Configuring a SonicPoint Profile


	NOTE: You can use Auto Provisioning to automatically provision SonicPoint profiles. For information on how to enable automatic provisioning, see Enabling Auto Provisioning .

You can add any number of SonicPoint profiles. The SonicPoint profile configuration process varies slightly, depending on whether you are configuring a single-radio (SonicPoint N) or a Dual Radio (SonicPoint AC and SonicPoint NDR) SonicPoint.

The following sections describe how to configure the types of SonicPoint profiles:

•

Configuring a SonicPoint ACe/ACi/N2 or NDR Profile

•

Configuring a SonicPoint N Profile

Configuring a SonicPoint ACe/ACi/N2 or NDR Profile


	IMPORTANT: SonicPoint AC requires POE+ (802.3at Type 2) that supplies 30 watts of peak power.


	NOTE: SonicPoint ACs are supported on appliances running SonicOS 6.2.2 and above, SonicOS 6.3 and above, or SonicOS 6.4 and above.


	TIP: The configuration dialogs for SonicPoint ACe/ACi/N2 and SonicPoint NDA profiles are quite similar. Differences are noted in the procedures. In this section, SonicPoint refers to both SonicPoint ACe/ACi/N2 and SonicPoint NDA.

For a SonicPoint overview, see About SonicPoints .

You can add any number of SonicPoint profiles. The specifics of the configuration vary slightly depending on which SonicPoint profile and protocols you select.

To configure a SonicPoint provisioning profile, complete the following tasks:

Navigate to SonicPoint > SonicPoints page.

Do one of the following:

•

To add a new:

•

SonicPoint AC profile, click Add SonicPoint ACe/ACi/N2 Profile.

•

SonicPoint NDR profile, click Add SonicPoint NDR Profile.

•

To edit an existing AC or NDA profile, click the Configure icon on the same row as the profile you want to edit.

The Add/Edit SonicPoint … Profile dialog appears. The two dialogs are the same except if you are editing an existing profile, the existing settings are displayed.

You configure the SonicPoint profile through settings on these tabs:

•

General Tab

•

Radio 0 Basic and Radio 1 Basic Tabs

•

Radio 0/Radio 1 Advanced Tabs

•

Sensor Tab

General Tab

In the General tab, configure the desired settings:

•

SonicPoint Settings

•

Virtual Access Point Settings

•

L3 SSL VPN Tunnel Settings

•

SonicPoint Administrator Settings

SonicPoint Settings

Check Enable SonicPoint to enable each SonicPoint automatically when it is provisioned with this profile. This option is selected by default.

Optionally, check Retain Settings to have the SonicPoints provisioned by this profile retain portions of their customized settings after they are deleted and resynchronized. The settings are retained until the SonicPoint is rebooted. This option is not selected by default.

If you select this option, Edit becomes active. To specify the settings to retain:

If you are editing an existing SonicPoint profile, click Edit. The Retain Settings dialog displays.

Do one of the following:

•

Click Retain All Settings; all the other options become dimmed.

•

Click the checkboxes of the individual settings to be retained.


	NOTE: The settings for each radio must be selected separately.

Click OK.

Optionally, check Enable RF Monitoring to enable wireless RF Threat Real Time Monitoring and Management. This option is not selected by default. For more information about RF monitoring, see SonicPoint > RF Monitoring .

If you are configuring a:

•

SonicPoint NDR profile, go to Step 5.

•

SonicPoint AC profile, optionally, check Enable LED to enable/disable SonicPoint AC LEDs. This option is not selected by default (LEDs are disabled).

Enter a prefix for the names of all SonicPoints connected to this zone in the Name Prefix field. This prefix assists in identifying SonicPoint on a zone. When each SonicPoint is provisioned, it is given a name that consists of the name prefix and a unique number, for example: SonicPoint AC 126008 or SonicPoint NDR 126009.

Select the country where you are operating the SonicPoints from the Country Code drop-down menu. The country code determines under which regulatory domain the radio operation falls.

From the EAPOL Version drop-down menu, select the version of EAPoL (Extensible Authentication Protocol over LAN) to use: v1 or v2. The default is v2, which provides better security.

Virtual Access Point Settings

Optionally, select an 802.11n Virtual Access Point (VAP) group to assign these SonicPoints to a VAP from the Radio 0 Basic Virtual AP Group and Radio 1 Basic Virtual AP Group drop-down menus. The drop-down menus allow you to create a new VAP group. For more information on VAPs, see SonicPoint > Virtual Access Point .


	NOTE: Selecting a VAP group for Radio 0 and/or Radio 1 affects options on the appropriate Radio 0/1 Basic tabs.

L3 SSL VPN Tunnel Settings

In the SSL VPN Server field, enter the IP address of the SSL VPN server.

In the User Name field, enter the User Name of the SSL VPN server.

In the Password field, enter the Password for the SSL VPN server.

In the Domain field, enter the domain that the SSL VPN server is located in.

Optionally, click Auto-Reconnect for the SonicPoint to auto-reconnect to the SSL VPN server. This option is not selected by default.


	IMPORTANT: To push the settings to the SonicPoint device, connect the SonicPoint device to the SSL VPN Server through a Layer 2 connection.


	NOTE: To configure L3 SSL VPN, click the link to SSL VPN > Client Settings. For information about Layer 3 SSL VPN, refer to SonicPoint Layer 3 Management and SSL VPN > Client Settings .

SonicPoint Administrator Settings

In the Name field, enter the user name for the network administrator.

In the Password field, enter the password for the network administrator.

Radio 0 Basic and Radio 1 Basic Tabs


	NOTE: The available options on these tabs depend on whether a VAP group was selected in the Virtual Access Point Settings on the General tab.

The Radio 0 Basic and Radio 1 Basic tabs are similar and have only a few differences that are noted in the steps.


	NOTE: The sections and options displayed on the Radio 0/1 Basic tabs change depending on whether you selected a VAP group in the Radio 0/1 Virtual AP Group drop-down menus on the General tab and the mode you select in the Mode drop-down menu. These choices apply only to the radio for which they were selected, that is, if you select a VAP for Radio 0 but not Radio 1, Radio 1 is not affected and vice versa.

Click the Radio 0 Basic or Radio 1 Basic tab.

Configure the settings for the 5GHz (Radio 0) and 2.4GHz (Radio 1) band radios:

•

Radio 0/Radio 1 Basic Settings

•

Wireless Security

•

Virtual Access Point Encryption Settings

•

ACL Enforcement

•

Remote MAC Address Access Control Settings

Radio 0/Radio 1 Basic Settings


	NOTE: The options change depending on the mode you select.

Check Enable Radio to enable the 802.11ac radio bands automatically on all SonicPoint ACs provisioned with this profile. This option is selected by default.

