Options

WatchGuard M270 connection to Aruba switch

tantonytantony
in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

I have a WatchGuard M270 firewall with 2 subnets
Interface 1, 10.0.1.5/ 24 (LAN)
Interface 3, 10.0.3.1 /24 (Wireless)
No VLANs, flat network

On the Aruba 2390F switches
Native VLAN 1
VLAN 302 labeled Wireless

Port 1 on the Aruba goes to interface 1 of the firewall (10.0.1.5)
Port 46 on the Aruba goes to interface 3 of the firewall (10.0.3.1)
Port 46 is (U) untagged with VLAN 302

My question is, how does port 46 know to get the Wireless 10.0.3.1 network? Because port 46 is on VLAN 302 which doesn't exist in the Firewall.

This was the answer I got from Aruba community. Please see if its correct because I need to create a new network on the M270 and I want to make sure its right.

This is the question I asked on Aruba switch forum for reference.

https://community.arubanetworks.com/discussion/aruba-2390f-vlans-1?ReturnUrl=/community-home/digestviewer?communitykey=0e07426b-9490-40f0-bb66-f95a4b8a674f

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @tantony
    If both interfaces are arriving at the firewall untagged, the firewall will just need those networks configured as physical interfaces.

    In this instance the firewall would be 10.0.3.1 (the default gateway for the network.) Traffic will ARP for the gateway's MAC address, the firewall will respond, and the switch will forward it to that address.

    VLAN302 is just a tag or header in the actual traffic -- since the switch is stripping that data the firewall doesn't know or care about the VLAN number -- just the actual network address.

    -James Carson
    WatchGuard Customer Support

  • Options
    tantonytantony

    ok thank you

Sign In to comment.