Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 3463 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Creating IOT Wifi Zone - DHCP not working

Stefan Pasel

Hello Sophos Community,

we are running Sophos Firmware Version SFOS 16.05.2 MR-2 on a XG210 Firewall with three AP55C Access Points attached .

I'm trying to create a 3rd wireless network, which should be usable for IOT/Smarthome devices. These devices should be able to get online, but separated from our LAN. (Essentially behaving like the GuestAP, using a password and not the Hotspot Portal).

We are already having a local Wifi for authorized devices as "Bridge to AP LAN" and the GuestAP configured - both working as intended.

 

However i'm unable to get the IOT Wifi working: 

  • Clients see the SSID and can connect
  • Clients do not get an IP via DHCP
  • Clients are listed in the Wireless Client List with an IP adress from the GuestAP (but connected to the IOT SSID and the listed IP is not reflected on the client device)
  • Clients with manual IP are also not getting online and are also not listed in the Wireless Client List

Any help is very appreciated.

Best Regards

Stefan

 

I have tried exporting the relevant configuration:

 

{
"Configuration": {
"-APIVersion": "1605.1",
"WLANAccessPoint": [
{
"Name": "IOT",
"Zone": "IOTZone",
"IPAddress": "172.16.2.1",
"Netmask": "255.255.255.0",
"SSID": "IOT",
"BroadcastSSID": "Enable",
"SecurityMode": "WPA2-PSK",
"MaximumClients": "255",
"Encryption": "TKIP",
"Passphrase": {
"-passwordform": "encrypt",
"#text": "xxx"
},
"GroupkeyUpdate": "Disable"
},
{
"Name": "GuestAP",
"Zone": "WiFi",
"IPAddress": "10.255.0.1",
"Netmask": "255.255.255.0",
"SSID": "BE_OUR_GUEST",
"BroadcastSSID": "Enable",
"SecurityMode": "WPA2-PSK",
"MaximumClients": "255",
"Encryption": "TKIP",
"Passphrase": {
"-passwordform": "encrypt",
"#text": "xxx"
},
"GroupkeyUpdate": "Disable"
},
{
"Name": "Sophos",
"SSID": "WifiLocal",
"BroadcastSSID": "Enable",
"SecurityMode": "WPA2-PSK",
"MaximumClients": "255",
"Encryption": "TKIP",
"Passphrase": {
"-passwordform": "encrypt",
"#text": "xxx"
},
"GroupkeyUpdate": "Disable"
}
],
"DHCPServer": [
{
"Name": "WifiLocal",
"Interface": "Port1",
"IPLease": { "IP": "192.168.2.101-192.168.2.200" },
"ConflictDetection": "Disable",
"SubnetMask": "255.255.255.0",
"DefaultLeaseTime": "1440",
"MaxLeaseTime": "2880",
"UseApplianceDNSSettings": "Disable",
"PrimaryDNSServer": "192.168.2.1",
"Gateway": "192.168.2.1",
"UseInterfaceIPasGateway": "UseInterfaceIPAsGateway"
},
{
"Name": "GuestAccess_DHCP",
"Interface": "GuestAP",
"IPLease": { "IP": "10.255.0.2-10.255.0.254" },
"ConflictDetection": "Disable",
"SubnetMask": "255.255.255.0",
"DefaultLeaseTime": "1440",
"MaxLeaseTime": "2880",
"UseApplianceDNSSettings": "Disable",
"PrimaryDNSServer": "10.255.0.1",
"Gateway": "10.255.0.1",
"UseInterfaceIPasGateway": "UseInterfaceIPAsGateway"
},
{
"Name": "IOT WLAN",
"Interface": "BE_IOT",
"IPLease": { "IP": "172.16.2.100-172.16.2.200" },
"ConflictDetection": "Disable",
"SubnetMask": "255.255.255.0",
"DefaultLeaseTime": "1440",
"MaxLeaseTime": "2880",
"UseApplianceDNSSettings": "Disable",
"PrimaryDNSServer": "172.16.2.1",
"Gateway": "172.16.2.1",
"UseInterfaceIPasGateway": "UseInterfaceIPAsGateway"
}
],
"WirelessNetworks": [
{
"Name": "BE_IOT",
"SSID": "BE_IOT",
"SecurityMode": "WPA2Personal",
"Status": "Enable",
"ClientTraffic": "SeparateZone",
"FrequencyBand": "2.4and5GHz",
"ClientIsolation": "Enabled",
"HideSSID": "Disabled",
"TimeBasedAccess": "Disabled",
"FastTransition": "Disabled",
"MACFiltering": "None",
"Key": "xxx",
"Zone": "IOTZone",
"IPAddress": "172.16.2.1",
"Netmask": "255.255.255.0",
"Encryption": "AES(secure)"
},
{
"Name": "GuestAP",
"SSID": "BE_OUR_GUEST",
"SecurityMode": "WPA2Personal",
"Status": "Enable",
"ClientTraffic": "SeparateZone",
"FrequencyBand": "2.4and5GHz",
"ClientIsolation": "Enabled",
"HideSSID": "Disabled",
"TimeBasedAccess": "Disabled",
"FastTransition": "Disabled",
"MACFiltering": "None",
"Key": "xxx",
"Zone": "WiFi",
"IPAddress": "10.255.0.1",
"Netmask": "255.255.255.0",
"Encryption": "AES(secure)"
},
{
"Name": "Sophos",
"SSID": "WifiLocal",
"SecurityMode": "WPA2Personal",
"Status": "Enable",
"ClientTraffic": "BridgetoAPLAN",
"FrequencyBand": "2.4and5GHz",
"ClientIsolation": "Disabled",
"HideSSID": "Disabled",
"TimeBasedAccess": "Disabled",
"FastTransition": "Disabled",
"MACFiltering": "None",
"Key": "xxx",
"Encryption": "AES(secure)"
}
],
"Hotspot": {
"Name": "BEHotSpot",
"Interfaces": { "Interface": "GuestAP" },
"ApplicationFilterPolicy": "None",
"WebFilterPolicy": "None",
"IPSPolicy": "None",
"QoSPolicy": "None",
"RedirectHTTPS": "Disable",
"HotspotType": "TermsOfUseAcceptance",
"RedirectURL": "Disable",
"RestoreDefault": "Disable",
"SessionExpiry": "After12hours",
"TermsOfUse": "tos"
}
}
}



This thread was automatically locked due to age.