•

From the Enable Radio drop-down menu, select a schedule for when the 802.11n radio is on or create a new schedule; default is Always on. You can create a new schedule by selecting Create new schedule to display the Add Schedule menu.

Select your preferred radio mode from the Mode drop-down menu:

Table 69. Radio mode choices
Radio 0 Basic	Radio 1 Basic	Definition
5GHz 802.11n Only	2.4GHz 802.11n Only	Allows only 802.11n clients access to your wireless network. 802.11a/b/g clients are unable to connect under this restricted radio mode.
5GHz 802.11n/a Mixed	2.4GHz 802.11n/g/b Mixed SonicPoint AC/NDR default.	Supports 802.11a and 802.11n (Radio 0) or 802.11b, 802.11g, and 802.11n (Radio 1) clients simultaneously. If your wireless network comprises multiple types of clients, select this mode.
5GHz 802.11a Only SonicPoint NDR default.		Select this mode if only 802.11a clients access your wireless network.
	2.4GHz 802.11g Only	If your wireless network consists only of 802.11g clients, you might select this mode for increased 802.11g performance. You might also select this mode if you wish to prevent 802.11b clients from associating.
5GHz 802.11ac/n/a Mixed SonicPoint AC default.		Supports 802.11ac, 802.11a, and 802.11n (Radio 0) clients simultaneously. If your wireless network comprises multiple types of clients, select this mode.
5GHz 802.11ac Only		Allows only 802.11ac clients access to your wireless network. Other clients are unable to connect under this restricted radio mode.


	TIP: For 802.11n clients only, for optimal throughput speed solely, Dell SonicWALL recommends the 802.11n Only radio mode. Use the 802.11n/b/g Mixed radio mode for multiple wireless client authentication compatibility. For optimal throughput speed solely for 802.11ac clients, SonicWALL recommends the 802.11ac Only radio mode. Use the 802.11ac/n/a Mixed radio mode for multiple wireless client authentication compatibility.

NOTE: The available 802.11n Radio 0/1 Settings options change depending on the mode selected. If the wireless radio is configured for a mode that:

•

Supports 802.11n, the following options are displayed: Radio Band, Primary Channel, Secondary Channel, Enable Short Guard Interval, and Enable Aggregation.

•

Does not support 802.11n, only the Channel option is displayed.

If you are configuring a:

•

SonicPoint AC or a SonicPoint NDR without VAP, go to Step 4.

•

SonicPoint NDR with VAP selected on the General tab, optionally, select Enable DFS Channels to enable the use of Dynamic Frequency Selection (DFS) that allows wireless devices to share the same spectrum with existing radar systems within the 5GHz band.


	TIP: If you select this option, choose either Standard - 2MHz Channel or Wide - 40MHz Channel as the Radio Band. The Primary Channel and Standard Channel drop-down menus then display a choice of available sensitive channels.


	NOTE: This option only appears on the 802.11n Radio 0 tab as the 802.11n Radio 1 does not have a wireless speed connection mode of at least 5GHz.

If you are configuring a:

•

SonicPoint with VAP, go to Step 5.

•

SonicPoint without a VAP group, in the SSID field, enter a recognizable string for the SSID of each SonicPoint using this profile. This is the name that appears in clients’ lists of available wireless connections.


	TIP: If all SonicPoint ACs or NDRs in your organization share the same SSID, it is easier for users to maintain their wireless connection when roaming from one SonicPoint AC/NDR to another.

If the Mode you selected was:

•

5GHz 80211a Only or 2.4GHz 802.11g Only, go to Step 6.

•

Any other mode, select a radio band from the Radio Band drop-down menu:

•

Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. Both the Primary Channel and Secondary Channel are set to Auto also. This is the default setting.

•

Standard - 20MHz Channel—Specifies that Radio 0 uses only the standard 20MHz channel. When this option is selected, the Standard Channel drop-down menu is displayed instead of the Primary Channel and Secondary Channel options.

•

Wide - 40MHz Channel—Available only when 5GHz 802.11ac/n/a or 5GHz 802.11ac is selected for the Radio Band, specifies that Radio 0 uses only the wide 80MHz channel. When this option is selected, only the Channel drop-down menu is active

Select a channel from the Standard/Primary Channel drop-down menu. Depending on the Mode and Radio Band selections, a Secondary Channel drop-down menu displays.

•

Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. This is the default setting for the Standard/Primary Channels. The Secondary Channel Is set to Auto regardless of the setting of Primary Channel.

•

Optionally, you can select a single channel within the range of your regulatory domain. Selecting a specific a channel can also help with avoiding interference with other wireless networks in the area. The available channels depend on which Radio you are configuring; see Figure 23. If you select Wide – 40 MHz Channel for Radio Band, a Secondary Channel displays and is selected automatically by the selection of the Primary Channel.

Table 70. Specific channel choices
Radio 0: Channel/Primary Channel ¹	Radio 1: Standard/Primary Channel	Radio 1: Secondary Channel is set automatically to: ²
Channel 36 (5180MHz)	Channel 1 (2412MHz)	Channel 5 (2432MHz)
Channel 40 (5200MHz)	Channel 2 (2417MHz)	Channel 6 (2437MHz)
Channel 44 (5220MHz)	Channel 3 (2422MHz)	Channel 7 (2442MHz)
Channel 48 (5240MHz)	Channel 4 (2427MHz)	Channel 8 (2447MHz)
Channel 149 (5745MHz)	Channel 5 (2432MHz)	Channel 1 (2412MHz)
Channel 153 (5765MHz)	Channel 6 (2437MHz)	Channel 2 (2417MHz)
Channel 157 (5785MHz)	Channel 7 (2442MHz)	Channel 3 (2422MHz)
Channel 161 (5805MHz)	Channel 8 (2447MHz)	Channel 4 (2427MHz)
Channel 165 (5825MHz) ³	Channel 9 (2452MHz)	Channel 5 (2432MHz)
	Channel 10 (2457MHz)	Channel 6 (2437MHz)
	Channel 11 (2462MHz)	Channel 7 (2442MHz)

The Secondary Channel is available only when 5GHz 802.11n Only or 5GHz 802.11n/a Mixed is selected for Mode and Wide – 40 MHz Channel is selected for Radio Band. The Secondary Channel is always Auto if either Auto is selected for Radio Band or a VAP group is selected on the General tab.

Upon selection of a Primary Channel, the Secondary Channel is set automatically to a preset channel.

This option is available only when 5GHz 802.11n Only, 5GHz 802.11n/a Mixed, or 5GHZ 802.11a Only is selected for Mode and Standard – 20 MHz Channel is selected for Radio Band.

