Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 1288 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Resolved] How to ssh into Core switch from Mgt PC, using XG210 to perform InterVLAN routing

SHtan

Hello all,

I'm stuck at the following, hope to get the community's help.

I have the following network configured. I am trying to ssh into the CORE SWITCH from the MGT PC but to no avail. XG210 is currently configured to perform InterVLAN routing via firewall rule.

Firewall rule is currently set as:

Source Zone: LAN, Source networks and devices: Management hosts (represents 192.168.1.128/29 network)

Dest Zone: LAN, Dest networks and devices: Logging hosts (represents 192.168.1.80/28 network), Any services

There are no static routes in the XG210 firewall.

I am able to ssh/ping from the MGT PC to Management Switch

I am able to ssh/ping from the MGT PC to Sophos XG210

I am not able to ssh or ping from the MGT PC to the Core Switch - How can i make this happen?

Subsequent checks

1. Checking the Log viewer shows the XG210 permits the ssh connection from MGT PC (src ip:192.168.1.131) to CORESWITCH (dst ip: 192.168.1.86). From the MGT PC, Putty gave "Network error: Connection timed out" as an error. Could this be a routing issue?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Are you able to ping CORE SWITCH from XG210?

    Please check packet capture with the below BPF string.

    BPF string: host <CORE SWITCH IP> and proto ICMP

    eg: host 192.168.1.86 and proto ICMP

    You can also check packet flow in CLI as well.

    ==> Login to SSH > 4. Device Console

    console> tcpdump 'host <CORE SWITCH IP> and proto ICMP

    ==> In other SSH session, check drop-packet-capture

    console> drop-packet-capture 'host <CORE SWITCH IP> and proto ICMP

    eg: console> drop-packet-capture 'host 192.168.1.86 and proto ICMP

  • FormerMember
    0 FormerMember in reply to FormerMember

    As discussed in PM, you managed to figure out the issue. You had GVRP (some vlan routing protocol) enabled on the switches. That needs to be disabled before XG210 could permit the connection.

Reply Children
No Data