Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 4195 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Inter-Vlan routing not working

rodnheli

Hi,
i'm new at Sophos XG and i'm not able to get Inter-Vlan routing working. I've read through the threads in this forum and tried all - but with no success...

Using SFOS 18.0.2 MR-2 on NRG Systems IPU662 System.

 

 

 

Network Interface looks like: 

I made a LAN_2_LAN Rule:

- 2 network objects: 192.168.10.0 (named it VL1) and 192.168.20.0 (named it VL20) both as destination and source with service any in Zone LAN.

The rule itself seems to work (the source / dest. IP adresses from the end devices are others, but its from default VLAN (1) to VLAN 20. 

I think it stucks here:

I tried all possible ping variants - and i think problem is vlan routing on Sophos XG -->

==========================================
Sophos:
==========================================
From interface: default LAN (LACP) - .10.1
==========================================
ping works to:
Sophos default: .10.1
PC in VL1: .10.100

doesn't work to:
Sophos VLAN 20: .20.1
Switch: .10.254
Laptop in VL20: .20.100
==========================================
Interface: VLAN 20 - .20.1
==========================================
ping works to:
Sophos VLAN 20: .20.1
Laptop in VL20: .20.100

doesn't work to:
Sophos default: .10.1
Switch: .10.254
PC in VL1: .10.100
==========================================
PC: .10.100
==========================================
ping works to:

Sophos default: .10.1
Sophos VLAN 20: .20.1

doesn't work to:
Laptop in VL20: .20.100
Switch: .10.254
==========================================
Laptop: .20.100
==========================================
ping works to:
Sophos VLAN 20: .20.1
Sophos default: .10.1
doesn't work:
PC in VL1: .10.100
Switch: .10.254
==========================================
Switch: .10.254
==========================================
ping works to:
Sophos default: .10.1
Sophos VLAN 20: .20.1
PC in VL1: .10.100
doesn't work to:
Laptop in VL20: .20.100

 

==========================================

- Sophos as DHCP server is working - clients getting the right IP address
- PC and Laptop in Same VLAN (e.g. VL20) can ping together

Any help and suggestions are welcome!
Thank you,
Helmut



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FormerMember

    Hi!
    Thank your very much for your reply - i tried adding before and now a unicast route for vlan, but i'm missing the forest through the trees :-)

    Sophos has only IPs:

    default Lan: interface 192.168.10.1
      Vlan20: interface 192.168.20.1

    Switch Layer 2 has:
    default Lan: 192.168.10.254

    I did read the unicast explanation - but always get - whatever combination i try:
     
    - Gateway IP & interface IP address must be in same network
    or
    - Gateway IP address must be different from interface IP address

    e.g VLAN 20:

    ============================
    Destination IP / Netmask 192.168.20.0
    Gateway 192.168.20.1
    Interface: VL20_192.168.20.1

    Gateway IP address must be different from interface IP address
    ============================

    ============================
    Destination IP / Netmask 192.168.20.0
    Gateway 192.168.20.1
    Interface: VL1_192.168.10.1

    Gateway IP & interface IP address must be in same network
    ============================

    Thank you very much,

    Helmut

  • 0 in reply to rodnheli

    Hi Helmut,

    XG uses L3 for VLANs, I suspect that is your issue.

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,
    thank you very much for your answer... than my approach getting this working with a L2 is not possible...

    Got my new L3 switch today. So VLAN Routing should work - i'll update...

    Best regards,
    Helmut

  • 0 in reply to rodnheli

    Hi!

    With my Layer 3 switch all and routes for all VLANs on Sophos and Switch all is working now!

    Thank you!
    Helmut