
Creating the SonicPoint VAP

In this section, you will create and configure a new Virtual Access Point and associate it with the VLAN you created in Creating a VLAN Subinterface on the WLAN.

Step 1        In the left-hand menu, navigate to the SonicPoint > Virtual Access Point page.

Step 2        Click the Add... button in the Virtual Access Points section.

Step 3        Enter a default name (SSID) for the VAP. In this case we chose VAP-Guest, the same name as the zone to which it will be associated.

Step 4        Select the VLAN ID you created in VLAN Subinterfaces from the drop-down list. In this case we chose 200, the VLAN ID of our VAP-Guest VLAN.

Step 5        Check the Enable Virtual Access Point checkbox to enable this access point upon creation.

Step 6        Click the Advanced Tab to edit encryption settings. If you created a VAP Profile in the previous section, select that profile from the Profile Name list. We created and choose a “Guest” profile, which uses open as the authentication method.

Step 7        Click the OK button to add this VAP. Your new VAP now appears in the Virtual Access Points list.

Now that you have successfully set up your Guest configuration, you can choose to add more custom VAPs, or to deploy this configuration to your SonicPoint(s) in the Deploying VAPs to a SonicPoint.

Tip             Remember that more VAPs can always be added at a later time. New VAPs can then be deployed simultaneously to all of your SonicPoints by following the steps in the Deploying VAPs to a SonicPoint.

Configuring a VAP for Corporate LAN Access

You can use a Corporate LAN VAP for a set of users who are commonly in the office, and to whom should be given full access to all network resources, providing that the connection is authenticated and secure. These users would already belong to the network’s Directory Service, Microsoft Active Directory, which provides an EAP interface through IAS – Internet Authentication Services. This section contains the following subsection:

             Configuring a Zone

             Creating a VLAN Subinterface on the WLAN

             Configuring DHCP IP Ranges

             Creating the SonicPoint VAP

Configuring a Zone

In this section you will create and configure a new corporate wireless zone with SonicWALL UTM security services and enhanced WiFiSec/WPA2 wireless security.

Step 1        Log into the management interface of your SonicWALL UTM appliance.

Step 2        In the left-hand menu, navigate to the Network > Zones page.

Step 3        Click the Add... button to add a new zone.

General Settings Tab

Step 1        In the General tab, enter a friendly name such as “VAP-Corporate” in the Name field.

Step 2        Select Wireless from the Security Type drop-down menu.

Step 3        Select the Allow Interface Trust checkbox to allow communication between corporate wireless users.

Step 4        Select checkboxes for all of the security services you would normally apply to wired corporate LAN users.

Wireless Settings Tab

Step 1        In the Wireless tab, check the Only allow traffic generated by a SonicPoint checkbox.

Step 2        Select the checkbox for WiFiSec Enforcement to enable WiFiSec security on this connection.

Step 3        Select Trust WPA/WPA2 traffic as WiFiSec to enable WPA/WPA2 users access to this connection.

Step 4        Select a provisioning profile from the SonicPoint Provisioning Profile drop-down menu (if applicable).

Step 5        Click the OK button to save these changes.

Your new zone now appears at the bottom of the Network > Zones page, although you may notice it is not yet linked to a Member Interface. This is your next step.

Creating a VLAN Subinterface on the WLAN

In this section you will create and configure a new VLAN subinterface on your current WLAN. This VLAN will be linked to the zone you created in the Configuring a Zone.

Step 1        In the Network > Interfaces page, click the Add Interface button.

Step 2        In the Zone drop-down menu, select the zone you created in “Configuring a Zone. In this case, we have chosen VAP-Corporate.

Step 3        Enter a VLAN Tag for this interface. This number allows the SonicPoint(s) to identify which traffic belongs to the “VAP-Corporate” VLAN. You should choose a number based on an organized scheme. In this case, we choose 50 as our tag for the VAP-Corporate VLAN.

Step 4        In the Parent Interface drop-down menu, select the interface that your SonicPoint(s) are physically connected to. In this case, we are using X2, which is our WLAN interface.

Step 5        Enter the desired IP Address for this subinterface.

Step 6        In the SonicPoint Limit drop-down menu, select a limit for the number of SonicPoints. This defines the total number of SonicPoints your WLAN interface will support.

