Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 1
... and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or Wireless LAN - UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (Corporate - VLAN 1(ID 1) SSID Guest - VLAN 20 (ID 20) SSID Engineering - VLAN30 (ID 30) UTM Port ...2 to Switch 0/1 Guest Engineering Layer 2/ Layer 3 switch configuration LAN IP 192.168.1.239 Management VLAN: 1...
... and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or Wireless LAN - UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (Corporate - VLAN 1(ID 1) SSID Guest - VLAN 20 (ID 20) SSID Engineering - VLAN30 (ID 30) UTM Port ...2 to Switch 0/1 Guest Engineering Layer 2/ Layer 3 switch configuration LAN IP 192.168.1.239 Management VLAN: 1...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 2
Table of Contents Network Setup ...3 Physical setup...3 Logical setup ...3 UTM10 Configuration ...4 Create a new VLAN ...4 AP configuration (WNDAP330 5 Create a new SSID ...5 Further Notes ...6 Testing ...6 Managing devices ...6 Version 2.0
Table of Contents Network Setup ...3 Physical setup...3 Logical setup ...3 UTM10 Configuration ...4 Create a new VLAN ...4 AP configuration (WNDAP330 5 Create a new SSID ...5 Further Notes ...6 Testing ...6 Managing devices ...6 Version 2.0
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 3
... VLAN: 1 SSID Corporate - Network Setup Physical setup Layer 2/Layer 3 switch Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168....1 Membership: Port 1 DHCP enabled 192.168.20.x/24 VLAN30 IP 192.168.30.1 Membership: Port 1 DHCP enabled 192.168.30.x/24 AP configuration LAN IP 192.168.1.235 Untagged VLAN: 1 - VLAN 20 (ID 20) SSID Engineering - VLAN30 (ID 30) Layer 2/ Layer 3 switch...
... VLAN: 1 SSID Corporate - Network Setup Physical setup Layer 2/Layer 3 switch Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168....1 Membership: Port 1 DHCP enabled 192.168.20.x/24 VLAN30 IP 192.168.30.1 Membership: Port 1 DHCP enabled 192.168.30.x/24 AP configuration LAN IP 192.168.1.235 Untagged VLAN: 1 - VLAN 20 (ID 20) SSID Engineering - VLAN30 (ID 30) Layer 2/ Layer 3 switch...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 4
...with a scope of addresses within the same range as the default VLAN is the port the Access Point will have the profile name matching the respective SSID). Click on the default configuration and all the ports are members of the port on Add... After creating each will connect ...If required enable DHCP with the VLAN Profiles summary NOTE: Although not relevant in this is VLAN 1. Changing the Default VLAN for example a Netgear switch 802.1q capable. Click on for a Port will be instead be equivalent to Corporate by simply editing the VLAN profile. A port member of ...
...with a scope of addresses within the same range as the default VLAN is the port the Access Point will have the profile name matching the respective SSID). Click on the default configuration and all the ports are members of the port on Add... After creating each will connect ...If required enable DHCP with the VLAN Profiles summary NOTE: Although not relevant in this is VLAN 1. Changing the Default VLAN for example a Netgear switch 802.1q capable. Click on for a Port will be instead be equivalent to Corporate by simply editing the VLAN profile. A port member of ...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 5
...) Create a new SSID Access the AP configuration via Security, Profile settings (by default all only the SSID Netgear is active, whilst all the SSIDs are assigned to VLAN 1 In the bottom of the page click on the UTM relating to the VLAN 1 profile ... also reflecting the same profiles and SSID names NOTE: The security level on each profile will reflect the settings performed on Edit to modify the Netgear profile name and SSID to activate the respective SSID.
...) Create a new SSID Access the AP configuration via Security, Profile settings (by default all only the SSID Netgear is active, whilst all the SSIDs are assigned to VLAN 1 In the bottom of the page click on the UTM relating to the VLAN 1 profile ... also reflecting the same profiles and SSID names NOTE: The security level on each profile will reflect the settings performed on Edit to modify the Netgear profile name and SSID to activate the respective SSID.
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 6
... to the SSID. Further Notes Testing Testing can be connecting to. Inter-VLAN routing will try to the VLAN the Wireless client will be managed using the IP address configured on the VLAN the managing device will work between VLANs if the following option is enabled in VLAN 30. WNDAP330 The... ping the IP address assigned to the UTM in VLAN1, as VLAN 1 is the management VLAN for the Access Point (IP 192.168.1.235) Layer2/Layer3 switch The unit will be performed by connecting a Wireless client to a port in VLAN1 ,as this is the management VLAN for the switch (192.168.1.239) ...