If, from the Radio Band drop-down menu, you selected:

•

5GHz 802.11a Only or 2.4GHz 802.11g Only, and are configuring:

•

SonicPoint AC:

•

Without VAP, go to Wireless Security .

•

With VAP, go to Virtual Access Point Encryption Settings .

•

SonicPoint NDR, go to Step 10.

•

Any other radio band, go to Step 8

Enable Short Guard Interval—Specifies the short guard interval of 400ns (as opposed to the standard guard interval of 800ns).


	NOTE: This option is not available if 5GHz 802.11a Only or 2.4GHz 802.11g Only mode is selected.


	IMPORTANT: To avoid compatibility issues, ensure the wireless client also supports a short guard interval.

A guard interval is a set amount of time between transmissions that is designed to ensure distinct transmissions do not interfere with one another. The guard interval introduces immunity to propagation delays, echoes, and reflections. An access point identifies any signal content received inside this interval as unwanted inter-symbol interference, and rejects that data. The guard interval is a pause in transmission intended to avoid data loss from interference or multipath delays.

The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns (long).

Enabling a short guard interval can decrease network overhead by reducing unnecessary idle time on each access point. A short guard interval of 400 nanoseconds (ns) works in most office environments as distances between points of reflection, as well as between clients, are short. Most reflections are received quickly. The shorter the guard interval, the more efficiency there is in the channel usage, but a shorter guard interval also increases the risk of interference.

Some outdoor deployments might, however, require a longer guard interval. The need for a long guard interval of 800 ns becomes more important as areas become larger, such as in warehouses and in outdoor environments, as reflections and echoes become more likely to continue after the short guard interval would be over.

The guard interval is a pause in transmission intended to avoid data loss from interference or multipath delays and increase 802.11n and 802.11ac data rate. Ensure the wireless client also can support a short guard interval to avoid compatibility issues.


	TIP: The Enable Short Guard Interval and Enable Aggregation options can slightly improve throughput. They both function best in optimum network conditions where users have strong signals with little interference. In networks that experience less than optimum conditions (interference, weak signals, and so on), these options could introduce transmission errors that eliminate any efficiency gains in throughput.

Select Enable Aggregation to enable 802.11n and 802.11ac frame aggregation that combines multiple data frames in a single transmission to reduce overhead and increase throughput.


	NOTE: This option is not available if 5GHz 802.11a Only or 2.4GHz 802.11g Only mode is selected.


	IMPORTANT: To avoid compatibility issues, ensure the wireless client also supports aggregation.

Data over wireless networks are sent as a stream of packets known as data frames. Frame aggregation takes these packets and combines them into fewer, larger packets, thereby allowing an increase in overall performance. Frame aggregation was added to the 802.11n and 802.11ac specification to allow for an additional increase in performance. Frame aggregation is a feature that only 802.11n and 802.11ac clients can take advantage of, as legacy systems are not able to understand the new format of the larger packets.

If you are configuring:

•

SonicPoint AC:

•

Without VAP, go to Wireless Security .

•

With VAP, go to Virtual Access Point Encryption Settings .

•

SonicPoint NDR, optionally select Enable MIMO. This option is selected by default.

The Enable MIMO option enables/disables MIMO (multiple-input multiple output). Enabling this option increases 802.11n throughput by using multiple-input/multiple-output antennas. This option is enabled by default for all 802.11n modes and is dimmed to ensure it is not disabled. The option is activated and selected by default if 5GHz 802.11a Only or 2.4GHz 802.11g Only mode is selected.


	NOTE: Ensure the wireless client also can support these antennas to avoid compatibility issues. If the 802.11a or 502.11g client cannot support these antennas, disable the option by deselecting it.

Wireless Security


	NOTE: If a VAP was selected in the Virtual Access Point Settings section of the General tab, this section is not available. Instead, the Virtual Access Point Encryption Settings section is displayed. Go to Virtual Access Point Encryption Settings .


	NOTE: The options change depending on the authentication type you select.

The Wireless Security sections of both Radio 0 Basic and Radio 1 Basic tabs are the same as for the SonicPoint N 802.11n Radio tab. For how to configure the Wireless Security settings, see Wireless Security .

Virtual Access Point Encryption Settings


	NOTE: This section displays only if a VAP was selected from the Radio 0 Basic/1 Virtual AP Group drop-down menus in the Virtual Access Point Settings section of the General tab.

The Virtual Access Point Encryption Settings section of both Radio 0 Basic and Radio 1 Basic tabs are the same as for the SonicPoint N 802.11n Radio tab. For how to configure the Virtual Access Point Encryption Settings settings, see Virtual Access Point Encryption Settings .

ACL Enforcement

The ACL Enforcement section of both Radio 0 Basic and Radio 1 Basic tabs are the same as for the SonicPoint N 802.11n Radio tab. For how to configure the ACL Enforcement settings, see ACL Enforcement .

Remote MAC Address Access Control Settings


	NOTE: If a VAP was selected in the 802.11n Radio Virtual AP Group drop-down menu on the Settings tab, this section is not available; go to Radio 0/Radio 1 Advanced Tabs .

The Remote MAC Address Access Control Settings section of both 802.11n Radio 0 and 802.11n Radio 1 tabs are the same as for the SonicPoint N 802.11n Radio tab.


	IMPORTANT: You cannot enable the Remote MAC address access control option at the same time that IEEE 802.11i EAP is enabled. If you try to do so, you could receive the following error message: Remote MAC address access control can not be set when IEEE 802.11i EAP is enabled.

Select Enable Remote MAC Access Control. This option enforces radio wireless access control according to the MAC-based authentication policy in the remote Radius server. The Configure button becomes active.

Click Configure. The SonicPoint Radius Server Global Settings dialog displays.

In the appropriate fields, enter the RADIUS server settings that you want. See Table 71.

Table 71. WPA-EAP/WPA2-EAP encryption settings
Option	Description
Radius Server Retries	The number of times SonicOS will attempt to contact the RADIUS server. If the RADIUS server does not respond within the specified number of retries, the connection is dropped.
Retry Interval (seconds)	The time, from 0 to 60 seconds, to wait between retries. The number 0 means no wait between retries.
Radius Server 1 IP	The name/location of your RADIUS authentication server
Radius Server 1 Port	The port on which your RADIUS authentication server communicates with clients and network devices. The default port is 1812.
Radius Server 1 Secret	The secret passcode for your RADIUS authentication server
Radius Server 2	The name/location of your backup RADIUS authentication server
Radius Server 2 Port	The port on which your backup RADIUS authentication server communicates with clients and network devices. The default port is 1812.
Radius Server 2 Secret	The secret passcode for your backup RADIUS authentication server

Click OK.

Radio 0/Radio 1 Advanced Tabs

These settings affect the operation of the Radio 1 Basic radio bands. The SonicPoint has two separate radios built in. Therefore, it can send and receive on both bands at the same time.

