Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 4192 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Inter-Vlan routing not working

rodnheli

Hi,
i'm new at Sophos XG and i'm not able to get Inter-Vlan routing working. I've read through the threads in this forum and tried all - but with no success...

Using SFOS 18.0.2 MR-2 on NRG Systems IPU662 System.

 

 

 

Network Interface looks like: 

I made a LAN_2_LAN Rule:

- 2 network objects: 192.168.10.0 (named it VL1) and 192.168.20.0 (named it VL20) both as destination and source with service any in Zone LAN.

The rule itself seems to work (the source / dest. IP adresses from the end devices are others, but its from default VLAN (1) to VLAN 20. 

I think it stucks here:

I tried all possible ping variants - and i think problem is vlan routing on Sophos XG -->

==========================================
Sophos:
==========================================
From interface: default LAN (LACP) - .10.1
==========================================
ping works to:
Sophos default: .10.1
PC in VL1: .10.100

doesn't work to:
Sophos VLAN 20: .20.1
Switch: .10.254
Laptop in VL20: .20.100
==========================================
Interface: VLAN 20 - .20.1
==========================================
ping works to:
Sophos VLAN 20: .20.1
Laptop in VL20: .20.100

doesn't work to:
Sophos default: .10.1
Switch: .10.254
PC in VL1: .10.100
==========================================
PC: .10.100
==========================================
ping works to:

Sophos default: .10.1
Sophos VLAN 20: .20.1

doesn't work to:
Laptop in VL20: .20.100
Switch: .10.254
==========================================
Laptop: .20.100
==========================================
ping works to:
Sophos VLAN 20: .20.1
Sophos default: .10.1
doesn't work:
PC in VL1: .10.100
Switch: .10.254
==========================================
Switch: .10.254
==========================================
ping works to:
Sophos default: .10.1
Sophos VLAN 20: .20.1
PC in VL1: .10.100
doesn't work to:
Laptop in VL20: .20.100

 

==========================================

- Sophos as DHCP server is working - clients getting the right IP address
- PC and Laptop in Same VLAN (e.g. VL20) can ping together

Any help and suggestions are welcome!
Thank you,
Helmut



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    Did you configure static routes for the VLAN? If not, please create static routes for VLAN and let us know how it turns out for you. Check out the following document for more info: Add a unicast route.

    Thanks,

  • 0 in reply to FormerMember

    Hi!
    Thank your very much for your reply - i tried adding before and now a unicast route for vlan, but i'm missing the forest through the trees :-)

    Sophos has only IPs:

    default Lan: interface 192.168.10.1
      Vlan20: interface 192.168.20.1

    Switch Layer 2 has:
    default Lan: 192.168.10.254

    I did read the unicast explanation - but always get - whatever combination i try:
     
    - Gateway IP & interface IP address must be in same network
    or
    - Gateway IP address must be different from interface IP address

    e.g VLAN 20:

    ============================
    Destination IP / Netmask 192.168.20.0
    Gateway 192.168.20.1
    Interface: VL20_192.168.20.1

    Gateway IP address must be different from interface IP address
    ============================

    ============================
    Destination IP / Netmask 192.168.20.0
    Gateway 192.168.20.1
    Interface: VL1_192.168.10.1

    Gateway IP & interface IP address must be in same network
    ============================

    Thank you very much,

    Helmut

  • 0 in reply to rodnheli

    Hi Helmut,

    XG uses L3 for VLANs, I suspect that is your issue.

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,
    thank you very much for your answer... than my approach getting this working with a L2 is not possible...

    Got my new L3 switch today. So VLAN Routing should work - i'll update...

    Best regards,
    Helmut

  • 0 in reply to rodnheli

    Hi!

    With my Layer 3 switch all and routes for all VLANs on Sophos and Switch all is working now!

    Thank you!
    Helmut

Reply Children
No Data