Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 23420 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AP / Cisco Switch

guru-seelbach
Hello,
i have a problem with a DHCP service and a Sophos AP connected to a Cisco Switch.

Here my configuration:
I have two VLANs 1 (default  / internal) and 20 (guest)
DHCP service for VLAN 1 does an Windows 2008 R2 and
for VLAN 20 does the UTM DHCP service. With two different ip ranges.

The Ports for the UTM and the Accespoint are trunked.

UTM version is 9.315
Sohos AP 50
Cisco Catalyst C2960S-48LPS-L

So my problem...
If i connect to WLAN 1, which is bridged to VLAN 1 a don't get an IP address.
When i connect to the WLAN 20, which is bridged to VLAN 20 i get an one and everything works fine.

I tried already an other switch from HP and everything works. So i thing some configuration on my Cisco switch is wrong...


This thread was automatically locked due to age.
  • 0
    Hi, and welcome to the User BB!

    VLAN 1 is reserved in the UTM.  Just change that to 10 and things will work.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi Bob,
    thanks for the reply.
    I tried to change it from 1 to an other. 
    My new configuration is UTM and Internal VLAN 60 and Guest 70.
    But i have the same problem...

    I can see in Wireshark that die Client is trying to get an IP (Broadcast) but it don't get  an reply from the DHCP-Server.
  • 0
    Is the UTM serving DHCP for the segment the client is on?  Does the VLAN switch need to be re-configured?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi Bob,
    yes, for the client segment the UTM is DHCP. 
    What do you mean re-configured? I configured the new VLANs 60 and 70...

    Thanks 
    Sascha
  • 0
    Sascha, what do you see in the DHCP Live Log - are the requests reaching the UTM?  As you said in Post #1, it does seem like a problem with the settings in the Cisco switch.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    On the UTM, do you have DHCP server instances set for both VLAN 60 and 70 interfaces?  Besides checking the DHCP log, you can also try a TCPDump from shell to live monitor the traffic and see if the broadcast traffic is even reaching the UTM.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Scott, at one point, I watched the DHCP Live Log along with tcpdump -i eth0 port 67 or port 68 -e -n and the Live Log showed the same activity.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    So you saw the broadcast request from the client and the reply?  If so, leads one to conclude that the issue is with the switch config.  The OP could do a packet capture on the switch and see what's going on from that end.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    So, 
    sorry for the late replay.
    I found the problem, it is the Cisco Switch configuration.
    If i configure on other nativ VLAN on the trunk Port than the AP has as "AP VLAN" everything works fine...
    So my solution is to change the nativ VLAN from the trunk ports where die APs are connected.
Cookie Information Banner