Skip to content
Any configuration changes made locally on the switch won't be synchronized with Sophos Central. We recommend making changes from the Sophos Central control panel instead.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/switch/help/en-us/index.html?contextId=user-guide-features-howto-console-port

Recover a switch with a console port

Recover a switch with a corrupted firmware image using a console connection.

Process

When Sophos Switch can't boot any active or backup partition images, it starts in bootloader mode. When in this mode, you must upload a new firmware file in .bix format from a TFTP server.

The supported switch models with an RJ45 console port are as follows:

  • CS110-24
  • CS110-24FP
  • CS110-48
  • CS110-48P
  • CS110-48FP
  • CS210-8FP
  • CS210-48FP
  • CS1010-8FP

How to recover the switch

This example uses Tftpd64 as the TFTP server. You can use any server with the same settings.

To recover the switch using the console port, do as follows:

  1. Sign in to your Sophos Central account and go to Devices > Installers.
  2. Under Switches, click Download recovery image.
  3. Locate the .zip file and extract it to the location of your choice.

  4. Configure the Windows device's Ethernet port with a static IP address of 172.16.16.20.

    Note

    The default IP address of the switch is 172.16.16.239. If your Windows device isn't on the same subnet as the default IP address, the switch won't be able to connect to the TFTP server.

  5. Configure the TFTP server with the following settings:

    • Base Directory: Set this to the folder where you extracted your recovery image.
    • TFTP security: None
    • PXE compatibility: Selected
    • Allow '\' as virtual root: Selected

  6. Start the TFTP server.

  7. Connect to the switch using the console port.
  8. Open any terminal emulation program, such as PuTTY.

  9. Select the COM port, and use the following settings:

    • Baud Rate: 115200
    • Data bits: 8
    • Parity: None
    • Stop bits: 1
    • Flow Control: None

    Press Enter on your keyboard to connect to the CLI.

  10. Sign in using the username 'admin' and the unique password for this switch.

    Tip

    The unique password is located on a sticker on the chassis of the switch. An additional sticker is in the packaging.

  11. Select option 5 to check the current IP address of the switch. It should be the default IP address, 172.16.16.239.

  12. Select option 1 to set the IP address of your TFTP server.
  13. Enter 172.16.16.20.
  14. Select option 3 and enter 1 to upgrade partition 1.

  15. Enter the name of the .bix recovery image file on your TFTP server. The file name looks like one of the following examples:

    • series_vmlinux.bix
    • CS-RTL93xx_fw_3.02.260c_20220406-1658.bix
    • CS-RTL838x_fw_2.02.260c_20220406-1658.bix

    Note

    Make sure you use the correct recovery image for your switch. The .zip file downloaded from Sophos Central contains recovery images for switches with and without console ports.

  16. Press Enter to start the recovery process.

The switch connects to the TFTP server, loads the image, and restarts automatically. The process takes five to ten minutes to write the file and restart.