In this section, you will create and configure a new Virtual Access Point and associate it with
the VLAN you created in “Creating a VLAN Subinterface on the WLAN” section
.
|
Step 2
|
Click the
Add...
button in the Virtual Access Points
section.
|
|
Step 3
|
Enter a default name (
SSID
) for the VAP. In this case we chose VAP-Guest
, the same name as the zone to which it will be associated.
|
|
Step 5
|
Check the
Enable Virtual Access Point
checkbox to enable this access point upon creation.
|
|
Step 6
|
Click the
Advanced Tab
to edit encryption settings. If you created a VAP Profile in the previous section, select that profile from the Profile Name
list. We created and choose a “Guest” profile, which uses open
as the authentication method.
|
|
Step 7
|
Click the
OK
button to add this VAP. Your new VAP now appears in the Virtual Access Points list.
|
Now that you have successfully set up your Guest configuration, you can choose to add more
custom VAPs, or to deploy this configuration to your SonicPoint(s) in the “Deploying VAPs to a SonicPoint” section
.
You can use a Corporate LAN VAP for a set of users who are commonly in the office, and to
whom should be given full access to all network resources, providing that the connection is authenticated and secure. These users would already belong to the network’s Directory Service, Microsoft Active Directory, which provides an EAP interface through IAS – Internet Authentication Services. This section contains the following subsection:
In this section you will create and configure a new corporate wireless zone with SonicWALL
UTM security services and enhanced WiFiSec/WPA2 wireless security.
|
Step 3
|
Click the
Add...
button to add a new zone.
|
|
Step 1
|
In the
General
tab, enter a friendly name such as “VAP-Corporate” in the Name
field.
|
|
Step 2
|
Select
Wireless
from the Security Type
drop-down menu.
|
|
Step 3
|
Select the
Allow Interface Trust
checkbox to allow communication between corporate wireless users.
|
|
Step 1
|
In the
Wireless
tab, check the Only allow traffic generated by a SonicPoint
checkbox.
|
|
Step 3
|
Select
Trust WPA/WPA2 traffic as WiFiSec
to enable WPA/WPA2 users access to this connection.
|
|
Step 5
|
Click the
OK
button to save these changes.
|
Your new zone now appears at the bottom of the
Network > Zones
page, although you may notice it is not yet linked to a Member Interface. This is your next step.
In this section you will create and configure a new VLAN subinterface on your current WLAN.
This VLAN will be linked to the zone you created in the “Configuring a Zone” section
.
|
Step 1
|
In the
Network > Interfaces
page, click the Add Interface
button.
|
|
Step 2
|
In the
Zone
drop-down menu, select the zone you created in “Configuring a Zone
”
. In this case, we have chosen VAP-Corporate
.
|
|
Step 3
|
Enter a
VLAN Tag
for this interface. This number allows the SonicPoint(s) to identify which traffic belongs to the “VAP-Corporate” VLAN. You should choose a number based on an organized scheme. In this case, we choose 50
as our tag for the VAP-Corporate VLAN.
|
|
Step 4
|
In the
Parent Interface
drop-down menu, select the interface that your SonicPoint(s) are physically connected to. In this case, we are using X2
, which is our WLAN interface.
|
|
Step 6
|
In the
SonicPoint Limit
drop-down menu, select a limit for the number of SonicPoints. This defines the total number of SonicPoints your WLAN interface will support.
|
Your VLAN subinterface now appears in the
Interface Settings
list.
Because the number of available DHCP leases vary based on your platform, the DHCP scope
should be resized as each interface/subinterface is defined to ensure that adequate DHCP space remains for all subsequently defined interfaces. To view the maximum number of DHCP leases for your SonicWALL security appliance, refer to the “DHCP Server Scope” section
.
|
Step 3
|
Edit the
Range Start
and Range End
fields to meet your deployment needs
|
|
Step 4
|
Click the
OK
button to save these changes. Your new DHCP lease scope now appears in the DHCP Server Lease Scopes list.
|
In this section, you will create and configure a new Virtual Access Point Profile. You can create
VAP Profiles for each type of VAP, and use them to easily apply advanced settings to new VAPs. This section is optional, but will facilitate greater ease of use when configuring multiple VAPs.
|
Step 2
|
Click the
Add...
button in the Virtual Access Point Profiles
section.
|
|
Step 3
|
Enter a
Profile Name
such as “Corporate-WPA2” for this VAP Profile.
|
|
Step 4
|
Select
WPA2-AUTO-EAP
from the Authentication Type
drop-down menu. This will employ an automatic user authentication based on your current RADIUS server settings (Set below).
|
|
Step 5
|
In the
Maximum Clients
field, enter the maximum number of concurrent connections VAP will support.
|
|
Step 6
|
In the
WPA-EAP Encryption Settings
section, enter your current RADIUS server information. This information will be used to support authenticated login to the VLAN.
|
|
Step 7
|
Click the
OK
button to create this VAP Profile.
|
In this section, you will create and configure a new Virtual Access Point and associate it with
the VLAN you created in “Creating a VLAN Subinterface on the WLAN” section
.
|
Step 2
|
Click the
Add...
button in the Virtual Access Points
section.
|
|
Step 3
|
Enter a default name (
SSID
) for the VAP. In this case we chose VAP-Guest
, the same name as the zone to which it will be associated.
|
|
Step 5
|
Check the
Enable Virtual Access Point
checkbox to enable this access point upon creation.
|
|
Step 6
|
Check the
Enable SSID Suppress
checkbox to hide this SSID from users
|
Your new VAP now appears in the Virtual Access Points list.
|
Step 1
|
Click the
Advanced Tab
to edit encryption settings. If you created a VAP Profile in the previous section, select that profile from the Profile Name
list. We created and choose a “Corporate-WPA2” profile, which uses WPA2-AUTO-EAP
as the authentication method. If you have not set up a VAP Profile, continue with steps 2 through 4. Otherwise, continue to Create More / Deploy Current VAPs
.
|
|
Step 2
|
In the
Advanced
tab, select WPA2-AUTO-EAP
from the Authentication Type
drop-down menu. This will employ an automatic user authentication based on your current RADIUS server settings (Set below).
|
|
Step 3
|
In the
Maximum Clients
field, enter the maximum number of concurrent connections VAP will support.
|
|
Step 4
|
In the
WPA-EAP Encryption Settings
section, enter your current RADIUS server information. This information will be used to support authenticated login to the VLAN.
|
Now that you have successfully set up a VLAN for Corporate LAN access, you can choose to
add more custom VAPs, or to deploy this configuration to your SonicPoint(s) in the “Deploying VAPs to a SonicPoint” section
.
icon corresponding to the desired interface.