Reworked overview of my part - We are working now 2 weeks on the Sophos Switch to get it configured to apply to our customer situation:
Still existing problems:
Turn On Serdes Mac_Polling_PHY Config Enable PHY Polling Misc PHY init (unit 0) Mgmt_dev init (unit 0)Enter Esc key to stop autoboot: 0## Booting image from partition ... 1Skipping bad block 0x06220000 <-------------------------------- ERROR ????## Booting kernel from Legacy Image at 81000000 ... Image Name: IMG-01.0.0754 Created: 2021-11-25 8:30:39 UTC Image Type: MIPS Linux Kernel Image (lzma compressed) Data Size: 20264466 Bytes = 19.3 MB
Current Switch:
Model: CS110-24FPFirmware Version : 01.0.0754Logging Option : Console LoggingLogin Authentication Mode : LocalConfig Save Status : SuccessfulRemote Save Status : Not InitiatedConfig Restore Status : SuccessfulTraffic Separation Control : noneLoader Version : 03.02.01Protocol Version : 3.02.243aHardware Version : 1.0.0
Here is my sequence until i run into the error/problem - hopefully some can give us any hint on it:
Reset Switch
restore-defaultsNote: Reset also to default password (Sticker backside)
Script Block 1 General system settings
conf tsystem name "RT-DE010001"system contact "Martin Mustermanr"system location "Germany Aachen"set system description "Sophos CS110-24FP"set switch-name RT-DE010001username admin password Passw0rd! confirm-password Passw0rd! privilege 15
Script Block 2 - Create the Vlans and assign the Ports
vlan 1ports name Managementexitvlan 10ports name Serverexitvlan 11ports name VoicePbxexitvlan 15ports name WlcAccessPointsexitvlan 20ports name Clientsports add gigabitethernet 0/23 untagged gigabitethernet 0/23exitvlan 30ports name Printerexitvlan 99ports name TransferToFirewallports add gigabitethernet 0/1 untagged gigabitethernet 0/1ports add gigabitethernet 0/7 untagged gigabitethernet 0/7exitvlan 998ports name FirewallHaports add gigabitethernet 0/5 untagged gigabitethernet 0/5ports add gigabitethernet 0/11 untagged gigabitethernet 0/11exitvlan 999ports name WANports add gigabitethernet 0/3 untagged gigabitethernet 0/3ports add gigabitethernet 0/9 untagged gigabitethernet 0/9ports add gigabitethernet 0/17 untagged gigabitethernet 0/17exit
Script Block 3 - Setup Management VLAN with IP
int vlan 1description "Management VLAN"#to switch to static ip remove in config file: ip address dhcp -> ERROR: % Address allocation method must be manual to configure IP Addressno ip addressip address 10.30.0.1 255.255.255.0exit
Note: If you not stop here and wait you will see errors like this:
#RT-DE010001(config)# int vlan 99#RT-DE010001(config-if)# description "Transfer to Firewall VLAN"#RT-DE010001(config-if)# ip address 10.99.30.1 255.255.255.0#% Invalid SubnetMask For the Given Ipaddress# after waiting same command works suddenly !
Script Block 4 - Add more L3 vlan interfaces with IP
int vlan 99description "Transfer to Firewall VLAN"ip address 10.99.30.1 255.255.255.0exit
int vlan 10description "Server VLAN"ip address 10.30.10.1 255.255.255.0exit
int vlan 15description "WiFi WLC and AP VLAN"ip address 10.30.15.1 255.255.255.0exit
int vlan 20description "Clients VLAN"ip address 10.30.20.1 255.255.255.0
ERROR --> % No free interfaces are available
After adding the 4th vlan interface we always face this error message - same to local Web UI !
