Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 1
... SSID Corporate - maintaining same VLAN communication. The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or Wireless LAN - default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168.1.x/24... VLAN20 (Guest1) IP 192.168.20.1 Membership: Port 1 DHCP enabled 192.168.20.x/24 VLAN30 (Engineering) IP 192.168.30.1 Membership: Port 1 DHCP enabled...
... SSID Corporate - maintaining same VLAN communication. The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or Wireless LAN - default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168.1.x/24... VLAN20 (Guest1) IP 192.168.20.1 Membership: Port 1 DHCP enabled 192.168.20.x/24 VLAN30 (Engineering) IP 192.168.30.1 Membership: Port 1 DHCP enabled...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 3
...Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168.1.x/24 VLAN20 IP 192.168.20.1 Membership: Port 1... DHCP enabled 192.168.20.x/24 VLAN30 IP 192.168.30.1 Membership: Port 1 DHCP enabled ...
...Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168.1.x/24 VLAN20 IP 192.168.20.1 Membership: Port 1... DHCP enabled 192.168.20.x/24 VLAN30 IP 192.168.30.1 Membership: Port 1 DHCP enabled ...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 4
...be prompted with a scope of setting an 802.1q trunk port, as long as this is VLAN 1. Change VLAN1 Profile name to changing the PVID of the new VLANs as the default VLAN is the port the Access Point will have the profile name matching the ...respective SSID). to the Default VLAN concept. Click on for a Port will be the equivalent of addresses within the same range as the VLAN IP address). Port 1 will be instead be equivalent to Corporate by simply editing the VLAN profile. Changing the Default VLAN for example a Netgear...
...be prompted with a scope of setting an 802.1q trunk port, as long as this is VLAN 1. Change VLAN1 Profile name to changing the PVID of the new VLANs as the default VLAN is the port the Access Point will have the profile name matching the ...respective SSID). to the Default VLAN concept. Click on for a Port will be the equivalent of addresses within the same range as the VLAN IP address). Port 1 will be instead be equivalent to Corporate by simply editing the VLAN profile. Changing the Default VLAN for example a Netgear...
WNDAP350 User Manual
Page 7
Contents ProSafe Dual Band Wireless-N WNDAP350 Reference Manual About This Manual Chapter 1 Introduction About the ProSafe Dual Band Wireless-N Access Point WNDAP350 1-1 Key Features and Standards 1-1 Compatible and Related NETGEAR Products 1-5 System Requirements ...1-6 What's In the Box? ...1-6 Hardware Description ...1-7 Chapter 2 Basic Installation and Configuration Wireless Equipment Placement and Range Guidelines 2-2 Understanding WNDAP350 Wireless Security Options 2-3 Installing the WNDAP350 wirelss access point 2-4 Logging In Using the Default IP Address 2-12 Setting Basic IP ...
Contents ProSafe Dual Band Wireless-N WNDAP350 Reference Manual About This Manual Chapter 1 Introduction About the ProSafe Dual Band Wireless-N Access Point WNDAP350 1-1 Key Features and Standards 1-1 Compatible and Related NETGEAR Products 1-5 System Requirements ...1-6 What's In the Box? ...1-6 Hardware Description ...1-7 Chapter 2 Basic Installation and Configuration Wireless Equipment Placement and Range Guidelines 2-2 Understanding WNDAP350 Wireless Security Options 2-3 Installing the WNDAP350 wirelss access point 2-4 Logging In Using the Default IP Address 2-12 Setting Basic IP ...
WNDAP350 User Manual
Page 8
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Configuring WPA-PSK and WPA2-PSK 2-42 Restricting Wireless Access by MAC Address 2-44 Chapter 3 Management Remote Management ...3-1 Remote Console ...3-3 Upgrading the Wireless Access Point Software 3-5 Configuration File Management 3-6 Changing the Administrator Password 3-10 Enabling the SysLog Server 3-11 Using Activity Log Information 3-12 Viewing General Summary Information 3-12 Viewing ...
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Configuring WPA-PSK and WPA2-PSK 2-42 Restricting Wireless Access by MAC Address 2-44 Chapter 3 Management Remote Management ...3-1 Remote Console ...3-3 Upgrading the Wireless Access Point Software 3-5 Configuration File Management 3-6 Changing the Administrator Password 3-10 Enabling the SysLog Server 3-11 Using Activity Log Information 3-12 Viewing General Summary Information 3-12 Viewing ...
