VLAN configuration with Sophos XG

[cobalt27]

Hi,
Would someone be able to sense-check my attempt to get VLANs running. I'm not sure where I am going wrong.

I have a basic setup - 2 NIC proxmox WAN/LAN rig with a Sophos XG guest as router/LAN DHCP server to all clients (including non-vm clients).

Proxmox rig and everything else is connected via a Cisco SG-300 L2 switch. All works fine with everything on the same VLAN.

Ive setup a UbuntuTestServer VM and want to put this on VLAN (200). I've got part of the way, but i cannot ping the Sophos XG VLAN gateway.

I've tried two different ways, but im not sure which is correct:

1. I have bridged vmbr0 (LAN) to the UbuntuTestServer and TAG'd it with VLAN 200
2. I have also created a new bridge - vmrb2, but with the VLAN tag built in - and also connected this to the UbuntU Test Server

Proxmox network



UbuntuTestServer



Looking on my Cisco SG300 - it appears both of these are working in some way, as the switch sees both guest adapters on VLAN 200 in the dynamic MAC address table



On Sophos XG, I have a VLAN setup with corresponding DHCP server





However, any attempt to ping 192.168.200.1 just times out.

Also, the Cisco only sees the guest adapters on the VLAN when one is configured to a Static IP.

This is my /etc/netplan/50-cloud-init.yaml




I've tried both adapters with static and DHCP, but nothing seems to work and I cannot get to 192.168.200.1. If i try to add 192.168.200.1 to the gateway for vmrb2, i get this error



Any help much appreciated - am sure there is an easy answer!

Thank you

 

[suvithk1]

hi there adding vlan tag 200 to port vmbr0 (lan) should have worked just check for if firewall is enabled for guest NIC.

if the Sophos xg is the guest vm inside the proxmox please remove all the entry for the lan side(vmbr0) the dhcp will release ip from that port after removing the entries try to connect the vm to vmbr0 with tag 200.

only one gate way can be set in proxmox .

 

[cobalt27]

Thanks, I've cleaned this up an now have just the one interface on the UbuntuTestServer (i renamed the mac address so i could identify it easier)



this appears on the Cisco



However still nothing on the sophos. I think this is an issue of going from layer 2 on the cisco to layer 3 in the sophos vm - i dont quite understand how that takes place, which is probably where im going wrong. Do i need to add a dedicated vlan 200 interface to the sophos vm in proxmox?

 

[suvithk1]

hi there cobalt it think the pic will explain better ,

remove the entry for lan(enp6s0f2) and try

>>>>if you are accessing the proxmox through vmbr0 the move the sophos lan link to vmbr2 (after removing the entries for vmbr2 ) & the connect the ubuntu VM (vmbr2 with tag 200)

if you want further help happy to take a remote session and help you out .

 

[cobalt27]

Thanks - but removing the LAN entries from vmbr0 just locks me out of proxmox, so i have no means to administer it

 

[suvithk1]

Thanks - but removing the LAN entries from vmbr0 just locks me out of proxmox, so i have no means to administer it

as i mentioned above if you are connecting through vmbr0 then change sophos lan uplink to vmbr2

 

[cobalt27]

so im not entirely sure what has happened, but after rebooting my whole proxmox rig to reset the LAN IPs (because I was locked out), the vlan now works and the test server has appeared in Sophos, with an IP from the other VLAN.



Thanks for your help

 

[suvithk1]

so just to make sure what is your interface config now ..

 

[cobalt27]

Pretty much the same as I started:





There must have been something in the proxmox restart that flushed the config settings through to make it work