SonicPoint Auto Provisioning

SonicPoint : SonicPoint > SonicPoints

SonicPoint Auto Provisioning

Topics:

•

Automatic Provisioning (SDP & SSPP)

•

Enabling Auto Provisioning

Automatic Provisioning (SDP & SSPP)

The Dell SonicWALL Discovery Protocol (SDP) is a layer 2 protocol employed by SonicPoints and devices running SonicOS. SDP is the foundation for the automatic provisioning of SonicPoint units via the following messages:

•

Advertisement – SonicPoint devices without a peer will periodically and on startup announce or advertise themselves via a broadcast. The advertisement will include information that will be used by the receiving SonicOS device to ascertain the state of the SonicPoint. The SonicOS device will then report the state of all peered SonicPoints, and will take configuration actions as needed.

•

Discovery – SonicOS devices will periodically send discovery request broadcasts to elicit responses from L2 connected SonicPoint units.

•

Configure Directive – A unicast message from a SonicOS device to a specific SonicPoint unit to establish encryption keys for provisioning, and to set the parameters for and to engage configuration mode.

•

Configure Acknowledgement – A unicast message from a SonicPoint to its peered SonicOS device acknowledging a Configure Directive.

•

Keepalive – A unicast message from a SonicPoint to its peered SonicOS device used to validate the state of the SonicPoint.

If through the SDP exchange the SonicOS device ascertains that the SonicPoint requires provisioning or a configuration update (such as on calculating a checksum mismatch, or when a firmware update is available), the Configure directive will engage a 3DES encrypted, reliable TCP based SonicWALL Simple Provisioning Protocol (SSPP) channel. The SonicOS device will then send the update to the SonicPoint through this channel, and the SonicPoint will restart with the updated configuration. State information will be provided by the SonicPoint, and will be viewable on the SonicOS device throughout the entire discovery and provisioning process.

Enabling Auto Provisioning

SonicPoint Auto Provisioning can be enabled to automatically provision the following wireless SonicPoint provisioning profiles:

•

SonicPoint

•

SonicPoint N

•

SonicPoint NDR

•

SonicPoint AC

Initial configuration of a wireless SonicPoint is provisioned from a SonicPoint profile that is attached to the wireless LAN managing zone. After a wireless SonicPoint is provisioned, the profile remains an offline configuration template that is not directly associated with any SonicPoint. So, modifying a profile does not automatically trigger a SonicPoint for reprovisioning.

Before SonicPoint Auto Provisioning was introduced, administrators had to manually delete all SonicPoints, and then synchronize new SonicPoints to the profile, which was time consuming. To simplify configuration and ease management overhead, SonicPoint Auto Provisioning was introduced.

Checkboxes to enable Auto Provisioning for each of the SonicPoint Provisioning Profiles are provided in the Network > Zones > Configure > Wireless configuration window; see Configuring the WLAN Zone . By default, the checkboxes for the SonicPoint Provisioning Profiles are not checked and Auto Provisioning is not enabled.

When the checkbox for a provisioning profile is checked and that profile is changed, all SonicPoint devices linked to that profile are reprovisioned and rebooted to the new operational state.

Topics:

•

Enabling SonicPoint Auto-Provisioning for a WLAN Zone

•

Remote MAC Access Control for SonicPoints

Enabling SonicPoint Auto-Provisioning for a WLAN Zone

1

To enable SonicPoint Auto Provisioning:

1

Navigate to Network > Zones.

2

Click the Edit icon for a WLAN (or any other wireless) SonicPoint profile. The Edit Zone window displays.

3

Select the Wireless tab.

4

Under SonicPoint Settings, select Auto Provisioning for each of the SonicPoint Provisioning Profiles you want to be auto provisioned.

5

Click OK.

Remote MAC Access Control for SonicPoints

IMPORTANT: You cannot enable the Remote MAC address access control option at the same time that the IEEE 802.11i EAP is enabled. If you try to enable the Remote MAC address access control option at the same time that the IEEE 802.11i EAP is enabled, you receive the following error message:

Remote MAC address access control can not be set
when IEEE 802.11i EAP is enabled.

NOTE: Remote MAC Access Control is also supported for VAPs. See Remote MAC Access Control for VAPs .

To enable Remote MAC Access Control on a SonicPoint:

1

Go to the SonicPoint > SonicPoints page.

2

Click one of the following buttons:

•

Add SonicPoint N Profile

•

Add SonicPoint NDR Profile

•

Add SonicPoint ACe/ACi/N2 Profile

The Add/Edit SonicPoint Profile dialog appears.

3

Click on the appropriate tab; for:

•

SonicPoint N, click the 802.11n Radio tab.

•

For SonicPoint NDR or SonicPoint ACe/ACi/N2, click the Radio 0 Basic or Radio 1 Basic tab.

4

Scroll to the Remote MAC Address Access Control Settings section at the bottom of the tab.

5

Select Enable Remote MAC Access Control. This option enforces radio wireless access control according to the MAC-based authentication policy in the remote Radius server.

6

Click Configure. The SonicPoint Radius Server Global Settings dialog displays.

7

In the appropriate fields, enter the RADIUS server settings that you want. See Table 6.

Table 6. WPA-EAP/WPA2-EAP encryption settings

Option

Description

Radius Server Retries

The number of times SonicOS will attempt to contact the RADIUS server. If the RADIUS server does not respond within the specified number of retries, the connection is dropped. The default number is 4.

Retry Interval (seconds)

The time, from 0 to 60 seconds, to wait between retries. The default number is 0 or no wait between retries.

Radius Server 1 IP

The name/location of your RADIUS authentication server

Radius Server 1 Port

The port on which your RADIUS authentication server communicates with clients and network devices. The default port is 1812.

Radius Server 1 Secret

The secret passcode for your RADIUS authentication server

Radius Server 2

The name/location of your backup RADIUS authentication server

Radius Server 2 Port

The port on which your backup RADIUS authentication server communicates with clients and network devices. The default port is 1812.

Radius Server 2 Secret

The secret passcode for your backup RADIUS authentication server

8

Click OK.

Option	Description
Radius Server Retries	The number of times SonicOS will attempt to contact the RADIUS server. If the RADIUS server does not respond within the specified number of retries, the connection is dropped. The default number is 4.
Retry Interval (seconds)	The time, from 0 to 60 seconds, to wait between retries. The default number is 0 or no wait between retries.
Radius Server 1 IP	The name/location of your RADIUS authentication server
Radius Server 1 Port	The port on which your RADIUS authentication server communicates with clients and network devices. The default port is 1812.
Radius Server 1 Secret	The secret passcode for your RADIUS authentication server
Radius Server 2	The name/location of your backup RADIUS authentication server
Radius Server 2 Port	The port on which your backup RADIUS authentication server communicates with clients and network devices. The default port is 1812.
Radius Server 2 Secret	The secret passcode for your backup RADIUS authentication server