WNDAP350 User Manual
Page 21
"Logging In Using the Default IP Address 5. "Configuring WEP 13. Note: Indoors, computers can allow for others outside your area to the Internet, or access printers and files on page 2-23. "Setting Basic IP Options 6. Deploy the security features appropriate to your network from unauthorized access. "Understanding WNDAP350 Wireless Security Options 3. "Setting up your ProSafe Dual Band Wireless-N Access Point WNDAP350for wireless connectivity to your...
"Logging In Using the Default IP Address 5. "Configuring WEP 13. Note: Indoors, computers can allow for others outside your area to the Internet, or access printers and files on page 2-23. "Setting Basic IP Options 6. Deploy the security features appropriate to your network from unauthorized access. "Understanding WNDAP350 Wireless Security Options 3. "Setting up your ProSafe Dual Band Wireless-N Access Point WNDAP350for wireless connectivity to your...
WNDAP350 User Manual
Page 28
...default values are suitable for most users and situations. (See the online help or "Setting Basic IP Options" on page 2-13 for your time settings: 1. Click Apply. The Time screen displays, as shown in Figure 2-6. 2-8 Basic Installation and Configuration v1.1, November 2009 Figure 2-5 IP Settings 11. Configuring Time Settings To configure your network. ProSafe Dual Band Wireless-N Access Point WNDAP350... Reference Manual 10. Configure the IP Address settings...
...default values are suitable for most users and situations. (See the online help or "Setting Basic IP Options" on page 2-13 for your time settings: 1. Click Apply. The Time screen displays, as shown in Figure 2-6. 2-8 Basic Installation and Configuration v1.1, November 2009 Figure 2-5 IP Settings 11. Configuring Time Settings To configure your network. ProSafe Dual Band Wireless-N Access Point WNDAP350... Reference Manual 10. Configure the IP Address settings...
WNDAP350 User Manual
Page 29
... wireless access point from a list of the custom NTP server. The Default is time-b.netgear.com. 3. Check the option if you have an Internet connection to synchronize the time of the access point with an NTP Server. Basic Installation and Configuration 2-9 v1.1, November 2009 NTP Client. Note: You must have a custom NTP server. The default is USA-Pacific. - ProSafe Dual Band Wireless-N Access Point WNDAP350...
... wireless access point from a list of the custom NTP server. The Default is time-b.netgear.com. 3. Check the option if you have an Internet connection to synchronize the time of the access point with an NTP Server. Basic Installation and Configuration 2-9 v1.1, November 2009 NTP Client. Note: You must have a custom NTP server. The default is USA-Pacific. - ProSafe Dual Band Wireless-N Access Point WNDAP350...
WNDAP350 User Manual
Page 31
... default, WNDAP350 is NETGEAR_11a. The SSID of the Reference Manual. 3. Note: If you must match the SSID configured in the Advanced Configuration chapter of any wireless access adapters must change this setting. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual 1. To connect to connect, see Chapter 5, "Troubleshooting and Debugging." Disconnect the WNDAP350 and position it where it a new IP address, enter the wireless access point...
... default, WNDAP350 is NETGEAR_11a. The SSID of the Reference Manual. 3. Note: If you must match the SSID configured in the Advanced Configuration chapter of any wireless access adapters must change this setting. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual 1. To connect to connect, see Chapter 5, "Troubleshooting and Debugging." Disconnect the WNDAP350 and position it where it a new IP address, enter the wireless access point...
WNDAP350 User Manual
Page 32
..., both in to the wireless access point to the WNDAP350 should automatically find the WNDAP350 wirelss access point and display the home screen. 2-12 Basic Installation and Configuration v1.1, November 2009 Open a Web browser such as Internet Explorer or Mozilla Firefox. 2. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Logging In Using the Default IP Address After you are using the default IP Address: 1. To log in...
..., both in to the wireless access point to the WNDAP350 should automatically find the WNDAP350 wirelss access point and display the home screen. 2-12 Basic Installation and Configuration v1.1, November 2009 Open a Web browser such as Internet Explorer or Mozilla Firefox. 2. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Logging In Using the Default IP Address After you are using the default IP Address: 1. To log in...
