SonicPoint/Add_SonicPoint

SonicPoint/Add_SonicPoint_Profile.htm

Configuring a SonicPoint Profile

For a SonicPoint overview, see SonicPoint > SonicPoints.

You can add any number of SonicPoint profiles. To configure a SonicPoint provisioning profile:

To add a new profile click Add below the list of SonicPoint provisioning profiles

To edit an existing profile, select the profile and click the edit icon in the same line as the profile you are editing.

In the General tab of the Add Profile window, specify:

Enable SonicPoint: Check this to automatically enable each SonicPoint when it is provisioned with this profile.

Name Prefix: Enter a prefix for the names of all SonicPoints connected to this zone. When each SonicPoint is provisioned it is given a name that consists of the name prefix and a unique number, for example: "SonicPoint 126008."

Country Code: Select the country where you are operating the SonicPoints. The country code determines which regulatory domain the radio operation falls under.

In the 802.11g tab, Configure the radio settings for the 802.11g (2.4GHz band) radio:

Enable 802.11g Radio: Check this to automatically enable the 802.11g radio bands on all SonicPoints provisioned with this profile.

Select a schedule to determine when the radio is enabled. The default is Always on. you can create and manage Schedule objects in the System > Schedules page of the management interface.

SSID: Enter a recognizable string for the SSID of each SonicPoint using this profile. This is the name that will appear in clients' lists of available wireless connections.

Note: If all SonicPoints in your organization share the same SSID, it is easier for users to maintain their wireless connection when roaming from one SonicPoint to another.

Radio Mode: Select the speed of the wireless connection. You can choose 11Mbps - 802.11b, 54 Mbps - 802.11g, or 108 Mbps - Turbo G mode. If you choose Turbo mode, all users in your company must use wireless access cards from the same manufacturer.

Channel: Select the channel the radio will operate on. The default is AutoChannel, which automatically selects the channel with the least interference. Use AutoChannel unless you have a specific reason to use or avoid specific channels.

ACL Enforcement: Select this to enforce Access Control by allowing or denying traffic from specific devices. Select a MAC address group from the Allow List to automatically allow traffic from all devices with MAC address in the group. Select a MAC address group from the Deny List to automatically deny traffic from all devices with MAC address in the group. The deny list is enforced before the Allow list.

Authentication Type: Select the method of authentication for your wireless network. You can select WEP - Both (Open System & Shared Key), WEP - Open System, WEP - Shared Key, WPA - PSK, or WPA - EAP.

WEP Key Mode: Select the size of the encryption key.

Default Key: Select which key in the list below is the default key, which will be tried first when trying to authenticate a user.

Key Entry: Select whether the key is alphanumeric or hexadecimal.

Key 1 - Key 4: Enter the encryptions keys for WEP encryption. Enter the most likely to be used in the field you selected as the default key.

In the 802.11g Advanced tab, configure the performance settings for the 802.11g radio. For most 802.11g advanced options, the default settings give optimum performance.

Hide SSID in Beacon: Check this option to have the SSID broadcast as part of the wireless beacon, rather than as a separate broadcast.

Schedule IDS Scan: Select a time when there are fewer demands on the wireless network to schedule an Intrusion Detection Service (IDS) scan to minimize the inconvenience of dropped wireless connections.

Data Rate: Select the speed at which the data is transmitted and received. Best automatically selects the best rate available in your area given interference and other factors. You can select: Best, 6 Mbps, 9 Mbps, 12 Mbps, 18 Mbps, 24 Mbps, 36 Mbps, 48 Mbps, or 54 Mbps.

Transmit Power: Select the transmission power. Transmission power effects the range of the SonicPoint. You can select: Full Power, Half (-3 dB), Quarter (-6 dB), Eighth (-9 dB), or Minimum.

Antenna Diversity: The Antenna Diversity setting determines which antenna the SonicPoint uses to send and receive data. You can select:

Best: This is the default setting. When Best is selected, the SonicPoint automatically selects the antenna with the strongest, clearest signal. In most cases, Best is the optimal setting.

1: Select 1 to restrict the SonicPoint to use antenna 1 only. Facing the rear of the SonicPoint, antenna 1 is on the left, closest to the power supply.

2: Select 2 to restrict the SonicPoint to use antenna 2 only. Facing the rear of the SonicPoint, antenna 2 is on the right, closest to the console port.

Beacon Interval (milliseconds): Enter the number of milliseconds between sending out a wireless beacon.

