Using DHCP to get the IP of a Sophos Access Point

  • Article ID: 119131
  • Rating:
  • 7 customers rated this article 1.9 out of 6
  • Updated: 27 Mar 2014

This article explains how Dynamic Host Configuration Protocol (DHCP) is used to get the IP address of a Sophos Access Point (AP).

Known to apply to the following Sophos product(s) and version(s)

Sophos UTM
Astaro Access Points

Operating systems
Sophos UTM 9.100 or higher

Using DHCP for getting an IP of the Access Point

When the Ethernet interface is configured the AP tries to connect to the UTM using the "magic IP" address of: 1.2.3.4.

When Wireless Security is enabled, a UTM will redirect all packets destined for the address 1.2.3.4 to itself and therefore enables the AP to connect to any UTM in its upstream path (default gateway).

Furthermore, the AP can use a special DHCP option to select the target UTM:

{ OPTION_IP , 0xea }, /* wireless-security-magic-ip */

By default the UTM will include its own IP as the magic IP in its DHCP server configuration.

Finding the managing AXG

When the cable is plugged in, the client uses DHCP request broadcasts. The DHCP client uses a Parameter Request List in its DHCP Discover message which requests certain parameters from the DHCP server. If the DHCP server provides a special parameter (code 234, wifi-magic-ip) it will be used as the IP address to connect to when starting the control connection. (Alternative: use 'finger- server' code 73, or 'irc-server' code 74, since those are already defined via the DHCP RFC).

Snippet from the UTM ISC V3.0.3 DHCP server configuration file:

option wireless-security-magic-ip code 234 = ip-address; option wireless- security-magic-ip 212.110.111.112;

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments