Hello,
we replaced our UTM with the new XGS.
Our Wifi Access Points AP55C moved to Sophos Central.
We have 3 SSIDs (Corp (VLAN31), Guest VLAN33), Free (VLAN32)).
The Corp SSID was working on the UTM with Radius-Server (ActiveDirectory Users).
In Sophos Central SSID Setup i entered the internal LAN IP Adress of my Radius-Server. But the Access Point can not connect to it.
The Radius is on my default LAN (192.168.10.0) Network.
The msg in Sophos Central:
Access Point "ETHACP04_AP55C [A4005866XXXXXXX]" radius server 192.168.10.21 : 1812 is unreachable
Can you help me please?
Sorry for my bad english.
Best regards
Phil
Do you see in a packet capture the packets flowing to this ip or not?
__________________________________________________________________________________________________________________
No, there is nothing. No packets from the wifi vlan or from the Access Point in that vlan to the Radius. But they are configured. A authentication request pops up when i try to connect to the wifi.
Central Wireless works without a VLAN. So the Access Point has to work in untagged network.
So my config is:
LAN: 192.168.10.0 /24
Radius on DC: 192.168.10.21
Wifi Guests: VLAN 33: 192.168.33.0/24 (working fine)
Wifi Free: VLAN 32: 192.168.32.0/24 (working fine)
Wifi Corp: VLAN 31: 192.168.31.0/24 (not working)
Ports, Rules, VLANs, DHCPs configured on the XG.
Vlans also configured on the switch in between.
Are the Access Points forwarding the RADIUS Requests directly to my radius server or will that forwarded to Sophos Central?
my access points them self are in the VLAN 30 untagged. (Vlan for AP Devices only)
OK. i forgott to let the Access Point Network itself talk to the RADIUS Server. So the SSID Network only is not enough. Thank you!
So the access point in Central wireless will communicate untagged. This is a different behavior compared to UTM. Check if the access point is reachable and get an ip in the untagged network.
Then check if you see any kind of traffic on the radius server port 1812