Skip to content
Any configuration changes made locally on the switch won't be synchronized with Sophos Central. We recommend making changes from the Sophos Central control panel instead.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/switch/help/en-us/index.html?contextId=dhcp-with-vlan-how-to

Configure VLANs on Sophos Switch and Sophos Firewall to get DHCP from Sophos Firewall

You can configure VLANs on Sophos Switch and Sophos Firewall to use Sophos Firewall as a DHCP server.

Video

The following video shows you how to configure VLANs on Sophos Switch.

Network Details

The network configuration shown in this article is only an example. You must change the values to match your network infrastructure.

  • Port 2 of Sophos Firewall connects to the internet.
  • Port 6 of Sophos Firewall connects to Port 8 of Sophos Switch.
  • Port 2 of Sophos Switch connects to a device that is part of the VLAN 100's network. Port 2 is an access port, so traffic is untagged.
  • Port 8 on Sophos Switch is a trunk port, so traffic is tagged.

  • The network looks like the following diagram.

    Network schema with VLANs, Sophos Switch, and Sophos Firewall.

Configure a VLAN on Sophos Switch

Configure a VLAN on Sophos Switch as follows:

  1. Go to Configure > VLAN settings > 802.1Q.
  2. Click Add.

  3. Configure the settings as follows:

    • VID: 100
    • Name: VLAN100

  4. Click Apply.

  5. Select the VLAN you created and click Edit.
  6. Click Tagged and select port 8.
  7. Click Untagged and select port 2.

  8. Confirm GVRP advertisment is Turned on and click the tick mark.

    Port tagging settings for VLAN on Sophos Switch.

  9. Click Apply.

  10. Go to PVID and ingress filter.
  11. Select port 8 and click Edit.

  12. Configure the settings as follows:

    • PVID: 100 (VLAN100)
    • Ingress filtering: On
    • Accept type: All

  13. Click Apply.

    PVID and ingress filter settings.

Configure a VLAN interface on Sophos Firewall

Configure the VLAN interface on Sophos Firewall as follows:

  1. Sign in to the Sophos Firewall web admin console.
  2. Go to Network > Interfaces > Add Interface.
  3. Click Add VLAN.

  4. Configure the settings as follows:

    • Name: VLAN_100
    • Interface: Port6
    • VLAN ID: 100
    • IP assignment: Static
    • IPv4/netmask: 172.16.100.1/24

  5. Click Save.

    VLAN configuration on Sophos Firewall.

Configure the DHCP server on Sophos Firewall

Configure the DHCP server for your VLAN on Sophos Firewall as follows:

  1. Go to Network > DHCP and click Add.

  2. Configure the settings as follows:

    • Name: VLAN_100_DHCP
    • Interface: VLAN 100-172.16.100.1
    • Start IP: 172.16.100.2
    • End IP: 172.16.100.254

    DHCP server configuration on Sophos Firewall.

  3. Click Save.

    Devices connected to Port 2 of Sophos Switch can obtain an IP address from the DHCP server created for VLAN100 on Sophos Firewall.

More resources