Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Subscribers 28 subscribers
  • Views 20895 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN N/A not connected Help

lenyick

Cisco small business L3 switch
Sophos XG fresh new install with default setup rules

Do anyone have vlan working on XG that can show me how they have it setup and what settings
i might have to change on the xg to get it working.

I am unable to get vlan working on sophos XG SFOS_16.01.0-144
this is what i see in the network tab

Port3             Connected                    172.16.0.1/255.255.255.0
LAN , Physical    1000 Mbps - Full Duplex      Static
                  Auto-negotiated

Port3.20        N/A   192.168.0.8/255.255.255.0
LAN , VLAN      N/A   Static

I created the vlan under networking vlan gave it a static ip address
then under dhcp setup dhcp for Vlan 20 is their something i am missing

do i need to configure the cisco small business switch in a specific way to get it to work with the XG

tested the switch on a UTM 9
everything works traffic flowing

go back to the XG and it does not work



This thread was automatically locked due to age.
  • 0

    Lenyick,

    make sure on the Switch the port used to connect to XG port 3 is configured in trunk mode and transport VLAN ID 1, 20.

    I am using the same configuration (more vlan with no issues).

  • 0 in reply to lferrara

    lferrara

    thanks for the reply


    I sent you a pm with config

  • 0 in reply to lenyick

    Can someone help me get my vlan working with XG, I am stuck I was trying to set it up with private vlans and found out that XG does not support private vlans,

    then I tried just regular vlans and still no luck .

    can some post how they have their  VLAN,      INTERFACE,    and   SWITCHPORT   setup  are the ports trunk or access ? 

    thank you

  • 0 in reply to lenyick

    Len,

    1. Create the VLAN in the Cisco switch;

    2. Put the required port into switch access mode VLAN created in previous point

    3. Put the port that connects to XG in trunk and make sure to transport the VLAN created

    4. Configure a port on XG with VLAN id that belongs to trunk

    5. Assign a different IP per VLAN on XG

    6. Create the needed rule to allow the VLAN to communicate

  • 0 in reply to lferrara

    I did all of the above but still no luck thanks for all your help .

    For some reason i can't get this to work I tried private vlans then vlans with no luck.

    Never had this issue before with the UTM  or any other of the other setup I tried private vlan and vlan just work. 

    Can someone post a sample config of their setup so i can see where i am going wrong

    do I have to do anything special with XG to make this work I created the outbound rules for the vlans to connect to the internet on the XG

  • 0 in reply to lenyick

    Lenyick,
    I have sent you a PM with my cisco configuration.

  • 0

    Let me try to explain what I do have setup already

    I have been trying to setup a secondary VLAN on the Sophos XG Home Firewall to separate two networks but I setup everything as instructed but it does not work.

    I have a PowerEdge 2950 Server with EXSi. The Sophos XG is the primary VM inside the Host.

    the Sophos Right now have one DHCP Server. with is my primary Network 192.168.1.1

    I want to create a Secondary VLAN to be completely separate from my primary network  192.168.88.1 and call this network as Guest VLAN.

     I create a VLAN Called VLAN ID:88  using the Zone LAN Ip 192.168.88.1/24.

    Create a DHCP Server Called Guest VLAN Using the Port 1VLAN 88

    Start Ip 192.168.88.100 End Ip 192.168.88.150  Subnet Mask /24

    mark Use Interface as gateway

    enable the conflict detection.

    I already have a VM inside the EXSi to test. but no matter what I do it does not work. I setup the VSwitch with the physical Ports as Trunk (both the WAN -Modem  and the LAN -internal Network/Sophos)

    When I go the the VM computer it just grabbing the IP from the Primary Network 192.168.1.109 .   not the VLAN 88. so, I decide to go the the sophos and set the MAC address inside the DHCP Server and set a Static IP to this Mac address with the Hostname. But when I click SAVE and go to the computer and run ipconfig /renew it got 169.254.xx.xx Ip. witch I dont understand why is not talking to the DHCP Server of the VLAN 88.  As soon I remove the Mac Address of the VLAN88 and hit refresh Ip again got a Ip prom the primary Network 192.168.1.108

     Later I will like setup my Cisco Switch SF300. Because I notice is something with the Sophos. I already have the sw ready to use , already set the port  g0/1 as trunk  and all other port as access  port f0/1 is on VLAN 1 and port f0/2 is on as access mode and to the VLAN 88 and is happening the same thing. When I connect to my laptop the port f0/2 is only grabbing the Ip from the primary network 192.168.1.111. not the VLAN I wanted.

    Please help me, I am very frustrated and almost to give up, and delete everything and just my e1200 router.

    I appreciate any help that can be given.

    Thanks so much,

  • 0 in reply to YoelGutierrez-Ortiz

    Yoel,

    make sure that the VLAN TRUNK port is transporting the correct VLAN ID (88 in this case).

    Thanks

  • 0 in reply to lferrara

    I am sorry for my ignorance but can you more specific. Where this trunk VLAN 88 is going to be setup? in the EXSi or in the Computer or where in the sophos?

    The first test I made is in the VM PC Called "Test". so did not go thru the switch. I dont understand why if I set up the Mac Address of this VM in the DHCP for the VLAN 88 did not get a valid IP for this VLAN. But if I set up the same Mac Address in the primary DHCP it works. It is like is not seeing the secondary DHCP server.

    Please help

    Yoel

  • +1 in reply to YoelGutierrez-Ortiz

    Yoel,

    make sure DHCP is configured in global mode using CLI: system dhcp static-entry-scope global.

    This ensure that if you configure the same static-entry for different DHCP servers (inside XG), the client will always obtain the correct IP.

    For VLAN, upload a network diagram of what you are trying to achieve. It is a VLAN configuration rather than XG.

    Thanks.