Configuring Basic SonicPoint Layer 3 Management

A basic SonicPoint Layer 3 Management scenario is shown in the graphic below. The SonicPoints are connected to a third-party router, which is connected over the LAN zone to the SonicWall security appliance.

Basic SonicPoint Layer 3 Management Configuration

Configuring SonicPoint Layer 3 Management requires configurations across several pages of the SonicOS management interface. Thus, to configure this scenario, the configuration is divided into the following steps:

1
Configuring the Access Controller Interface
2
Configuring the DHCP Server
3
Configuring a DHCP Pool of Addresses
4
Configuring the WLAN Tunnel Interface
5
Adding a Route Policy
6
Configuring a Remote Router Connected to SonicPoints
Configuring the Access Controller Interface
To configure an interface on a firewall connected to a third-party router:
1
Navigate to the Network > Interfaces page.

2
In the Interface Settings section, click the Configure icon for the X4 interface. The Edit Interface dialog appears.

3
Select LAN from the Zone drop-down menu. More options appear.

4
From the Mode / IP Assignment drop-down menu, select Static IP Mode. This is the default value.
5
In the IP Address field, enter the IP address of the interface. For example, 10.10.10.1. A default value of 0.0.0.0 is displayed.
6
in the Subnet Mask field, enter the subnet mask for the interface. For example, 255.255.255.0 (this is the default value).
7
Optionally, enter a comment in the Comment field. This comment will display in the Comment column of the Interface Settings table of Network > Interfaces.
8
Select one or more types of web management for this interface:
HTTPS – Enables remote management of the SonicWall through the HTTPS protocol.
* 
NOTE: If you select HTTPS, the Add rule to enable redirect from HTTP to HTTPS option is enabled automatically.
Ping – Enables remote management of the SonicWall through the Ping protocol.
SNMP – Enables remote management of the SonicWall through the SNMP protocol.
SSH – Enables remote management of the SonicWall through the SSH protocol.
* 
NOTE: If you do not enable web management here, you must enable it on another interface. A warning message will appear if you leave the dialog without enabling at least one web management protocol.
9
Optionally, select HTTPS for User Login to enable users with management rights to log in to the SonicWall.
* 
NOTE: The HTTP option is dimmed (unavailable).
10
If you did not select HTTPS for Management, but did select HTTPS for User Login, to enable users logging in from HTTP to be redirected to HTTPS, select Add rule to enable redirect from HTTP to HTTPS.
11
Click OK.

The X4 entry in the Interface Settings table is updated.

Configuring the DHCP Server
To configure a DHCP Option Object for CAPWAP and a DHCP pool of IP addresses for the SonicPoints behind a third-party router:
1
Navigate to the Network > DHCP Server page.

2
Click the Advanced button. The DHCP Advanced Settings dialog displays.

3
Click the Add Option button. The Add DHCP Option Object dialog appears.

4
In the Option Name field, enter a descriptive name for the DHCP option object, such as cap.
5
From the Option Number drop-down menu, select 138 (CAPWAP AC IPv4 Address List). The Option Array option becomes active, and the Option Type is set to IP Address.
6
Select the Option Array option.
* 
NOTE: The Option Type drop-down menu is dimmed but displays IP Address.
7
In the Option Value field, enter the IP address for the X4 interface you configured in Configuring the Access Controller Interface. For example, 10.10.10.1.

8
Click OK. The new Option Object is displayed in the Option Objects section of the DHCP Advanced Settings dialog.

9
Click OK.
Configuring a DHCP Pool of Addresses
To configure a DHCP pool of addresses for the SonicPoints behind the router:
1
Navigate to the Network > DHCP Server page.

2
Under the DHCPv4 Server Lease Scopes table, click the Add Dynamic button. The Dynamic Range Configuration dialog appears.

3
Select the Enable this DHCP Scope option. This is selected by default.
4
Enter the appropriate IP addresses or values in the Range Start, Range End, Lease Time (minutes) (default is 1440 minutes), Default Gateway, and Subnet Mask fields.