... to the SSID. Further Notes Testing Testing can be connecting to. Inter-VLAN routing will try to the VLAN the Wireless client will be managed using the IP address configured on the VLAN the managing device will work between VLANs if the following option is enabled in VLAN 30. WNDAP330 The... ping the IP address assigned to the UTM in VLAN1, as VLAN 1 is the management VLAN for the Access Point (IP 192.168.1.235) Layer2/Layer3 switch The unit will be performed by connecting a Wireless client to a port in VLAN1 ,as this is the management VLAN for the switch (192.168.1.239) ...
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 1
Layer 2 / Layer 3 switches and multi-SSID multi-VLAN network with traffic separation This document describes the steps to undertake in configuring a Layer 2/Layer 3 switch (in this document a FMS7382S with firmware 7.3.1.7) and a WNDAP330 to LAN Internet Corporate LAN Version 1.0 The diagram below ... = 3, Untagged) , 1/0/6 (Tagged) DGFV338 LAN IP: 10.0.0.1/24 DHCP 10.0.0.0/24 1/0/4 to host a multi-SSID and multiVLAN network. The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or...
Layer 2 / Layer 3 switches and multi-SSID multi-VLAN network with traffic separation This document describes the steps to undertake in configuring a Layer 2/Layer 3 switch (in this document a FMS7382S with firmware 7.3.1.7) and a WNDAP330 to LAN Internet Corporate LAN Version 1.0 The diagram below ... = 3, Untagged) , 1/0/6 (Tagged) DGFV338 LAN IP: 10.0.0.1/24 DHCP 10.0.0.0/24 1/0/4 to host a multi-SSID and multiVLAN network. The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or...
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 2
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 LAYER2/LAYER3 SWITCH CONFIGURATION 4 Create a new VLAN ...4 Assign Port's membership (to a VLAN 4 Change the port PVID 4 Save the configuration 5 ACCESS POINT CONFIGURATION 6 Enable the Wireless Radio mode and configure the Radio Channel 6 Create a new SSID and assign a VLAN ID 6 Select the management VLAN and Untagged VLAN 6 FURTHER NOTES...7 Testing ...7 Managing devices ...7 Version 1.0
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 LAYER2/LAYER3 SWITCH CONFIGURATION 4 Create a new VLAN ...4 Assign Port's membership (to a VLAN 4 Change the port PVID 4 Save the configuration 5 ACCESS POINT CONFIGURATION 6 Enable the Wireless Radio mode and configure the Radio Channel 6 Create a new SSID and assign a VLAN ID 6 Select the management VLAN and Untagged VLAN 6 FURTHER NOTES...7 Testing ...7 Managing devices ...7 Version 1.0
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 4
Assign Port's membership (to a VLAN) Change the port PVID Access the VLAN Membership page via Switching, VLAN, Basic. Click on Apply. Note: The picture shows the membership settings for each port until the relevant ...our scenario. The picture shows the summary after VLAN2 and VLAN3 have been created. Click on Add. LAYER2/LAYER3 SWITCH CONFIGURATION Create a new VLAN Access the VLAN configuration via Switching, VLAN. Access the Port PVID configuration page via Switching, VLAN. Repeat the procedure for the relevant VLAN (For example VLAN 3 PVID will be created. ...
Assign Port's membership (to a VLAN) Change the port PVID Access the VLAN Membership page via Switching, VLAN, Basic. Click on Apply. Note: The picture shows the membership settings for each port until the relevant ...our scenario. The picture shows the summary after VLAN2 and VLAN3 have been created. Click on Add. LAYER2/LAYER3 SWITCH CONFIGURATION Create a new VLAN Access the VLAN configuration via Switching, VLAN. Access the Port PVID configuration page via Switching, VLAN. Repeat the procedure for the relevant VLAN (For example VLAN 3 PVID will be created. ...
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 5
Version 1.0 Click on Apply. Note: Failing to Save the configuration will incur in a loss of all the changes made should the unit reboot. Tick the box appearing within the Save Configuration option. Save the configuration Access the Save Config page via Maintenance.
Version 1.0 Click on Apply. Note: Failing to Save the configuration will incur in a loss of all the changes made should the unit reboot. Tick the box appearing within the Save Configuration option. Save the configuration Access the Save Config page via Maintenance.
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 6
... VLAN 1 will be used for the relevant wireless technology that will be used. Note: The Network authentication settings are set correctly depending on Apply Create a new SSID and assign a VLAN ID Access the Profile settings Page via Configuration, Security. Click on the network requirement. Edit...Select the VLAN ID based on the VLAN which the SSID will associate to be relevant (i.e. Click on Apply. ACCESS POINT CONFIGURATION Enable the Wireless Radio mode and configure the Radio Channel Enable the Radio (by default its turned on under 2.4GHz) for Management as our managing PC...
