Configuring Virtual Access Points

Policy Configuration : Configuring General Wireless Settings

Configuring Virtual Access Points

To configure a Virtual Access Point, complete the following tasks:

1

Navigate to the Wireless > Virtual Access Points page.

2

Click Add Virtual Access Point.

3

For the SSID, enter a friendly name for your VAP.

4

Select a Subnet Name to associate this VAP with. Settings for this VAP will be inherited from the subnet you select from this list.

5

Select Enable Virtual Access Point to enable the VAP.

6

Select Enable SSID Suppress to suppress broadcasting of the SSID name and disables responses to probe requests. Check this option if you do not wish for your SSID to be seen by unauthorized wireless clients. Clients have to know the SSID name ahead of time and manually enter it to connect to the VAP.

7

Click on the Advanced tab to configure additional options.

8

Select the VAP Schedule Name to configure when the VAP is enabled.

9

The Radio Type is set to Wireless-Internal-Radio by default. Retain this default setting if using the internal radio for VAP access (currently the only supported radio type)

10

Enter a Profile Name to set a friendly name for this VAP Profile. Choose something descriptive and easy to remember as you will later apply this profile to new VAPs.

11

Select an Authentication Type. Below is a list available authentication types with descriptive features and uses for each:

•

Open: In open-system authentication, the SonicWALL allows the wireless client access without verifying its identity.

•

Shared: Uses WEP and requires a shared key to be distributed to wireless clients before authentication is allowed.

•

Both: (Open System & Shared Key.) The Default Key assignments are not important as long as the identical keys are used in each field. If Shared Key is selected, then the key assignment is important.

•

WPA-PSK: WPA is more secure than an open network, but not as secure as WPA2. PSK allows WPA to generate keys from a pre-shared passphrase that you configure. The keys are updated periodically based on time or number of packets. Use PSK in smaller deployments where you do not have a RADIUS server.

•

WPA-EAP: EAP allows WPA to synchronize keys with an external RADIUS server. The keys are updated periodically based on time or number of packets. Use EAP in larger, enterprise-like deployments where you have an existing RADIUS framework.

•

WPA2-PSK: WPA2 is the strongest security.

•

WPA2-EAP: WPA2 with EAP.

•

WPA2-Auto-PSK: First attempts to connect using WPA2-PSK security, but default back to WPA-PSK if the client is not WPA2 capable.

•

WPA2-AUTO-EAP: First attempts to connect using WPA2-EAP security, but default back to WPA-PSK if the client is not WPA2 capable.

12

The Unicast Cipher is automatically chosen based on the authentication type.

13

The Multicast Cipher is automatically chosen based on the authentication type.

14

Enter a value for Maximum Clients to set the maximum number of concurrent client connections permissible for this virtual access point.

15

Select whether to Allow 802.11b Clients to connect.

16

Select Enable MAC Filter List to filter which MAC addresses are or are not allowed to connect to the VAP. You have two options for configuring the MAC filter list:

•

Select Use Global ACL Settings, or

•

Select an Address Object Group for the Allow List and/or the Deny List.

17

Click OK.

Virtual Access Point Profiles

A Virtual Access Point Profile allows the administrator to pre-configure and save access point settings in a profile. VAP Profiles allows settings to be easily applied to new Virtual Access Points. This feature is especially useful for quick setup in situations where multiple virtual access points share the same authentication methods.

To configure a Virtual Access Point Profile, complete the following steps:

1

Navigate to the Wireless > Virtual Access Points page.

2

Click Add Virtual Access Point Profile.

3

Select the VAP Schedule Name to configure when the VAP is enabled.

4

The Radio Type is set to Wireless-Internal-Radio by default. Retain this default setting if using the internal radio for VAP access (currently the only supported radio type)

5

Enter a Profile Name to set a friendly name for this VAP Profile. Choose something descriptive and easy to remember as you will later apply this profile to new VAPs.

6

Select an Authentication Type. The following is a list of available authentication types with descriptive features and uses for each:

•

Open: In open-system authentication, the SonicWALL allows the wireless client access without verifying its identity.

•

Shared: Uses WEP and requires a shared key to be distributed to wireless clients before authentication is allowed.

•

Both: (Open System & Shared Key.) The Default Key assignments are not important as long as the identical keys are used in each field. If Shared Key is selected, then the key assignment is important.

•

WPA-PSK: WPA is more secure than an open network, but not as secure as WPA2. PSK allows WPA to generate keys from a pre-shared passphrase that you configure. The keys are updated periodically based on time or number of packets. Use PSK in smaller deployments where you do not have a RADIUS server.

•

WPA-EAP: EAP allows WPA to synchronize keys with an external RADIUS server. The keys are updated periodically based on time or number of packets. Use EAP in larger, enterprise-like deployments where you have an existing RADIUS framework.

•

WPA2-PSK: WPA2 is the strongest security.

•

WPA2-EAP: WPA2 with EAP.

•

WPA2-Auto-PSK: First attempts to connect using WPA2-PSK security, but defaults back to WPA-PSK if the client is not WPA2 capable.

•

WPA2-AUTO-EAP: First attempts to connect using WPA2-EAP security, but defaults back to WPA-PSK if the client is not WPA2 capable.

7

The Unicast Cipher is automatically chosen based on the authentication type.

8

The Multicast Cipher is automatically chosen based on the authentication type.

9

Enter a value for Maximum Clients to set the maximum number of concurrent client connections permissible for this virtual access point.

10

Select whether to Allow 802.11b Clients to connect.

11

Select Enable MAC Filter List to filter which MAC addresses are or are not allowed to connect to the VAP. You have two options for configuring the MAC filter list:

•

Select Use Global ACL Settings, or

•

Select an Address Object Group for the Allow List and/or the Deny List.

12

Click OK.