The Radio 1 Advanced tab has the same options as the Radio 0 Advanced tab plus other options. The tabs for SonicPoint AC and SonicPoint NDR are quite similar. Differences are noted in the procedure.

To configure the Radio 0/Radio 1 Advanced setting:

Click the Radio 0/1 Advanced tab.

If you:

•

Selected a VAP on the Settings tab, go to Step 3.

•

Did not select a VAP on the Settings tab, optionally, select Hide SSID in Beacon to have the SSID send null SSID beacons in place of advertising the wireless SSID name. Sending null SSID beacons forces wireless clients to know the SSID to connect. This option is unchecked by default.

From the Schedule IDS Scan drop-down menu, select a schedule for the IDS (Intrusion Detection Service) scan. Select a time when there are fewer demands on the wireless network to minimize the inconvenience of dropped wireless connections. You can create your own schedule by selecting Create new schedule or disable the feature by selecting Disabled, the default.


	NOTE: IDS offers a wide selection of intrusion detection features to protect the network against wireless threats. This feature detects attacks against the WLAN Infrastructure that consists of authorized access points, the RF medium, and the wired network. An authorized or valid-AP is defined as an access point that belongs to the WLAN infrastructure. The access point is either a SonicPoint or a third-party access point.

From the Data Rate drop-down menu, select the speed at which the data is transmitted and received. Best (default) automatically selects the best rate available in your area given interference and other factors.

From the Transmit Power drop-down menu, select the transmission power. Transmission power effects the range of the SonicPoint.

•

Full Power (default)

•

•

•

•

If you are configuring:

•

SonicPoint AC, go to Step 7.

•

SonicPoint NDR, from the Antenna Diversity drop-down menu, select Best, the default. The Antenna Diversity setting determines which antenna the SonicPoint uses to send and receive data. When Best is selected, the SonicPoint automatically selects the antenna with the strongest, clearest signal.

In the Beacon Interval (milliseconds) field, enter the number of milliseconds between sending wireless SSID beacons. The minimum interval is 100 milliseconds, the maximum is 1000 milliseconds, and the default is 100 milliseconds.

In the DTIM Interval field, enter the DTIM interval in milliseconds. The minimum number of frames is 1, the maximum is 255, and the default is 1.

For 802.11 power-save mode clients of incoming multicast packets, the DTIM interval specifies the number of beacon frames to wait before sending a DTIM (Delivery Traffic Indication Message).

If you are configuring a SonicPoint:

•

SonicPoint AC, go to Step 10.

•

SonicPoint NDR, in the Fragmentation Threshold (bytes) field, enter the number of bytes of fragmented data you want the network to allow. The fragmentation threshold limits the maximum frame size. Limiting frame size reduces the time required to transmit the frame and, therefore, reduces the probability that the frame will be corrupted (at the cost of more data overhead). Fragmented wireless frames increase reliability and throughput in areas with RF interference or poor wireless coverage. Lower threshold numbers produce more fragments. The minimum is 256 bytes, the maximum is 2346 bytes, and the default is 2346 bytes.

In the RTS Threshold (bytes) field, enter the threshold for a packet size, in bytes, at which a request to send (RTS) is sent before packet transmission. Sending an RTS ensures that wireless collisions do not take place in situations where clients are in range of the same access point, but might not be in range of each other. The minimum threshold is 256 bytes, the maximum is 2346 bytes, and the default is 2346 byes.

In the Maximum Client Associations field, enter the maximum number of clients you want each SonicPoint using this profile to support on this radio at one time. The minimum number of clients is 1, the maximum number is 128, and the default number is 32.

In the Station Inactivity Timeout (seconds) field, enter the maximum length of wireless client inactivity before Access Points age out the wireless client, in seconds. The minimum period is 60 seconds, the maximum is 36000 seconds, and the default is 300 seconds.

If you are configuring:

•

Radio 0 Advanced settings, go to Step 17.

•

Radio 1 Advanced tab settings, go to Step 14.

Select a preamble length from the Preamble Length drop-down menu:

•

Long (default)

•

Short

Select a protection mode from the Protection Mode drop-down menu:

•

1 Mbps (default)

•

2 Mbps

•

5 Mbps

•

11 Mbps

Select a protection type from the Protection Type drop-down menu:

•

CTS-only (default)

•

RTS-CTS

Optionally, to allow clients to disassociate and reassociate more quickly, select the Enable Short Slot Time checkbox. Specifying this option increases throughput on the 802.11n/g wireless band by shortening the time an access point waits before relaying packets to the LAN. This setting is not selected by default.

Optionally, if you are using Turbo G mode and, therefore, are not allowing 802.11b clients to connect, select the Do(es) not allow 802.11b Client to Connect checkbox. Specifying this option limits wireless connections to 802.11g and 802.11n clients only. This setting is not selected by default.

From the WMM (Wi-Fi Multimedia) drop-down menu, select whether a WMM profile is to be associated with this profile:

•

Disabled (default)

•

Create new WMM profile. If you select Create new WMM profile, the Add Wlan WMM Profile dialog displays. For information about configuring a WMM profile, see Configuring Wi-Fi Multimedia Parameters .

•

A previously configured WMM profile

Optionally, select Enable Green AP to allow the SonicPoint ACe/ACi/N2 radio to go into sleep mode. This saves power when no clients are actively connected to the SonicPoint. The SonicPoint immediately goes into full power mode when any client attempts to connect to it. Green AP can be set on each radio independently, Radio 0 (5GHz) and Radio 1 (2.4GHz).

If you are configuring:

•

Radio 0 Advanced, repeat the procedure for Radio 1 Advanced.

•

Radio 1 Advanced for:

•

SonicPoint AC, go to Step 22.

•

SonicPoint NDR, go to Sensor Tab .

In the Green AP Timeout(s) field, enter the transition time, in seconds, that the access point waits while it has no active connections before it goes into sleep mode, that is, the time between power-save off to power-save on. The transition values can range from 20 seconds to 65535 seconds with a default value of 20 seconds.

Sensor Tab

In the Sensor tab, enable or disable Wireless Intrusion Detection and Prevention (WIDP) mode.


	IMPORTANT: If this option is selected, Access Point or Virtual Access Point(s) functionality is disabled automatically.

Select Enable WIDF sensor to have the SonicPoint operate as a dedicated WIDP sensor. This option is not selected by default.

From the drop-down menu, select the schedule for when the SonicPoint operates as a WIDP sensor or select Create new schedule… to specify a different time; default is Always on.

Configuring a SonicPoint N Profile

For a SonicPoint overview, see Understanding SonicPoints .

You can add any number of SonicPoint profiles. The specifics of the configuration varies slightly depending on which 802.11 protocols you select.