Step 7        Optionally, you may add a comment about this subinterface in the Comment field.Click the OK button to add this subinterface.

Your VLAN subinterface now appears in the Interface Settings list.

Configuring DHCP IP Ranges

Because the number of available DHCP leases vary based on your platform, the DHCP scope should be resized as each interface/subinterface is defined to ensure that adequate DHCP space remains for all subsequently defined interfaces. To view the maximum number of DHCP leases for your SonicWALL security appliance, refer to the DHCP Server Scope.

Step 1        In the left-hand menu, navigate to the Network > DHCP Server page.

Step 2        Locate the interface you just created, in our case this is the X2:V50 (virtual interface 50 on the physical X2 interface) interface. Click the Configure icon_configure00005.jpg icon corresponding to the desired interface.

Note         If the interface you created does not appear on the Network > DHCP Server page, it is possible that you have already exceeded the number of allowed DHCP leases for your SonicWALL. For more information on DHCP lease exhaustion, refer to the DHCP Server Scope.

Step 3        Edit the Range Start and Range End fields to meet your deployment needs

Step 4        Click the OK button to save these changes. Your new DHCP lease scope now appears in the DHCP Server Lease Scopes list.

Creating a SonicPoint VAP Profile

In this section, you will create and configure a new Virtual Access Point Profile. You can create VAP Profiles for each type of VAP, and use them to easily apply advanced settings to new VAPs. This section is optional, but will facilitate greater ease of use when configuring multiple VAPs.

Step 1        In the left-hand menu, navigate to the SonicPoint > Virtual Access Point page.

Step 2        Click the Add... button in the Virtual Access Point Profiles section.

Step 3        Enter a Profile Name such as “Corporate-WPA2” for this VAP Profile.

Step 4        Select WPA2-AUTO-EAP from the Authentication Type drop-down menu. This will employ an automatic user authentication based on your current RADIUS server settings (Set below).

Step 5        In the Maximum Clients field, enter the maximum number of concurrent connections VAP will support.

Step 6        In the WPA-EAP Encryption Settings section, enter your current RADIUS server information. This information will be used to support authenticated login to the VLAN.

Step 7        Click the OK button to create this VAP Profile.

Creating the SonicPoint VAP

In this section, you will create and configure a new Virtual Access Point and associate it with the VLAN you created in Creating a VLAN Subinterface on the WLAN.

General Tab

Step 1        In the left-hand menu, navigate to the SonicPoint > Virtual Access Point page.

Step 2        Click the Add... button in the Virtual Access Points section.

Step 3        Enter a default name (SSID) for the VAP. In this case we chose VAP-Guest, the same name as the zone to which it will be associated.

Step 4        Select the VLAN ID you created in Creating a VLAN Subinterface on the WLAN from the drop-down list. In this case we chose 50, the VLAN ID of our VAP-Corporate VLAN.

Step 5        Check the Enable Virtual Access Point checkbox to enable this access point upon creation.

Step 6        Check the Enable SSID Suppress checkbox to hide this SSID from users

Step 7        Click the OK button to add this VAP.

Your new VAP now appears in the Virtual Access Points list.

Advanced Tab (Authentication Settings)

Step 1        Click the Advanced Tab to edit encryption settings. If you created a VAP Profile in the previous section, select that profile from the Profile Name list. We created and choose a “Corporate-WPA2” profile, which uses WPA2-AUTO-EAP as the authentication method. If you have not set up a VAP Profile, continue with steps 2 through 4. Otherwise, continue to Create More / Deploy Current VAPs.

Step 2        In the Advanced tab, select WPA2-AUTO-EAP from the Authentication Type drop-down menu. This will employ an automatic user authentication based on your current RADIUS server settings (Set below).

Step 3        In the Maximum Clients field, enter the maximum number of concurrent connections VAP will support.

Step 4        In the WPA-EAP Encryption Settings section, enter your current RADIUS server information. This information will be used to support authenticated login to the VLAN.

Create More / Deploy Current VAPs

Now that you have successfully set up a VLAN for Corporate LAN access, you can choose to add more custom VAPs, or to deploy this configuration to your SonicPoint(s) in the Deploying VAPs to a SonicPoint.

Tip             Remember that more VAPs can always be added at a later time. New VAPs can then be deployed simultaneously to all of your SonicPoints by following the steps in the Deploying VAPs to a SonicPoint.