Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=trouble_202007061402030026

Troubleshooting inactive RED access points

After RED access points in a VLAN restart, Sophos Firewall shows them as Inactive.

Condition

You can configure SD-RED 20, SD-RED 60, and RED 15w as access points. When a RED access point is located in a VLAN, and you restart it, Sophos Firewall may show it as Inactive. After 30 retries, the RED gets a LAN IP address from the DHCP server. The RED access point now shows as Active again.

Cause

DHCP option 234 isn't configured for the VLAN interface of the RED. After the RED restarts, it doesn't get an IP address on its VLAN interface.

Remedy

  1. Click Console in the list in the upper-right corner and type 4 for Device Console.

  2. Attach the DHCP option as follows:

    system dhcp dhcp-options binding add dhcpname <dhcp server name> optionname dhcp_magic_ip(234) value <interface ip address>

    Replace <dhcp server name> with your DHCP server's name in the RED access point VLAN. Replace <interface IP address> with the IP address you configured for the RED access point interface connected to the VLAN.

    Within a short amount of time, the RED access point receives an IP address on the VLAN interface.

  3. To check your settings, use the following command:

    system dhcp dhcp-options binding show dhcpname

    Replace <dhcp server name> with your DHCP server's name in the RED access point VLAN.

More resources