Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 4387 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN DHCP IP assignments issues

MAV

Hi Everybody,

The requirement is to have 4 zones all connected to Internet and none connected to each other.

My setup is as follows:

Network:

Port1 192.168.1.1/255.255.255.0      DHCP Server leasing 192.168.1.100-200 IP reservation for the Network printer and NAS from outside DHCP pool.
Zone: LAN
Port1.60 192.168.60.1/255.255.255.0           DHCP Server leasing 192.168.60.100-200
Zone: Helheim 
Port1.70 192.168.70.1/255.255.255.0           DHCP Server leasing 192.168.70.100-200
Zone: Alfheim
Port1.99 192.168.99.1/255.255.255.0           DHCP Server leasing 192.168.99.100-200
Zone: Midgard
Port2 DHCP from ISP
Zone: WAN

set:  system dhcp static-entry-scope global

Firewall Rules: 

ID1:  Accept any service going to "WAN" zone, when in "LAN" zone, and coming from any network. NAT Policy: MASQ

ID2:  Accept any service going to "WAN" zone, when in "Alfheim" zone, and coming from any network. NAT Policy: MASQ

ID3:  Accept any service going to "WAN" zone, when in "Helheim" zone, and coming from any network. NAT Policy: MASQ

ID4:  Accept any service going to "WAN" zone, when in "Midgard" zone, and coming from any network. NAT Policy: MASQ

 

Port 1 from Sophos UTM connects to Cisco SG300 switch. One TP-Link EAP225, one Network printer and one NAS connected to the same switch.

Cisco Switch configuration:
Ports set as Trunk
VLAN 01: Untagged PVID:1
VLAN60: Tagged
VLAN70: Tagged
VLAN99: Tagged

EAP Access point configuration:

SSID1: Asgard - VLAN Tagged 1 
SSID2: Midgard - VLAN Tagged 99 
SSID3: Alfheim - VLAN Tagged 70 
SSID4: Helheim - VLAN Tagged 60

 

 

I set up the whole network and used my Windows laptop and Android phone to check it going thru all VLANs and SSIDs with absolutely no issues. Then my colleagues came to work and noticed the following issues:

  • iPhones once they switch SSID will not receive the new VLAN IP address, they will retain the old IP or will receive an IP from the VLAN 1. This doesn’t happen with Android phones.
  • Network printer will not get the reserved IP will just get a random IP from the VLAN1 DHCP pool
  • 2 MacBook Air will only get IPs from the VLAN1 no matter which SSID they get connected to.
  • Randomly computers will not get thru to the Internet although they have the correct network configuration from the correct VLAN and can access network resources. If one does a release/renew of the DHCP lease the computer gets the same network configuration and can access the internet.

 

Please let me know what can cause the anomalies or what am I doing wrong with the configuration.



This thread was automatically locked due to age.