DTIM Interval: Enter the interval in milliseconds.

Fragmentation Threshold (bytes): Enter the number of bytes of fragmented data you want the network to allow.

RTS Threshold (bytes): Enter the number of bytes.

Maximum Client Associations: Enter the maximum number of clients you want the SonicPoint to support on this radio at one time.

Preamble Length: Select the length of the preamble--the initial wireless communication send when associating with a wireless host. You can select Long or Short.

Protection Mode: Select the CTS or RTS protection. Select None, Always, or Auto. None is the default.

Protection Rate: Select the speed for the CTS or RTS protection, 1 Mbps, 2 Mbps, 5 Mbps, or 11 Mbps.

Protection Type: Select the type of protection, CTS-only or RTS-CTS.

CCK OFDM Power Delta: Select the difference in radio transmit power you will allow between the 802.11b and 802.11g modes: 0 dBm, 1 dBm, or 2 dBm.

Enable Short Slot Time: Allow clients to disassociate and reassociate more quickly.

Allow Only 802.11g Clients to Connect: Use this if you are using Turbo G mode and therefore are not allowing 802.11b clients to connect.

Configure the settings in the 802.11a Radio and 802.11a Advanced tabs. These settings affect the operation of the 802.11a radio bands. The SonicPoint has two separate radios built in. Therefore, it can send and receive on both the 802.11a and 802.11g bands at the same time.

The settings in the 802.11a Radio and 802.11a Advanced tabs are similar to the settings in the 802.11g Radio and 802.11g Advanced tabs. Follow the instructions in step 3 and step 4 in this procedure to configure the 802.11a radio.

When a SonicPoint unit is first connected and powered up, it will have a factory default configuration (IP Address 192.168.1.20, username: admin, password: password). Upon initializing, it will attempt to find a SonicOS device with which to peer. If it is unable to find a peer SonicOS device, it will enter into a stand-alone mode of operation with a separate stand-alone configuration allowing it to operate as a standard Access Point.

If the SonicPoint does locate, or is located by a peer SonicOS device, via the SonicWALL Discovery Protocol, an encrypted exchange between the two units will ensue wherein the profile assigned to the relevant Wireless Zone will be used to automatically configure (provision) the newly added SonicPoint unit.

As part of the provisioning process, SonicOS will assign the discovered SonicPoint device a unique name, and it will record its MAC address and the interface and Zone on which it was discovered. It can also automatically assign the SonicPoint an IP address, if so configured, so that the SonicPoint can communicate with an authentication server for WPA-EAP support. SonicOS will then use the profile associated with the relevant Zone to configure the 2.4GHz and 5GHz radio settings.

Modifications to profiles will not affect units that have already been provisioned and are in an operational state. Configuration changes to operational SonicPoint devices can occur in two ways:

Via manual configuration changes - Appropriate when a single, or a small set of changes are to be affected, particularly when that individual SonicPoint requires settings that are different from the profile assigned to its Zone.

Via un-provisioning - Deleting a SonicPoint unit effectively un-provisions the unit, or clears its configuration and places it into a state where it will automatically engage the provisioning process anew with its peer SonicOS device. This technique is useful when the profile for a Zone is updated or changed, and the change is set for propagation. It can be used to update firmware on SonicPoints, or to simply and automatically update multiple SonicPoint units in a controlled fashion, rather than changing all peered SonicPoints at once, which can cause service disruptions.

Updating SonicPoint Settings

You can change the settings of any individual SonicPoint list on the Wireless > SonicPoints page.

Edit SonicPoint settings

To edit the settings of an individual SonicPoint:

Under SonicPoint Settings, click the Edit icon

in the same line as the SonicPoint you want to edit.

In Edit SonicPoint screen, make the changes you want. The Edit SonicPoint screen has the following tabs:

General

802.11a Radio

802.11a Advanced

802.11g Radio

802.11g Advanced

The options on these tabs are the same as the Add SonicPoint Profile screen.
See Configuring a SonicPoint Profile for instructions on configuring these settings.

Click OK to apply these settings.

Synchronize SonicPoints

Click Synchronize SonicPoints at the top of the SonicPoint > SonicPoints page to update the settings for each SonicPoint reported on the page. When you click Synchronize SonicPoints, SonicOS polls all connected SonicPoints and displays updated settings on the page.

