This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems setting up new APX

Hi,

We have a serious issue with a new AP we just received. The AP in question is the APX530. It's hooked up to a port on our Cisco switch which is a VLAN Trunk-type port, able to connect to all of our VLANs (more on this later), with the standard VLAN 1 as default.

Initially the AP grabs an IP from our main DHCP on VLAN 1 (this DHCP is our own, not UTMs) and chimes in as an unauthorized AP. When adding it, I specify that it needs to operate on VLAN 11 (which is where our other APs already work on). This is where the trouble starts. After setting this, the last thing I see in the logs is:

2022:10:18-09:54:17 firewall awed[27105]: [P120082JG9XB4E8] APX530 from 10.150.4.84:53916 identified as P120082JG9XB4E8
2022:10:18-09:54:17 firewall awed[27105]: [P120082JG9XB4E8] (Re-)loaded identity and/or configuration
2022:10:18-09:54:18 firewall awed[27105]: [P120082JG9XB4E8] ll_read: short read or connection error:
2022:10:18-09:54:18 firewall awed[27105]: [P120082JG9XB4E8] disconnected. Close socket and kill process.

It seems like the AP has issues switching to a different VLAN - it SHOULD grab a new IP (this time from the UTM), but it never does. Our other Sophos AP on lease works fine on the same switch port, so it seems to be something with the AP itself.

Any suggestions what the issue might be?



This thread was automatically locked due to age.
Parents Reply Children
  • Did you try to enable AP-Vlan-Tagging and setting AP-Vlan at AP-Level and AP-Group-Level already?

    Also, I would try to set VLAN1 as Tagged VLAN at the switch-port while the AP is "lost".


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.


  • The AP-VLAN-Tagging is the setting that seems to "break" the AP. I've also tried setting VLAN 1 as tagged when it's lost.



    The problem isn't with AP registration. As stated, if I don't switch the VLAN, I can register the AP. Unfortunately we need VLAN tagging for everything to work, and that's where the device fails.

    EDIT:

    Correction. Even without setting a different VLAN it seems the AP fails to register. It only briefly shows up as a valid "unassigned" AP in UTMs AP list; after refreshing the AP shows as inactive with a warning triangle. Otherwise it keeps throwing the same messages in the Wireless log every 2 minutes:

    2022:10:18-12:21:50 firewall awed[20335]: [P120082JG9XB4E8] APX530 from 10.150.4.96:42249 identified as P120082JG9XB4E8 
    2022:10:18-12:21:50 firewall awed[20335]: [P120082JG9XB4E8] (Re-)loaded identity and/or configuration
    2022:10:18-12:21:51 firewall awed[20335]: [P120082JG9XB4E8] ll_read: short read or connection error:
    2022:10:18-12:21:51 firewall awed[20335]: [P120082JG9XB4E8] disconnected. Close socket and kill process.
  • Even if you didn't assign the AP to a group or enable VLAN at the AP ... you will never see the AP as connected?
    (if the AP connects without VLAN, the AP may get a new firmware and would connect later without problems)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • As stated - no. It'll keep cycling with the error message provided in the original question, and will never really appear as "unassigned" (i.e. registered and ready for further config).

  • Well, this is awkward. I've scheduled the latest UTM patch installation yesterday and that took place last night. Today I found the new APX active and waiting to be used like it should.

    Either the new UTM patch had an undocumented fix (I saw nothing related in the patch notes) or an UTM reboot helped. If someone else has a similar issue in the future - a reboot doesn't hurt and could very well solve the issue. ;)