To configure a SonicPointN provisioning profile, perform the following tasks:

Navigate to SonicPoint > SonicPoints page.

Do one of the following:

•

To add a new SonicPoint N profile, click Add SonicPoint N Profile.

•

To edit an existing SonicPoint N profile, click the Configure icon on the same row as the profile you want to edit.

The Add/Edit SonicPointN Profile dialog appears. The two dialogs are the same except if you are editing an existing profile, the existing settings are displayed.

Configure the SonicPoint N through options on these tabs:

•

•

•

•

Settings Tab

The Settings tab has these sections:

•

SonicPoint Settings

•

Virtual Access Point Settings

•

L3 SSL VPN Tunnel Settings

•

SonicPoint Administrator Settings

SonicPoint Settings

To automatically enable each SonicPoint when it is provisioned with this profile, select Enable SonicPoint. This option is selected by default.

Optionally, check Retain Settings to have the SonicPoint Ns provisioned by this profile retain customized settings until system restart or reboot. This option is not selected by default.

If you select this option, Edit becomes active. To specify the settings to retain:

Click Edit. The Retain Settings dialog displays.

Do one of the following:

•

Click Retain All Settings; all the other options are dimmed.

•

Click the checkboxes of the individual settings to be retained.

Click OK.

Optionally, check Enable RF Monitoring to enable wireless RF Threat Real Time Monitoring and Management. This option is not selected by default.

Optionally, check Enable LED (Ni/Ne) to turn SonicPointN LEDs on/off.


	NOTE: This option applies only to the SonicPoint N model that has controllable LED hardware support.

Enter a prefix for the names of all SonicPointNs connected to this zone in the Name Prefix field. This prefix assists in identifying SonicPoints on a zone. When each SonicPointN is provisioned, it is given a name that consists of the name prefix and a unique number, for example: MySonicPoint 126008.

Select the country where you are operating the SonicPoint Ns from the Country Code drop-down menu. The country code determines which regulatory domain the radio operation falls under.

From the EAPOL Version drop-down menu, select the version of EAPoL (Extensible Authentication Protocol over LAN) to use: v1 or v2. The default is v2, which provides better security than v2.

Virtual Access Point Settings

Optionally, from the 802.11n Radio Virtual AP Group drop-down menu, select an 802.11n Virtual Access Point (VAP) group to assign these SonicPoint Ns to a VAP. This drop-down menu allows you to create a new VAP group. For more information on VAPs, see SonicPoint > Virtual Access Point .

L3 SSL VPN Tunnel Settings

In the SSL VPN Server field, enter the IP address of the SSL VPN server.

In the User Name field, enter the user name of the SSL VPN server.

In the Password field, enter the password for the SSL VPN server.

In the Domain field, enter the domain that the SSL VPN server is located in.

Click Auto-Reconnect for the SonicPoint to auto-reconnect to the SSL VPN server.


	NOTE: To configure L3 SSL VPN, click the link to SSL VPN > Client Settings. For information about Layer 3 SSL VPN, refer to SonicPoint Layer 3 Management and SSL VPN > Client Settings .

SonicPoint Administrator Settings

In the Name field, enter the user name for the network administrator.

In the Password field, enter the password for the network administrator.

802.11n Radio Tab


	NOTE: The sections and options displayed on the 802.11n Radio tab change depending on whether you selected a VAP group in the 802.11n Radio Virtual AP Group drop-down menu on the Settings tab and the mode you selected from the Mode drop-down menu.

Click the 802.11n Radio tab.

Configure the options on this tab:

•

802.11n Radio Settings

•

Wireless Security

•

Virtual Access Point Encryption Settings

•

ACL Enforcement

•

Remote MAC Address Access Control Settings

802.11n Radio Settings


	NOTE: The options change depending on the mode you select.

Check Enable Radio to automatically enable the 802.11n radio bands on all SonicPoints provisioned with this profile. This option is selected by default.

•

From the Enable Radio drop-down menu, select the schedule for when the802.11n radio is on. The default schedule is Always On. You can create a new schedule by selecting Create new schedule.

Select your preferred radio mode from the Mode drop-down menu. The wireless security appliance supports the modes shown in Table 72.

NOTE: The available 801.11n Radio Settings options change depending on the mode selected. If the wireless radio is configured for a mode that:

•

Supports 802.11n, the following options are displayed: Radio Band, Primary Channel, Secondary Channel.

•

Does not support 802.11n, only the Channel option is displayed.

•

Supports 5GHz 802.11n/a, the Enable DFS Channels option is displayed.


	TIP: For optimal throughput speed solely for 802.11n clients, SonicWALL recommends the 802.11n Only radio mode. Use the 802.11n/b/g Mixed radio mode for multiple wireless client authentication compatibility.

Table 72. Radio mode choices
2.4GHz	5Ghz	Definition
2.4GHz 802.11n Only	5GHz 802.11n Only	Allows only 802.11n clients access to your wireless network. 802.11a/b/g clients are unable to connect under this restricted radio mode.
2.4GHz 802.11n/g/b Mixed This is the default.	5GHz 802.11n/a Mixed	Supports 802.11b, 802.11g, and 802.11n clients simultaneously. If your wireless network comprises multiple types of clients, select this mode.
2.4GHz 802.11g Only		If your wireless network consists only of 802.11g clients, you might select this mode for increased 802.11g performance. You might also select this mode if you wish to prevent 802.11b clients from associating.
2.4GHz 802.11g/b Mixed		If your wireless network consists of both 802.11b and 802.11g clients, you might select this mode for increased performance.
	5GHz 802.11a Only	Select this mode if only 802.11a clients access your wireless network.
	5GHz 802.11n/a/ac Mixed	Supports 802.11a, 802.11ac, and 802.11n clients simultaneously. If your wireless network comprises multiple types of clients, select this mode.
	5GHz 802.11ac Only	Select this mode if only 802.11ac clients access your wireless network.

If you chose 5GHz 802.11n Only, 5GHz 802.11a/n Mixed, or 5GHz 802.11a Only for Mode, optionally check Enable DFS Channels. Enabling Dynamic Frequency Selection (DFS) allows wireless devices to share spectrum with existing radar systems in the 5GHz band. This setting is not selected by default.

If you did not specify a VAP group on the Settings tab, in the SSID field, enter a recognizable string for the SSID of each SonicPoint using this profile. This is the name that appears in clients’ lists of available wireless connections.


	NOTE: If all SonicPoints in your organization share the same SSID, it is easier for users to maintain their wireless connection when roaming from one SonicPoint to another.

If the mode you selected supports:

•

802.11g only or 802.11a only, go to Step 6

•

802.11n only or 802.11n mixed, go to Step 8

Only for 802.11a/g: Select the channel for the radio from the Channel drop-down menu:

•

Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. This is the default setting. Use Auto unless you have a specific reason to use or avoid specific channels.

