Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 841 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

addresses from multiple DHCP scopes incorrectly assigned to single network

AccuMegalith
Setup:

  • Port eth7 used to connect to wireless access points via siwtch-based VLAN

    • Interface named "infrastructure IF," configured with address 192.3.1.1/24
    • DHCP scope "infrastructure scope" with range 192.3.1.10-20/24, assigned to "infrastructure IF" interface

  • Corporate wireless network, SSID "corp," WPA2-enterprise, hidden/connection via Windows GPO

  • auto-created interface "wlan0," assigned IP 192.3.31.1/24, named "corp wireless"
  • created "corp wireless scope" DHCP scope with range 192.3.31.100-200/24, assigned to "corp wireless" interface

  • guest wireless network, SSID "public," no encryption, assigned to password-of-the-day portal

    • auto-created interface wlan1," assigned IP 192.3.32.1/24, named "public wireless"
    • created "public wireless scope" DHCP scope with range 192.3.32.100-200/24, assigned to "public wireless" interface


Both wireless networks assigned to all available access points.

Connecting to either network works as expected, no issues there.  The issue I do have is that both the corp and public wireless clients are getting addresses seemingly at random from all three DHCP scopes.  The APs are still only getting them from the infrastructure scope, but that's only because they have a long lease time and have yet to renew.  This is causing the subnet-based firewall rules and traffic segreation to not work as expected.  Seeing as how each scope is assigned to a specific interface, as is the SSID/network, I don't understand how this is happening.  Based on how I've configured this, I'd expect clients connecting to the corp SSID to get corp-scope addresses and those connecting to the public SSID to get public-scope addresses.

Is this a bug?  Am I missing some advanced setting(s)?  We can't deploy wireless until I have a resolution or workaround.  Segregating the traffic is essential, as are different firewall rules for public vs private.


This thread was automatically locked due to age.
  • 0
    Hi, AccuMegalith, and welcome to the User BB!

    Please always remember to state your exact version - 9.003-16?

    It appears that you're new with this device.  Someone with more experience with this product should be able to find your error quickly.  I suggest that you ask your reseller to open a ticket with Sophos Support.

    Cheers - Bob