XTM 330 - VLAN Setup for WIFI

Carl

Hello everyone,

I want to set up a VLAN for wifi. separate VLAN for customers and for employees. Currently, customers connected to wifi are on the same network with employees. We have here UniFi Switch and Unifi AP. The UniFi switch is connected to our XTM 330. I have already set up the SSID on the AP to get IP addresses from the firebox. But as soon as I try to connect my devices to that SSID, and when I check on the logs, I get

Deny 0.0.0.0 0.0.0.0 67/udp 0 0 4-VLAN Firebox Denied 314 64 (Unhandled External Packet-00)

In my network configuration, I configured Interface 4 as VLAN and made a VLAN ID 5 & 10 both zones are Trusted.

IPv4 Address of the VLAN ID 5 is set to 192.168.10.1/23 (DHCP Server)
IPv4 Address of the VLAN ID 10 is set to 192.168.20.1/23 (DHCP Server)

That SSID from UniFi which I'm trying to connect to is set to VLAN 10. So it should get IP Addresses from 192.168.20.2 - 192.168.21.254.

But yea, it's stuck at "Obtaining IP Address"

Also tried diagnostic task for TCP Dump, put this on the argument: -ni eth4 -net 192.168.20.0/23

and this is what I got

tcpdump: WARNING: eth4: no IPv4 address assigned
tcpdump: syntax error

Maybe some of you had already experienced this. I really need help with this.

Thanks!

Carl

james.carson

Hi @Carl

The firewall will say anything is external that it doesn't have a network for -- since we don't have 0.0.0.0, it'll treat that as External.

If we're expecting VLAN10, that means that the traffic isn't being tagged that way to the firewall, and the issue is likely at the switch. In order to

You don't need the extra dash before net, that's the syntax error. You'll always see the no IP assigned because the VLAN is where the actual IPs are assigned. You can just ignore it.

Try:
"-ni eth4 net 192.168.20.0/23"

The log line suggests that we're seeing it untagged, which the firewall will ignore if it's not configured to handle that traffic as untagged.

Thank you,