•

Specific channel: Select a single channel within the range of your regulatory domain. Selecting a specific a channel can also help with avoiding interference with other wireless networks in the area.

Table 73. 802.11g/802.11a channels
802.11g Channels	802.11a Channels
Channel 1 (2412 MHz)	Channel 36 (5180 MHz)
Channel 2 (2417 MHz)	Channel 40 (5200 Mhz)
Channel 3(2422 MHz)	Channel 44 (5220 Mhz)
Channel 4 (2427 MHz)	Channel 48 (5240 Mhz)
Channel 5 (2432 MHz)	Channel 149 (5745 Mhz)
Channel 6 (2437 MHz)	Channel 153 (5765 Mhz)
Channel 7 (2442 MHz)	Channel 157 (5785 Mhz)
Channel 8 (2447MHz)	Channel 161 (5805 Mhz)
Channel 9 (2452 MHz)
Channel 10 (2457 MHz)
Channel 11 (2462 MHz)

If you selected 5GHz 802.11a Only or 2.4GHz 802.11g Only mode, go to Step 11.

For 802.11n only or 802.11n mixed: From the Radio Band drop-down menu, select the band for the 802.11n radio:

•

Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and integrity. This is the default setting.

•

The Primary Channel and Secondary Channel drop-down menus are set to Auto and cannot be changed.

•

Standard - 20 MHz Channel - Specifies that the 802.11n radio will use only the standard 20 MHz channel. When this option is selected, the Channel drop-down menu is displayed instead of the Primary Channel and Secondary Channel drop-down menus.

•

Channel - By default, this is set to Auto, which allows the appliance to set the optimal channel based on signal strength and integrity. Optionally, you can select a single channel within the range of your regulatory domain. Selecting a specific a channel can also help with avoiding interference with other wireless networks in the area. The available channels are the same as for 802.11g in Step 6.

•

Wide - 40 MHz Channel - Specifies that the 802.11n radio will use only the wide 40 MHz channel. When this option is selected, the Primary Channel and Secondary Channel drop-down menus are displayed:

•

Primary Channel - By default, this is set to Auto. Optionally, you can specify a specific primary channel. The available channels are the same as for 802.11a in Step 6

•

Secondary Channel - The configuration of this drop-down menu is set to Auto regardless of the primary channel setting.

Optionally, select the Enable Short Guard Interval checkbox to specify a short guard interval of 400ns as opposed to the standard guard interval of 800ns. This setting is not selected by default.


	NOTE: This option is not available if 5GHz 802.11a Only or 2.4GHz 802.11g Only mode is selected.

A guard interval is a set amount of time between transmissions that is designed to ensure distinct transmissions do not interfere with one another. The guard interval introduces immunity to propagation delays, echoes, and reflections. An AP identifies any signal content received inside this interval as unwanted inter-symbol interference, and rejects that data. The guard interval is a pause in transmission intended to avoid data loss from interference or multipath delays.

The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns (long). Enabling a short guard interval can decrease network overhead by reducing unnecessary idle time on each AP. A short guard interval of 400 nanoseconds (ns) will work in most office environments as distances between points of reflection, as well as between clients, are short. Most reflections will be received quickly. The shorter the guard interval, the more efficiency there is in the channel usage, but a shorter guard interval also increases the risk of interference

Some outdoor deployments, may, however, require a longer guard interval. The need for a long guard interval of 800 ns becomes more important as areas become larger, such as in warehouses and in outdoor environments, as reflections and echoes become more likely to continue after the short guard interval would be over.

Optionally, to enable 802.11ac or 802.11n frame aggregation, which combines multiple frames to reduce overhead and increase throughput, select the Enable Aggregation checkbox.


	NOTE: This option is not available if 5GHz 802.11a Only or 2.4GHz 802.11g Only mode is selected.

Data over wireless networks are sent as a stream of packets known as data frames. Frame aggregation takes these packets and combines them into fewer, larger packets, thereby allowing an increase in overall performance. Frame aggregation was added to the 802.11n specification to allow for an additional increase in performance. Frame aggregation is a feature that only 802.11n clients can take advantage of as legacy systems will not be able to understand the new format of the larger packets.


	TIP: The Enable Short Guard Interval and Enable aggregation options can slightly improve throughput. They both function best in optimum network conditions where users have strong signals with little interference. In networks that experience less than optimum conditions (interference, weak signals, and so on), these options may introduce transmission errors that eliminate any efficiency gains in throughput.

Select Enable MIMO to enable MIMO (multiple-input multiple output). Enabling this option increases 802.11n throughput by using multiple-input/multiple-output antennas.

This option is enabled by default for all 802.11n modes and is dimmed to ensure it is not disabled. The option is activated and selected by default if 5GHz 802.11a Only or 2.4GHz 802.11g Only mode is selected.


	IMPORTANT: To avoid compatibility issues, ensure the 802.11a or 802.11g wireless client also can support these antennas. If the client cannot support these antennas, disable the option by deselecting it. Disabling MIMO may cause weaker signal strength and lower throughput for some wireless clients. If you do disable MIMO for compatibility, a confirmation message displays. Click OK to continue.

If you:

•

Did not select a VAP, go to Wireless Security .

•

Selected a VAP from the 802.11n Radio Virtual AP Group drop-down menu in the Virtual Access Point Settings section of the Settings tab, go to Virtual Access Point Encryption Settings .

Wireless Security


	NOTE: If a VAP was selected in the 802.11n Radio Virtual AP Group drop-down menu on the Settings tab, this section is not available. Instead, the Virtual Access Point Encryption Settings section is displayed. Go to Virtual Access Point Encryption Settings .

In the Wireless Security section, select the method of authentication for your wireless network from the Authentication Type drop-down menu:


	NOTE: The options available change with the type of configuration you select.


WEP ¹	WPA ²	WPA2 2.
WEP - Both (Open System & Shared Key) – default	WPA - PSK	WPA2-PSK
WEP - Open System ³	WPA - EAP	WPA2-EAP
WEP - Shared Key		WPA2-AUTO-PSK
		WPA2-AUTO-EAP

For WEP - Both (Open System & Shared Key) and WEP - Shared Key, go to WEP Configuration .

For WPA and WPA 2 options, go to WPA or WPA2 Configuration: .

All options are dimmed; go to ACL Enforcement .

WEP Configuration

WEP (Wired Equivalent Privacy) is a standard for Wi-Fi wireless network security.

A WEP key is a security code system for Wi-Fi networks. WEP keys allow a group of devices on a local network (such as a home network) to exchange encoded messages with each other while hiding the contents of the messages from easy viewing by outsiders.