Script planned to finish configuration L3 interfaces but impossible:
int vlan 20description "Clients VLAN"ip address 10.30.20.1 255.255.255.0exit
int vlan 21description "Clients VLAN"ip address 10.30.21.1 255.255.255.0exit
int vlan 22description "Clients VLAN"ip address 10.30.22.1 255.255.255.0exit
int vlan 30description "Printer VLAN"ip address 10.30.30.1 255.255.255.0exit
Script Block to finish port setup
int gigabitethernet 0/1description "Sophos A Lan"switchport pvid 99switchport acceptable-frame-type allswitchport ingress-filterexit
int gigabitethernet 0/7description "Sophos B Lan"switchport pvid 99switchport acceptable-frame-type allswitchport ingress-filterexit
int gigabitethernet 0/5description "Sophos A HA"switchport pvid 998switchport acceptable-frame-type allswitchport ingress-filterexit
int gigabitethernet 0/11description "Sophos B HA"switchport pvid 998switchport acceptable-frame-type allswitchport ingress-filterexit
int gigabitethernet 0/3description "Sophos A WAN"switchport pvid 999switchport acceptable-frame-type allswitchport ingress-filterexit
int gigabitethernet 0/9description "Sophos B WAN"switchport pvid 999switchport acceptable-frame-type allswitchport ingress-filterexit
int gigabitethernet 0/17description "Router WAN"switchport pvid 999switchport acceptable-frame-type allswitchport ingress-filterexit
int gigabitethernet 0/23description "Laptop Client Network"switchport pvid 20switchport acceptable-frame-type allswitchport ingress-filterexit
# Route to actve Sophos HA LAN interfaceip route 0.0.0.0 0.0.0.0 10.99.30.254exitsave
We have also opened a ticket and also escalate it but from Sophos until now only unqualified replies!I am wondering that in this Switch section only people are reviewing but it looks to me most are also try to understand the product !I also hope we can exchange here more experience with the switches
I have already open a ticket but after 6 days no reply from support ! MAybe i have to ask a diffrent way: Does the Sophos switch support Layer 3 static routing as defined as:Layer 3 static routing: This capability allows you to segment your network into separate workgroups and communicate across VLANs without degrading application performance. As a result, you can manage internal routing with your switches and dedicate your router to external traffic and security, helping your network run more efficiently.
Does a Sophos Switch have this: Layer 3 interface - Configuration of Layer 3 interface on physical port, LAG, VLAN interface, or loopback interface
A simple 200 EUR switch of Cisco is supporting it as SG250 series or CBS 250 series starting from the 8 port model !
Expert-Zone.Net IT ConsultingNeuenhofer Weg 23 • D-52074 Aachen
Link to the datasheet:
https://www.sophos.com/en-us/medialibrary/pdfs/factsheets/sophos-switch-ds.pdf
Feature is mention here as i understand - feel free to update me if i am wrong:
Finally we got an answer from our Distributor Infinigate - Big Thanks
The feature is planned but not fully implemented for now !
L3 interfaces and static routing will be implemented in one of the future firmware updates !
We are still waiting for a clear answer from Sophos and will update this thread when we have more details !
Is this implemented already or Sophos is still behind?
Short Update:Feature is now present but with the known limitation to 3 IP vlan interfaces! the 4th IP is for the switch management reserved - Also Central support this configuration now!PS: For myself and my customers this is definitely not enough, and we never configure routing on a firewall! So we still use other brand for L3 routing
I would like to meet guy who decided to have 3 VLANs with IP addresses . We got some switches and returning them back to Sophos requesting full refund as well as to cover all cost for shipping, returning, customs and VAT we have paid. They are doing false advertising. that's wrong and punishable by the law .
Actually it is easy to answer: Use a Layer3 router feature on a firewall and not on the Switch.
It is the year 2023 and we should consider to "not use a Layer3 router without anything for our internal network".
Simply connect the VLAN to your firewall solution and do the routing there.
Sophos is not pointing out, the Switch is used for core switch business. It is a Access Layer switch. Who is routing L3 there?
The Sophos Switch Series offers a range of 8-, 24-, and 48-port network access layer switches
__________________________________________________________________________________________________________________
BTW: The document was adjusted to reflect the current situation:
https://www.sophos.com/en-us/products/sophos-switch/features
read your datasheet here regarding switch routing.
The doc is not updated yet. See: www.sophos.com/.../features