WNDAP350 User Manual
Page 33
... DHCP, the wireless access point will work in Figure 2-9 below. To configure the basic IP settings of the WNDAP350. - To change it, enter an unused IP address from the DHCP server on your LAN; The IP Settings screen displays as shown in most cases. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Setting Basic IP Options The basic IP settings for your wireless access point are entered on...
... DHCP, the wireless access point will work in Figure 2-9 below. To configure the basic IP settings of the WNDAP350. - To change it, enter an unused IP address from the DHCP server on your LAN; The IP Settings screen displays as shown in most cases. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Setting Basic IP Options The basic IP settings for your wireless access point are entered on...
WNDAP350 User Manual
Page 34
... this box to enable the WNDAP350 to which the wireless access point is configured. 3. Check this IP address as the subnet mask. - Primary DNS Servers. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual - For more complex networks, enter the address of the router for your basic IP settings. Click Apply to configure the wireless settings available in both the 802.11b/bg/ng and...
... this box to enable the WNDAP350 to which the wireless access point is configured. 3. Check this IP address as the subnet mask. - Primary DNS Servers. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual - For more complex networks, enter the address of the router for your basic IP settings. Click Apply to configure the wireless settings available in both the 802.11b/bg/ng and...
WNDAP350 User Manual
Page 48
... Secret 802.11a/na Configuration For a new wireless network, print or copy this information. All wireless nodes in the configuration parameters. NETGEAR_11a is responsible for more security. Note: The SSID in the wireless adapter card. However, you configure in the wireless access point is the SSID you may customize it by using up or is the default WNDAP350 SSID. ProSafe Dual Band Wireless-N Access Point WNDAP350...
... Secret 802.11a/na Configuration For a new wireless network, print or copy this information. All wireless nodes in the configuration parameters. NETGEAR_11a is responsible for more security. Note: The SSID in the wireless adapter card. However, you configure in the wireless access point is the SSID you may customize it by using up or is the default WNDAP350 SSID. ProSafe Dual Band Wireless-N Access Point WNDAP350...
WNDAP350 User Manual
Page 49
...with RADIUS" on page 2-38 for the primary and secondary RADIUS servers: Server Name/IP Address: Primary Secondary Port Shared Secret Use the procedures described in to all profiles....When using the default LAN address of http://192.168.0.237, user name admin and password password, or use the LAN address and password that you set up . 2. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual ...: The RADIUS Server Settings apply to the WNDAP350 using a RADIUS Server, the RADIUS Server settings must be used with Legacy 802.1x, and can setup or modify the RADIUS...
...with RADIUS" on page 2-38 for the primary and secondary RADIUS servers: Server Name/IP Address: Primary Secondary Port Shared Secret Use the procedures described in to all profiles....When using the default LAN address of http://192.168.0.237, user name admin and password password, or use the LAN address and password that you set up . 2. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual ...: The RADIUS Server Settings apply to the WNDAP350 using a RADIUS Server, the RADIUS Server settings must be used with Legacy 802.1x, and can setup or modify the RADIUS...
WNDAP350 User Manual
Page 50
....The IP Address, Port Number, and Shared Secret are required for accounting using a RADIUS Server. The default: 1813 2-30 Basic Installation and Configuration v1.1, November 2009 You can also configure a Secondary RADIUS Server to use if the Primary RADIUS Server fails. - The port number of the RADIUS Server. - Shared Secret. Port Number. ProSafe Dual Band Wireless-N Access Point WNDAP350...
....The IP Address, Port Number, and Shared Secret are required for accounting using a RADIUS Server. The default: 1813 2-30 Basic Installation and Configuration v1.1, November 2009 You can also configure a Secondary RADIUS Server to use if the Primary RADIUS Server fails. - The port number of the RADIUS Server. - Shared Secret. Port Number. ProSafe Dual Band Wireless-N Access Point WNDAP350...
WNDAP350 User Manual
Page 53
... passphrase or keys. Click Apply to communicate with each profile. A VLAN ID will be assigned to enable VLAN 802.1Q.) Configuring WEP To configure WEP data encryption: 1. From the Network Authentication drop-down menu, choose either Open...default Profile VLAN ID must match the IDs used by other . 9. To enable your Security Profile settings. 11. If enabled, the associated wireless clients will appear in the Enable column next to your VLAN Profile will be enabled. (See "Setting Basic IP Options" on page 2-13 to your profile. ProSafe Dual Band Wireless-N Access Point WNDAP350...