... VLAN 1 will be used for the relevant wireless technology that will be used. Note: The Network authentication settings are set correctly depending on Apply Create a new SSID and assign a VLAN ID Access the Profile settings Page via Configuration, Security. Click on the network requirement. Edit...Select the VLAN ID based on the VLAN which the SSID will associate to be relevant (i.e. Click on Apply. ACCESS POINT CONFIGURATION Enable the Wireless Radio mode and configure the Radio Channel Enable the Radio (by default its turned on under 2.4GHz) for Management as our managing PC...
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 7
... to VLAN2 only WNDAP330 The unit will be managed, upon being configured, from a device (wired or wireless) connected to a port in VLAN1 on the Layer2/Layer3 switch as this scenario, when connecting to VLAN2, the Wireless client should obtain the TCP/IP settings from a DHCP server or hard-code... the VLAN associate to each of the SSID alternatively (i.e. In this is the management VLAN for the Access Point Layer2/Layer3 switch The unit will be able to ping the DGFV338 LAN address; Ensure the Wireless client obtains an IP address from the DGFV338 DHCP server and be connecting to.
... to VLAN2 only WNDAP330 The unit will be managed, upon being configured, from a device (wired or wireless) connected to a port in VLAN1 on the Layer2/Layer3 switch as this scenario, when connecting to VLAN2, the Wireless client should obtain the TCP/IP settings from a DHCP server or hard-code... the VLAN associate to each of the SSID alternatively (i.e. In this is the management VLAN for the Access Point Layer2/Layer3 switch The unit will be able to ping the DGFV338 LAN address; Ensure the Wireless client obtains an IP address from the DGFV338 DHCP server and be connecting to.
WNDAP350 Product datasheet
Page 1
... for easy configuration Attachment points for optional accessory antennas Lifetime Warranty Connects to Cable/DSL modem NETGEAR UTM/ Firewall Router Connects to desktop PC with Gigabit Ethernet Card (GA311) Connects to power (optional) Connects to ProSafe Smart Switch with PoE Laptop PC connects with 802.11n‡ Dual Band Wireless-N USB 2.0 Adapter (WNDA3100) Desktop PC connects with 802.11n‡ Dual Band Wireless-N USB...
... for easy configuration Attachment points for optional accessory antennas Lifetime Warranty Connects to Cable/DSL modem NETGEAR UTM/ Firewall Router Connects to desktop PC with Gigabit Ethernet Card (GA311) Connects to power (optional) Connects to ProSafe Smart Switch with PoE Laptop PC connects with 802.11n‡ Dual Band Wireless-N USB 2.0 Adapter (WNDA3100) Desktop PC connects with 802.11n‡ Dual Band Wireless-N USB...
WNDAP350 Product datasheet
Page 2
...; 2009 NETGEAR, Inc. Information is packaged with the RangeMax™ Dual Band Wireless USB 2.0 Adapter (WNDA3100) Package Contents --ProSafe Dual Band Wireless-N Access Point (WNDAP350) --Ethernet cable --Wall-mount kit --Installation guide --Resource CD --12V, 1A power adapter, localized to -multipoint wireless bridge mode --Repeater mode --Simultaneous wireless bridge and access point mode --Wireless Distribution System (WDS) --Adjustable transmit power control (TPC) from IEEE standard 802.11...
...; 2009 NETGEAR, Inc. Information is packaged with the RangeMax™ Dual Band Wireless USB 2.0 Adapter (WNDA3100) Package Contents --ProSafe Dual Band Wireless-N Access Point (WNDAP350) --Ethernet cable --Wall-mount kit --Installation guide --Resource CD --12V, 1A power adapter, localized to -multipoint wireless bridge mode --Repeater mode --Simultaneous wireless bridge and access point mode --Wireless Distribution System (WDS) --Adjustable transmit power control (TPC) from IEEE standard 802.11...
WNDAP350 User Manual
Page 7
Contents ProSafe Dual Band Wireless-N WNDAP350 Reference Manual About This Manual Chapter 1 Introduction About the ProSafe Dual Band Wireless-N Access Point WNDAP350 1-1 Key Features and Standards 1-1 Compatible and Related NETGEAR Products 1-5 System Requirements ...1-6 What's In the Box? ...1-6 Hardware Description ...1-7 Chapter 2 Basic Installation and Configuration Wireless Equipment Placement and Range Guidelines 2-2 Understanding WNDAP350 Wireless Security Options 2-3 Installing the WNDAP350 wirelss access point 2-4 Logging In Using the Default IP Address 2-12 Setting Basic...
