WLAN on VLAN with ZD1200 - ICX7150 & Sophos XG fw

ed_fries — Thu, 18 Aug 2022 21:47:18 GMT

New to Ruckus & Sophos, attempting to set up a WLAN on VLAN 132.

Problem:
Can connect to WLAN, don't get a lease.
After adding a static IP on VLAN132 subnet, unable to ping DG or Internet.
arp -a doesn't show DG MAC on WIFI interface.

Logs on firewall don't show any traffic in/out for VLAN 132 subnet.
Can ping from switch 10.10.8.2 --> 10.2.132.1
It seems like a WIFI config issue but neither Ruckus or Sophos are part of our normal stack so could be an issue in wifi/switch/firewall.

Thanks for your help!

Equipment
ZD1200 v10.5.0.0 build 212
Switch: Ruckus icx7150-48zp - 10.10.8.2

Firewall: Sophos XG230
VLAN1: 10.10.8.1 on br0
VLAN 132: 10.2.132.1 on br0.132
DHCP Server: enabled on VLAN132

FW Rules

Zone: WIFI

Allow imcp to br0.132,
icmp to to WAN/Any

Any service to WAN from

Switch Config

sw 1/1/10 AP2: untagged vlan1, tagged vlan132
sw 1/2/5 Uplink to sophos: untagged vlan1, tagged132

PORT-VLAN 132, Name WIFIGUEST, Priority level0, On
Untagged Ports: None
Tagged Ports: (U1/M1) 1 2 3 4 5 6 7 8 9 10 11 12
Tagged Ports: (U1/M1) 13
Tagged Ports: (U1/M2) 1 5

WLAN Config

Tx. Rate of Management Frame(2.4GHz) = 2.0Mbps
Tx. Rate of Management Frame(5GHz) = 6.0Mbps
Beacon Interval = 100ms
SSID = xTest
Description = TEST
Type = Standard Usage
Authentication = open
Encryption = wpa2
Algorithm = aes
Passphrase = testing123
FT Roaming = Enabled
802.11k Neighbor report = Enabled
Web Authentication = Disabled
Authentication Server = Disabled
Called-Station-Id type = wlan-bssid
Tunnel Mode = Disabled
Background Scanning = Enabled
Max. Clients = 100
Isolation per AP = Enabled
Isolation across AP = Enabled
Zero-IT Activation = Disabled
Priority = High
Load Balancing = Disabled
Band Balancing = Disabled
Dynamic PSK = Disabled
Rate Limiting Uplink = Disabled
PerSSID Rate Limiting Uplink = 50
Rate Limiting Downlink = Disabled
PerSSID Rate Limiting Downlink = 0
Auto-Proxy configuration:
Status = Disabled
Inactivity Timeout:
Status = Enabled
Timeout = 5 Minutes
VLAN-ID = 132
Dynamic VLAN = Disabled
Closed System = Disabled
Https Redirection = Disabled
OFDM-Only State = Disabled
Multicast Filter State = Disabled
Directed Multicast= Enabled
802.11d State = Disabled
Force DHCP State = Disabled
Force DHCP Timeout = 10
DHCP Option82:
Status = Disabled
Option82 sub-Option1 = Disabled
Option82 sub-Option2 = Disabled
Option82 sub-Option150 = Disabled
Option82 sub-Option151 = Disabled
Ignore unauthorized client statistic = Disabled
STA Info Extraction State = Enabled
BSS Minrate = Disabled
DTIM period = 1
Directed MC/BC Threshold = 5
Call Admission Control State = Disabled
PMK Cache Timeout= 720 minutes
PMK Cache for Reconnect= Enabled
NAS-ID Type= wlan-bssid
Roaming Acct-Interim-Update= Disabled
PAP Message Authenticator = Enabled
Send EAP-Failure = Disabled
L2/MAC = No ACLS
L3/L4/IP Address = No ACLS
L3/L4/IPv6 Address = No ACLS
Precedence = Default
Proxy ARP = Disabled
Device Policy = No ACLS
Vlan Pool = No Pools
Role based Access Control Policy = Disabled
SmartRoam = Disabled Roam-factor = 1
White List = vlan132
URL Filtering = Disabled
Application Recognition & Control = Disabled
Apply ARC Policy = NO POLICY
Client Flow Data Logging = Disabled
Wlan Bind = all
Client Connection Data = Disabled
Transient Client Management = Disabled
80211w-pmf = Disabled

WhiteList: vlan132
whitelist

topic WLAN on VLAN with ZD1200 - ICX7150 & Sophos XG fw in ZoneDirector

WLAN on VLAN with ZD1200 - ICX7150 & Sophos XG fw