You choose the WEP keys. When WEP security is enabled on a network, matching WEP keys must be set on Wi-Fi routers and each device connecting over Wi-Fi, for them all to communicate with each other.

Select the size of the encryption key from the WEP Key Mode drop-down menu:

•

None – Default for WEP - Both (Open System & Shared Key). If selected, the rest of the options in this section remain dimmed; go to ACL Enforcement .

•

64 bit

•

128 bit

•

152 bit - default for WEP - Shared Key

From the Default Key drop-down menu, select which key is the default key, that is, the key that is tried first when trying to authenticate a user:

•

Key 1 (default)

•

Key 2

•

Key 3

•

Key 4

From the Key Entry drop-down menu, select whether the key is:

•

Alphanumeric (default)

•

Hexadecimal (0-9, A-F)

In the Key 1 - Key 4 fields, enter up to four possible WEP encryptions keys used when transferring encrypted wireless traffic. Enter the most likely to be used in the field you selected as the default key:


	NOTE: The length of each key is based on the selected key type (alphanumeric or hexadecimal) and WEP strength (WEP Key Mode): 64, 128, or 152 bits.

•

Key 1: First static WEP key associated with the key index.

•

Key 2: Second static WEP key associated with the key index.

•

Key 3: Third static WEP key associated with the key index.

•

Key 4: Fourth static WEP key associated with the key index.

Go to ACL Enforcement

WPA or WPA2 Configuration:


	NOTE: The options change depending on the authentication type selected.

From the Cipher Type drop-down menu, select the cipher to encrypt your wireless data:

•

AES (newer, more secure; default): AES (Advanced Encryption Standard) is a set of ciphers designed to prevent attacks on wireless networks. AES is available in block ciphers of either 128, 192 or 256 bits depending on the hardware you intend to use with it. In the networking field, AES is considered to be among the most secure of all commonly installed encryption packages.

•

TKIP (older, more compatible): TKIP (Temporary Key Integrity Protocol) is not actually a cipher, but a set of security algorithms meant to improve the overall safety of WEP (wired equivalent privacy networks). WEP is widely known to have a host of serious security vulnerabilities. TKIP adds a few extra layers of protection to WEP.

•

Auto: the appliance chooses the cipher type automatically.

In the Group Key Interval (seconds) field, enter the period for which a Group Key is valid, that is, the time interval before the encryption key is changed automatically for added security. The default value is 86400 seconds (24 hours). Setting too low of a value can cause connection issues.

If, from the Authentication Type drop-down menu, you selected:

•

PSK authentication types, go to Step 4.

•

EAP authentication types, go to RADIUS Server Settings .

For PSK authentication types only, in the Passphrase field, enter the passphrase your network users must enter to gain network access.


	NOTE: This option displays only if you configure WPA-PSK, WPA2-PSK, or WPA2-AUTO-PSK for your authentication type.

Go to ACL Enforcement .

RADIUS Server Settings


	NOTE: This option displays only if you selected WPA-EAP, WPA2-EAP, or WPA2-AUTO-EAP for your authentication type. Extensible Authentication Protocol (EAP) is available when using WPA or WPA2. This solution uses an external 802.1x/EAP-capable RADIUS server for key generation. An EAP-compliant RADIUS server provides 802.1X authentication. The RADIUS server must be configured to support this authentication and all communications with the SonicWALL

Click the Configure button. The SonicPoint Radius Server Settings dialog displays.

In the Radius Server Retries field, enter the number times, from 1 to 10, the firewall attempts to connect before it fails over to the other Radius server.

In the Retry Interval (seconds) field enter the time, from 0 to 60 seconds, to wait between retries. The default number is 0 or no wait between retries.

To configure the Radius Server Settings, see Remote MAC Address Access Control Settings .

Go to ACL Enforcement .

Virtual Access Point Encryption Settings


	NOTE: This section displays only if a VAP was selected from the 802.11n Radio Virtual AP Group drop-down menu in the Virtual Access Point Settings section of the Settings tab.

Click Configure. The Edit 802.11n Virtual Access Point WEP Key dialog displays.

From the Key Entry Method radio buttons, select whether the key is:

•

Alphanumeric (default)

•

Hexadecimal (0-9, A-F)

From the Default Key radio buttons, select the default key that is tried first when trying to authenticate a user:

•

Key 1 (default)

•

Key 2

•

Key 3

•

Key 4

In the Key 1 - Key 4 fields, enter up to four possible WEP encryptions keys to be used when transferring encrypted wireless traffic. Enter the most likely to be used in the field you selected as the default key.

•

Key 1: First static WEP key associated with the key index.

•

Key 2: Second static WEP key associated with the key index.

•

Key 3: Third static WEP key associated with the key index.

•

Key 4: Fourth static WEP key associated with the key index.

From the Key Type drop-down menus, select the size of each key:

•

None (default)

•

64-bit

•

128-bit

•

152-bit

Click OK.

ACL Enforcement

Check the Enable MAC Filter List checkbox to enforce Access Control by allowing or denying traffic from specific devices. By default, this option is not selected, and the Allow List and Deny List options are dimmed.

From the Allow List drop-down menu, select a MAC address group to allow traffic automatically from all devices with a MAC address in the group:

•

Create new Mac Address Object Group… – The Add Address Object Group dialog displays.

In the Name field, enter a friendly name for the address object group.

Select one or more objects from the left column.

Click the Right Arrow button to move the selection(s) to the right column.

Repeat Step b and Step c until all you have selected all the objects you want for the address object group.

Click OK. The new group becomes the default selection in the Allow List drop-down menu.

•

All MAC Addresses


	TIP: It is recommended that the Allow List be set to All MAC Addresses.

•

Default SonicPoint ACL Allow Group

•

Custom MAC Address Object Groups

From the Deny List drop-down menu, select a MAC address group from the drop-down menu to automatically deny traffic from all devices with MAC address in the group.


	IMPORTANT: The Deny List is enforced before the Allow List.

•

Create new Mac Address Object Group… – The Add Address Object Group dialog displays. For configuring the address object group, see Step a.

•

No MAC Addresses

•

Default SonicPoint ACL Deny Group


	TIP: It is recommended that the Deny List be set to Default SonicPoint ACL Deny Group.

•

Custom MAC Address Object Groups

Optionally, select Enable MIC Failure ACL Blacklist to detect WPA TKIP MIC failure floods and automatically places the problematic wireless station(s) into a blacklist to stop the attack. As wireless clients generate the TKIP countermeasures, they are also moved automatically into blacklist, so the other wireless stations within the same wireless LAN network are not affected. By default, this setting is not selected.

Enter the maximum number of MIC failures per minute in the MIC Failure Frequency Threshold field; default is 3. After the threshold is reached, the source is blacklisted.