Contents ProSafe Dual Band Wireless-N WNDAP350 Reference Manual About This Manual Chapter 1 Introduction About the ProSafe Dual Band Wireless-N Access Point WNDAP350 1-1 Key Features and Standards 1-1 Compatible and Related NETGEAR Products 1-5 System Requirements ...1-6 What's In the Box? ...1-6 Hardware Description ...1-7 Chapter 2 Basic Installation and Configuration Wireless Equipment Placement and Range Guidelines 2-2 Understanding WNDAP350 Wireless Security Options 2-3 Installing the WNDAP350 wirelss access point 2-4 Logging In Using the Default IP Address 2-12 Setting Basic...
WNDAP350 User Manual
Page 8
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Configuring WPA-PSK and WPA2-PSK 2-42 Restricting Wireless Access by MAC Address 2-44 Chapter 3 Management Remote Management ...3-1 Remote Console ...3-3 Upgrading the Wireless Access Point Software 3-5 Configuration File Management 3-6 Changing the Administrator Password 3-10 Enabling the SysLog Server 3-11 Using Activity Log Information 3-12 Viewing General Summary Information 3-12 Viewing Network Traffic ...
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Configuring WPA-PSK and WPA2-PSK 2-42 Restricting Wireless Access by MAC Address 2-44 Chapter 3 Management Remote Management ...3-1 Remote Console ...3-3 Upgrading the Wireless Access Point Software 3-5 Configuration File Management 3-6 Changing the Administrator Password 3-10 Enabling the SysLog Server 3-11 Using Activity Log Information 3-12 Viewing General Summary Information 3-12 Viewing Network Traffic ...
WNDAP350 User Manual
Page 11
..., formats, and scope of note may result in the following paragraphs: • Typographical Conventions. Warning: Ignoring this type of this manual is used to install, configure and troubleshoot the ProSafe Dual Band Wireless-N Access Point WNDAP350. About This Manual The ProSafe™ Dual Band Wireless-N Access Point WNDAP350 Reference Manual describes how to highlight information of importance or special interest.
..., formats, and scope of note may result in the following paragraphs: • Typographical Conventions. Warning: Ignoring this type of this manual is used to install, configure and troubleshoot the ProSafe Dual Band Wireless-N Access Point WNDAP350. About This Manual The ProSafe™ Dual Band Wireless-N Access Point WNDAP350 Reference Manual describes how to highlight information of importance or special interest.
WNDAP350 User Manual
Page 14
... overhead of WPA. • Multiple BSSIDs. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Supported Standards and Conventions The following features: • Dual Band Concurrent. Key Features The WNDAP350 provides solid functionality, including the following standards and conventions are very useful for Simple Network Management Protocol (SNMP) Management Information Base (MIB) management. • 802.1Q VLAN (Virtual LAN) Support. The...
... overhead of WPA. • Multiple BSSIDs. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Supported Standards and Conventions The following features: • Dual Band Concurrent. Key Features The WNDAP350 provides solid functionality, including the following standards and conventions are very useful for Simple Network Management Protocol (SNMP) Management Information Base (MIB) management. • 802.1Q VLAN (Virtual LAN) Support. The...
WNDAP350 User Manual
Page 15
...Netgear PoE switches. • Autosensing Ethernet Connection with each other bridge-mode wireless access points send all traffic to the WNDAP350 over the Ethernet port from any 802.3af compliant mid-span or end-span source. The SSID is stored in a flash memory and can be upgraded remotely. Connects to the administrator. • Access Control. ProSafe Dual Band Wireless-N Access Point WNDAP350... • Power over the serial port and easy scripting of configuration of bridge-mode wireless access points. Network Authentication should be used to protect this communication. - ...
...Netgear PoE switches. • Autosensing Ethernet Connection with each other bridge-mode wireless access points send all traffic to the WNDAP350 over the Ethernet port from any 802.3af compliant mid-span or end-span source. The SSID is stored in a flash memory and can be upgraded remotely. Connects to the administrator. • Access Control. ProSafe Dual Band Wireless-N Access Point WNDAP350... • Power over the serial port and easy scripting of configuration of bridge-mode wireless access points. Network Authentication should be used to protect this communication. - ...
WNDAP350 User Manual
Page 16
... about crossover cables, as to the correct configuration. WMM allows wireless traffic to have a "normal" connection such as to make the right connection. 1-4 Introduction v1.1, November 2009 ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual • Wireless Multimedia (WMM) Support. Power Save uses mechanisms from 802.11e and legacy 802.11 to function correctly, Wireless clients must also support WMM. • WMM...
... about crossover cables, as to the correct configuration. WMM allows wireless traffic to have a "normal" connection such as to make the right connection. 1-4 Introduction v1.1, November 2009 ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual • Wireless Multimedia (WMM) Support. Power Save uses mechanisms from 802.11e and legacy 802.11 to function correctly, Wireless clients must also support WMM. • WMM...