 1 DHCP server not their VLAN servers. Your firewall rules are only allowing port 1 out. You need a firewall rule for each of your VLANs

    When using VLANs you do not normally want traffic of the physical port leaving the internal network.

    Ian

     

     

    So you're saying if I get port1 on the 10.10.0.0/24 subnet, then all I need is a new firewall rule?  Can you tell me what rule I need?  I thought the default rule would allow traffic from the VLAN out but I guess I was wrong!  Not looking for you to code it for me - am trying to understand the logic behind this, beyond solving the issue.

     

    Not sure what you mean by traffic of physical port leaving the internal network though.

Cookie Information Banner