	TIP: When a source is blacklisted, it is added to the dynamically created Default SonicPoint ACL Deny Group. You can view this on the Network > Address Objects page.

If you:

•

Did not specify a VAP on the Settings tab, go to Remote MAC Address Access Control Settings .

•

Specified a VAP on the Settings tab, go to Advanced Tab .

Remote MAC Address Access Control Settings


	IMPORTANT: If a VAP was selected in the 802.11n Radio Virtual AP Group drop-down menu on the Settings tab, this section is not available. Go to Advanced Tab . If an EAP authentication type was selected in the Authentication Type drop-down menu, this message is displayed: Remote MAC address access control can not be set when IEEE 802.11i EAP is enabled. Click OK.

Check the Enable Remote MAC Access Control checkbox to enforce radio wireless access control based on MAC-based authentication policy in a remote Radius server.

Click Configure. The SonicPoint Radius Server Global Settings dialog displays.

For the procedure in configuring the settings on the SonicPoint Radius Server Global Settings dialog, see Remote MAC Address Access Control Settings .

Click OK.

Advanced Tab

In the Advanced tab, configure the performance settings for the 802.11n radio. For most 802.11n advanced options, the default settings give optimum performance.


	NOTE: Except for two settings, the advanced settings are the same for both VAP and non-VAP profiles. The differences are noted in the procedure.

Click the Advanced tab.

If you:

•

Selected a VAP on the Settings tab, go to Step 3.

•

Did not select a VAP on the Settings tab, optionally select Hide SSID in Beacon to have the SSID send null SSID beacons in place of advertising the wireless SSID name. Sending null SSID beacons forces wireless clients to know the SSID to connect. This option is unchecked by default.

From the Schedule IDS Scan drop-down menu, select a schedule for the IDS (Intrusion Detection Service) scan. Select a time when there are fewer demands on the wireless network to schedule an IDS scan to minimize the inconvenience of dropped wireless connections. You can create your own schedule by selecting Create new schedule or disable the feature by selecting Disabled (default).


	NOTE: IDS offers a wide selection of intrusion detection features to protect the network against wireless threats. This feature detects attacks against the WLAN Infrastructure, which consists of authorized APs, the RF medium, and the wired network. An authorized or valid-AP is defined as an AP that belongs to the WLAN infrastructure. The AP is either a SonicPoint or a third party AP.

From the Data Rate: drop-down menu, select the speed at which the data is transmitted and received.


Best (default)	9 Mbps	18 Mbps	36 Mbps	54 Mbps
6 Mbps	12 Mbps	24 Mbps	48 Mbps

Best automatically selects the best rate available in your area given interference and other factors. Best is the default and is the only choice if you selected a VAP on the Settings tab.

From the Transmit Power drop-down menu, select the transmission power, which affects the range of the SonicPoint:

•

Full Power (default)

•

•

•

•

From the Antenna Diversity drop-down menu, select Best, the default. The Antenna Diversity setting determines which antenna the SonicPoint uses to send and receive data. When Best is selected, the SonicPoint automatically selects the antenna with the strongest, clearest signal.

In the Beacon Interval (milliseconds) field, enter the number of milliseconds between sending out wireless SSID beacons. This interval represents the amount of time between beacon transmissions. Before a station enters power-save mode, the station needs the beacon interval to know when to wake up to receive the beacon (and learn whether there are buffered frames at the access point).

The minimum interval is 20 milliseconds, the maximum is 1000, milliseconds, and the default is 100 milliseconds.

In the DTIM Interval field, enter the interval, in milliseconds, between the sending of Delivery Traffic Indication Messages (DTIMs) in the beacon. This interval is the maximum number of beacon cycles before unacknowledged network broadcasts are flushed. When using wireless clients that use power management features to sleep, the client must revive at least once during the DTIM period to receive broadcasts. 802.11 power-save mode clients are alerted of incoming multicast packets.

The minimum interval is 1 millisecond, the maximum is 255 milliseconds, and the default is 1 millisecond.

In the Fragmentation Threshold (bytes) field, enter the number of bytes of fragmented data you want the network to allow. The fragmentation threshold limits the maximum frame size. This reduces the time required to transmit the frame, and therefore reduces the probability that the frame will be corrupted (at the cost of more data overhead). Fragmented wireless frames increase reliability and throughput in areas with RF interference or poor wireless coverage. Lower threshold numbers produce more fragments.

The minimum is 256 bytes, the maximum is 2346 bytes, and the default is 2346 bytes.

In the RTS Threshold (bytes) field, enter the number of bytes of the Request to Send (RTS) threshold. The RTS threshold specifies the frame size the transmitter must use. Fragmented wireless frames increase reliability and throughput in areas with RF interference or poor wireless coverage. Wireless clients transmitting frames larger than this threshold must issue Request to Send (RTS) and wait for the AP to respond with Clear to Send (CTS). This option also not only can be used to avoid hidden node problems, but also helps prevent mid-air collisions for wireless clients that are not within wireless peer range and cannot detect when other wireless clients are transmitting or in range of the same access point, but may not in range of each other.

The minimum value is 256 bytes, the maximum is 2346 bytes, and the default is 2346 bytes. The default value used by many vendors is 2346 bytes. Lower threshold numbers produce more fragments.

In the Maximum Client Associations field, enter the maximum number of clients you want each SonicPoint using this profile to support on this radio at one time. The minimum number is 1 client, the maximum is 128 clients, and the default is 32 clients.

In the Station Inactivity Timeout (seconds) field, enter the maximum length of wireless client inactivity, in seconds, before access points age out the wireless client. The minimum period is 60 seconds, the maximum is 36000 seconds, and the default number is 300 seconds.

If you:

•

Did not select a VAP on the Settings tab, go to Step 14.

•

Selected a VAP on the Settings tab, from the Preamble Length drop-down menu, select the length of the preamble—the initial wireless communication sent when associating with a wireless host: Long or Short.

From the WMM (Wi-Fi Multimedia) drop-down menu, select whether a WMM profile is associated with this profile:

•

Disabled (default)

•

Create new WMM profile. The Add Wlan WMM Profile window displays. For information about configuring a WMM profile, see Configuring Wi-Fi Multimedia Parameters .

•

Configured WMM profile

Sensor Tab

In the Sensor tab, you enable or disable Wireless Intrusion Detection and Prevention (WIDP) mode.


	IMPORTANT: If this option is selected, Access Point or Virtual Access Point(s) functionality is disabled automatically.

Check the Enable WIDF checkbox to have the SonicPoint N operate as a dedicated WIDP sensor.

•

From the drop-down menu, select the schedule for when the SonicPoint N operates as a WIDP sensor or select Create new schedule… to specify a different time; default is Always on.

Click OK.