Enable and Disable Individual SonicPoints

You can enable or disable individual SonicPoints on the SonicPoint > SonicPoints page:

Check the box under Enable to enable the SonicPoint, uncheck the box to disable it.

Click Apply at the top of the SonicPoint > SonicPoints page to apply this setting to the SonicPoint.

Updating SonicPoint Firmware

SonicOS Enhanced contains an image of the SonicPoint firmware. When you connect a SonicPoint to a security appliance running SonicOS Enhanced, the appliance checks the version of the SonicPoint's firmware, and automatically updates it, if necessary.

Automatic Provisioning (SDP & SSPP)

The SonicWALL Discovery Protocol (SDP) is a layer 2 protocol employed by SonicPoints and devices running SonicOS Enhanced 3.0 and higher. SDP is the foundation for the automatic provisioning of SonicPoint units via the following messages:

Advertisement - SonicPoint devices without a peer will periodically and on startup announce or advertise themselves via a broadcast. The advertisement will include information that will be used by the receiving SonicOS device to ascertain the state of the SonicPoint. The SonicOS device will then report the state of all peered SonicPoints, and will take configuration actions as needed.

Discovery - SonicOS devices will periodically send discovery request broadcasts to elicit responses from L2 connected SonicPoint units.

Configure Directive - A unicast message from a SonicOS device to a specific SonicPoint unit to establish encryption keys for provisioning, and to set the parameters for and to engage configuration mode.

Configure Acknowledgement - A unicast message from a SonicPoint to its peered SonicOS device acknowledging a Configure Directive.

Keepalive - A unicast message from a SonicPoint to its peered SonicOS device used to validate the state of the SonicPoint.

If via the SDP exchange the SonicOS device ascertains that the SonicPoint requires provisioning or a configuration update (e.g. on calculating a checksum mismatch, or when a firmware update is available), the Configure directive will engage a 3DES encrypted, reliable TCP based SonicWALL Simple Provisioning Protocol (SSPP) channel. The SonicOS device will then send the update to the SonicPoint via this channel, and the SonicPoint will restart with the updated configuration. State information will be provided by the SonicPoint, and will be viewable on the SonicOS device throughout the entire discovery and provisioning process.

SonicPoint States

SonicPoint devices can function in and report the following states:

Initializing - The state when a SonicPoint starts up and advertises itself via SDP prior to it entering into an operational or stand-alone mode.

Operational - Once the SonicPoint has peered with a SonicOS device and has its configuration validated, it will enter into a operational state, and will be ready for clients.

Provisioning - If the SonicPoint configuration requires an update, the SonicOS device will engage an SSPP channel to update the SonicPoint. During this brief process it will enter the provisioning state.

Safemode - Safemode can be engaged by depressing the reset button, or from the SonicOS peer device. Placing a SonicPoint into Safemode returns its configuration to defaults, disables the radios, and disables SDP. The SonicPoint must then be rebooted to enter either a stand-alone, or some other functional state.

Non-Responsive - If a SonicOS device loses communications with a previously peered SonicPoint, it will report its state as non-responsive. It will remain in this state until either communications are restored, or the SonicPoint is deleted from the SonicOS device's table.

Updating Firmware - If the SonicOS device detects that it has a firmware update available for a SonicPoint, it will use SSPP to update the SonicPoint's firmware.

Over-Limit - By default, up to 2 SonicPoint devices can be attached to the Wireless Zone interface on a SonicWALL TZ 170. If more than 2 units are detected, the over-limit devices will report an over-limit state, and will not enter an operational mode. The number can be reduced from 2 as needed.

Rebooting - After a firmware or configuration update, the SonicPoint will announce that it is about to reboot, and will then do so.

Firmware failed - If a firmware update fails, the SonicPoint will report the failure, and will then reboot.

Provision failed - In the unlikely event that a provision attempt from a SonicOS device fails, the SonicPoint will report the failure. So as not to enter into an endless loop, it can then be manually rebooted, manually reconfigured, or deleted and re-provisioned.

Stand-alone Mode (not reported) - If a SonicPoint device cannot find or be found by a SonicOS device to peer with, it will enter a stand-alone mode of operation. This will engage the SonicPoint's internal GUI (which is otherwise disabled) and will allow it to be configured as a conventional Access Point. If at any time it is placed on the same layer 2 segment as a SonicOS device that is sending Discovery packets, it will leave stand-alone mode, and will enter into a managed mode. The stand-alone configuration will be retained.