XTM 330 - VLAN Setup for WIFI

Hello everyone,

I want to set up a VLAN for wifi. separate VLAN for customers and for employees. Currently, customers connected to wifi are on the same network with employees. We have here UniFi Switch and Unifi AP. The UniFi switch is connected to our XTM 330. I have already set up the SSID on the AP to get IP addresses from the firebox. But as soon as I try to connect my devices to that SSID, and when I check on the logs, I get

Deny 67/udp 0 0 4-VLAN Firebox Denied 314 64 (Unhandled External Packet-00)

In my network configuration, I configured Interface 4 as VLAN and made a VLAN ID 5 & 10 both zones are Trusted.

IPv4 Address of the VLAN ID 5 is set to (DHCP Server)
IPv4 Address of the VLAN ID 10 is set to (DHCP Server)

That SSID from UniFi which I'm trying to connect to is set to VLAN 10. So it should get IP Addresses from -

But yea, it's stuck at "Obtaining IP Address"

Also tried diagnostic task for TCP Dump, put this on the argument: -ni eth4 -net

and this is what I got

tcpdump: WARNING: eth4: no IPv4 address assigned
tcpdump: syntax error

Maybe some of you had already experienced this. I really need help with this.




  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Carl

    The firewall will say anything is external that it doesn't have a network for -- since we don't have, it'll treat that as External.

    If we're expecting VLAN10, that means that the traffic isn't being tagged that way to the firewall, and the issue is likely at the switch. In order to

    You don't need the extra dash before net, that's the syntax error. You'll always see the no IP assigned because the VLAN is where the actual IPs are assigned. You can just ignore it.

    "-ni eth4 net"

    The log line suggests that we're seeing it untagged, which the firewall will ignore if it's not configured to handle that traffic as untagged.

    Thank you,

    -James Carson
    WatchGuard Customer Support

Sign In to comment.