... passphrase or keys. Click Apply to communicate with each profile. A VLAN ID will be assigned to enable VLAN 802.1Q.) Configuring WEP To configure WEP data encryption: 1. From the Network Authentication drop-down menu, choose either Open...default Profile VLAN ID must match the IDs used by other . 9. To enable your Security Profile settings. 11. If enabled, the associated wireless clients will appear in the Enable column next to your VLAN Profile will be enabled. (See "Setting Basic IP Options" on page 2-13 to your profile. ProSafe Dual Band Wireless-N Access Point WNDAP350...
WNDAP350 User Manual
Page 67
... 12. "Upgrading the Wireless Access Point Software 4. "Enabling Rogue AP Detection 13. "Packet Capture Remote Management Both the SNMP and Remote Console are enabled by default, which allows for remote management of the WNDAP350 from a client running SNMP management software, as well as described in the main menu of your ProSafe Dual Band WirelessN Access Point WNDAP350. This chapter contains the...
... 12. "Upgrading the Wireless Access Point Software 4. "Enabling Rogue AP Detection 13. "Packet Capture Remote Management Both the SNMP and Remote Console are enabled by default, which allows for remote management of the WNDAP350 from a client running SNMP management software, as well as described in the main menu of your ProSafe Dual Band WirelessN Access Point WNDAP350. This chapter contains the...
WNDAP350 User Manual
Page 68
...IP address of the SNMP manager to allow the SNMP network management software, such as shown in Figure 3-1 below: Figure 3-1 Configure SNMP settings 2. Enter the following information in the SNMP fields: • SNMP: Enable SNMP to receive traps sent from the left sidebar. The default... community string to allow the SNMP manager to read and write the wireless access point's MIB objects. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual To set up an SNMP management interface: 1. The default is 162/UDP. 3-2 Management v1.1, November 2009 Under the Maintenance ...
...IP address of the SNMP manager to allow the SNMP network management software, such as shown in Figure 3-1 below: Figure 3-1 Configure SNMP settings 2. Enter the following information in the SNMP fields: • SNMP: Enable SNMP to receive traps sent from the left sidebar. The default... community string to allow the SNMP manager to read and write the wireless access point's MIB objects. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual To set up an SNMP management interface: 1. The default is 162/UDP. 3-2 Management v1.1, November 2009 Under the Maintenance ...
WNDAP350 User Manual
Page 107
... of the WNDAP350 to "Obtain an IP Address automatically" (DHCP client), restart it. • If your computer and the WNDAP350 are not sure about these items: • The WNDAP350 is powered on . If you are on the same network segment or that there is a WINS server on page 2-4. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual • The access point's default values may...
... of the WNDAP350 to "Obtain an IP Address automatically" (DHCP client), restart it. • If your computer and the WNDAP350 are not sure about these items: • The WNDAP350 is powered on . If you are on the same network segment or that there is a WINS server on page 2-4. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual • The access point's default values may...
WNDAP350 User Manual
Page 130
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual rate 3-16 SSID 3-16 state 3-16 status 3-16 type 3-16 wireless network name (SSID) 3-16 coverage area 1-1, 2-11 CSMA/CA 4-5, 4-7 CSMA/CD (Carrier Sense Multiple Access with Collision Detection) 4-5, 4-7 CTS (Clear to Send) 4-5 B back off 1-4 Basic Service Set (BSS) 1-2 Basic Service Set Identifier (BSSID) 1-2 beacon generation, support for 1-4 beacon interval 4-5, 4-7 bridge...
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual rate 3-16 SSID 3-16 state 3-16 status 3-16 type 3-16 wireless network name (SSID) 3-16 coverage area 1-1, 2-11 CSMA/CA 4-5, 4-7 CSMA/CD (Carrier Sense Multiple Access with Collision Detection) 4-5, 4-7 CTS (Clear to Send) 4-5 B back off 1-4 Basic Service Set (BSS) 1-2 Basic Service Set Identifier (BSSID) 1-2 beacon generation, support for 1-4 beacon interval 4-5, 4-7 bridge...