5
Click the Advanced tab.

6
In the DHCP Generic Option Group drop-down menu, select the DHCP Option Object you created in Configuring the DHCP Server.
7
Select the Send Generic options always option.
8
Click OK. The DHCPv4 Server Lease Scopes table is updated.

Configuring the WLAN Tunnel Interface
To configure a WLAN tunnel interface and assign it to the X4 interface:
1
Navigate to the Network > Interfaces page.

2
From the Add Interface drop-down menu, select WLAN Tunnel Interface. The Add WLAN Tunnel Interface dialog displays.

3
From the Zone menu, select WLAN. The options change.

4
Enter the Tunnel ID in the Tunnel ID field. The default is 0.
5
From the Tunnel Source Interface drop-down menu, select the interface, such as X4 in this scenario.
6
From the Mode / IP Assignment drop-down menu, select Static IP Mode. This is the default.
7
In the IP Address field, enter the IP address for the WLAN tunnel interface. For example, 172.17.31.1.
8
In the Subnet Mask box, enter the subnet mask. The default is 255.255.255.0.
9
From the SonicPoint Limit drop-down menu, select the maximum number of SonicPoints for this interface.
10
(Optional) In the Comment field, enter a descriptive comment. This comment is displayed in the Comment field.
11
If you did not specify a web management protocol in Configuring the Access Controller Interface, select one or more Management options: HTTPS, Ping, SNMP, SSH.
* 
NOTE: If you select HTTPS, the Add rule to enable redirect from HTTP to HTTPS option is enabled automatically.
* 
NOTE: If you do not enable web management here, you must enable it on another interface. A warning message will appear if you leave the dialog without enabling at least one web management protocol.
12
If you did not specify a login protocol in Configuring the Access Controller Interface, optionally select HTTPS for User Login to enable users with management rights to log in to the SonicOS.
* 
NOTE: The HTTP option is dimmed (unavailable).
13
If you did not select HTTPS for Management, but did select HTTPS for User Login, to enable users logging in from HTTP to be redirected to HTTPS, select Add rule to enable redirect from HTTP to HTTPS.
14
Click OK. The Interface Settings table is updated.

* 
NOTE: A default DHCP IP address pool, such as 172.17.31.1/24, is automatically created for wireless clients.
15
To verify, navigate to the Firewall > Access Rules page. You should see a Layer 3 Management option in the Access Rules table.

Adding a Route Policy
To configure a route policy that forwards all packets intended for a Layer 3 SonicPoint network to the default gateway:
1
Navigate to the Network > Routing page.

2
In the Route Policies table, click Add…. The Add Route Policy dialog displays.

3
From the Source drop-down menu, select Any. This is the default.
4
From the Destination drop-down menu, select the address object of the default gateway. The default is Any.
5
From the Service drop-down menu, select a service object. The default is Any.
6
From the Gateway drop-down menu, select an address object. The default is 0.0.0.0.
7
From the Interface drop-down menu, select an interface. For this scenario, select X4.
8
In the Metric field, enter 1. The minimum value is 1, the maximum is 254, and the default is 1.

A metric is a weighted cost assigned to static and dynamic routes. Lower metric costs are considered better and take precedence over higher costs. SonicOS adheres to Cisco-defined metric values for directly connected interfaces, statically encoded routes, and all dynamic IP routing protocols.

9
Click OK. The Route Policies table is updated.

Configuring a Remote Router Connected to SonicPoints
To configure a third-party router that is connected to a SonicWall security interface at one end and to SonicPoints at the other end:
1
For the interface on the remote router that is connected to the SonicWall security appliance, configure the IP address 10.10.10.2/24.
2
For the interface on the remote router that is connected to the SonicPoint, configure the IP address 30.30.30.1/24.
3
Configure a DHCP relay policy from the interface connected to the SonicPoint to the X4 interface on the SonicWall security appliance, which has the IP address 10.10.10.1.