How to manage switch from Central?

I too am wondering this, and we are getting conflicting answers as to whether the Switch support and services is required to manage the switch from Sophos Central and obtain firmware updates. 

In Sophos Central, the "Switches" option is there to add and register a switch, but can you manage it, or doe the settings only become read-only?

The datasheet claims that Support and services is needed for Central Management of the switch.

sophos released a notice that said the switch support access will be enforced beginning July, which means you could manage the switces in Sophos Central without the subscription until then. partnernews.sophos.com/.../

If a customer has switch models registered in Sophos Central which are not covered by a Support and Services subscription:

• the switches remain visible but in a suspended state
  • Configuration changes will not be possible
  • Scheduled backups will not occur
  • Firmware upgrades will not be available

You will need "Sophos Switch CSxxx-xxxx" + "Support & Services", the switch by default is on VLAN1, and will accept DHCP, or if DHCP fails has a fallback default IP, if the switch is able to initially get an IP address from DHCP, and you put the Serial Number in Central within a 15-miinute window, then your switch is managed from Central.

You can pass down configurations, or group policies for groups of switches from Central, manage firmware, port naming, configuration and backups.

More features will be coming to Switch Central over time, until everything is done entirely from Central.  You also have the ability to send batch CLI commands to configure or request info from the switches via Central.

If you want to change the native or management VLAN, you would make the adjustment in Central by creating your VLANS, and then under Networks assigning the Management VLAN to a network.  For your use case above, just add VLANS from Central after the swithc is registered.  Adding VLANs from the switch first will not sync back up to Central (yet).

Matthew Ritchie said:

put the Serial Number in Central within a 15-miinute window, then your switch is managed from Central.

But that's only if the Support and Services subscription is purchased? What are the options for home users, is the Support & Services license still enforced and required with the home license?

Any idea how much this support licence would cost per year for one switch?

Ok, this site Avanet states here www.avanet.com/.../

Subscription price

Sophos sets the price for service and support here at 10% of the hardware price, and at 8% for a 3-year license.

Admittedly, at the current time, the features of the Sevice are very weak. It’s a bit like choosing Autopilot when you buy a Tesla. First and foremost, you buy the potential that will follow. In the case of the switch, these would be features such as Synchronized Security or XDR/MTR functions.

Remember to work with your local Sophos SE and Account reps, and your Sophos partner of choice, they will work with you to ensure you get what you need and fully explain capabilities and roadmap items. It also ensures your feedback goes to the teams responsible for making things happen for Sophos Switch. A home use license of Sophos Switch is not a thing yet, but the switches are powerful and managed via local UI if you dont use Central, or just buy the Support with it and manage it in Central for 3 years.   The ability to send configuration changes from Central to multiple switches at once, or pull requests directly out of multiple switches at once can be extremely useful, plus backup, utilization, poe info, network configuration, vlan, QoS, LAG and LACP, Location data, group policy by site and of course much more to come.

Also, i would argue the Tesla illustration is misplaced, our switches have never run anyone off the road 

Another user also asked where do we download the firmware updates from to install locally from the switch's web UI?

From the site:

If the subscription is no longer renewed, there is of course no more telephone support, the warranty service is standard again, the Central Management is in read-only mode and the firmware updates have to be installed locally again.

If it's true that support cost is 10% of the hardware cost, then $50 a year is not too much to complain about. And if firmware can be installed manually even without the support subscription, where do we get these firmware updates from? 

I bought the switch from Corporate Armor, but wasn't aware the support subscription was required. oops... home users have a harder time finding out this info and who these partners are.

Do you have a Central Dashboard set up? Check in "Protect Devices" do you see the following section?

Remote PoE port power cycle is a must-have feature for a cloud managed switch.

Right now, an AP reported offline. I cannot see its IP address in switch MAC table either. I have no idea what's going on. All I can do is to power cycle the port, and hope the AP will come back. Right now, I have to VPN into the network and use the local GUI to power cycle the port.

I agree with you. A cloud managed switch like Meraki switch is very helpful.

 myu_satech lol, ok, this is a bit of post hijacking sir, but this would be handled from Central as well.

Select the switch in question in Central, select "Run Commands"
#show power inline GigabitEthernet 0/1 (or port you identified as needing the cycle)
# conf t
# interface GigabitEthernet 0/1
# power reset 

Press Enter to send the command to the switch and you're done, just verify the LLDP/CDP info from the port once its back up. This would all be handled from Central, and also across large distribution of switches if you had to, not that you would often.

Also, be sure you dont let your license expire with Meraki ok, hate to have an entire organization go offline because you didn't pay...sounds like ransomware, but somehow people believe it isn't 

Glad to know it can be done remotely.

Another commonly used feature -- I assume can be done via cli, but will be for sure better if GUI can do that. Users often need to change where they connect VoIP phone. So, it will be very handy if I can set per port voice vlan via central.

Yep, its pending QA at the moment, but it will be there for you shortly for Voice VLAN and Auto Voice VLAN.