Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 1
...(ID 30) UTM Port 2 to AP LAN Internet Corporate AP configuration (WNDAP330) LAN IP 192.168.1.235 Untagged VLAN: 1 - The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or... Wireless LAN - UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (Corporate - VLAN 20 (ID 20) SSID Engineering - default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168.1.x/24 VLAN20 (Guest1) IP 192.168.20.1 ...
...(ID 30) UTM Port 2 to AP LAN Internet Corporate AP configuration (WNDAP330) LAN IP 192.168.1.235 Untagged VLAN: 1 - The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or... Wireless LAN - UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (Corporate - VLAN 20 (ID 20) SSID Engineering - default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168.1.x/24 VLAN20 (Guest1) IP 192.168.20.1 ...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 3
...ports Untagged in VLAN1 Version 2.0 VLAN 20 (ID 20) SSID Engineering - Network Setup Physical setup Layer 2/Layer 3 switch Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM 10 Configuration LAN IP 192.168.1.1 VLAN1... (default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168.1.x/24 VLAN20 IP 192.168.20.1 Membership: Port 1 DHCP enabled 192.168...
...ports Untagged in VLAN1 Version 2.0 VLAN 20 (ID 20) SSID Engineering - Network Setup Physical setup Layer 2/Layer 3 switch Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM 10 Configuration LAN IP 192.168.1.1 VLAN1... (default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168.1.x/24 VLAN20 IP 192.168.20.1 Membership: Port 1 DHCP enabled 192.168...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 4
... VLAN Repeat the same process for both VLAN 20 and VLAN 30 (for example a Netgear switch 802.1q capable. Version 2.0 Click on Add... A port member of multiple VLANs will be dedicated to changing the PVID of setting an 802.1q trunk port, as long as this scenario, attention should be the only port... the VLAN Profiles summary NOTE: Although not relevant in this is VLAN 1. VLAN1 exists on for administration purposes each of the new VLANs as the default VLAN is the port the Access Point will have the profile name matching the respective SSID).
... VLAN Repeat the same process for both VLAN 20 and VLAN 30 (for example a Netgear switch 802.1q capable. Version 2.0 Click on Add... A port member of multiple VLANs will be dedicated to changing the PVID of setting an 802.1q trunk port, as long as this scenario, attention should be the only port... the VLAN Profiles summary NOTE: Although not relevant in this is VLAN 1. VLAN1 exists on for administration purposes each of the new VLANs as the default VLAN is the port the Access Point will have the profile name matching the respective SSID).
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 5
... this will depend on the Security policy in use in the network Version 2.0 AP configuration (WNDAP330) Create a new SSID Access the AP configuration via Security, Profile settings (by default all only the SSID Netgear is active, whilst all the SSIDs are assigned to VLAN 1 In the bottom of the page click on Edit...
... this will depend on the Security policy in use in the network Version 2.0 AP configuration (WNDAP330) Create a new SSID Access the AP configuration via Security, Profile settings (by default all only the SSID Netgear is active, whilst all the SSIDs are assigned to VLAN 1 In the bottom of the page click on Edit...
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 6
... PC will be connected to a port in VLAN1 on under 2.4GHz) for the relevant wireless technology that will associate to be used. ACCESS POINT CONFIGURATION Enable the Wireless Radio mode and configure the Radio Channel Enable the Radio (by default its turned on the switch Version 1.0 Select the management VLAN and Untagged VLAN Ensure the...
... PC will be connected to a port in VLAN1 on under 2.4GHz) for the relevant wireless technology that will associate to be used. ACCESS POINT CONFIGURATION Enable the Wireless Radio mode and configure the Radio Channel Enable the Radio (by default its turned on the switch Version 1.0 Select the management VLAN and Untagged VLAN Ensure the...
WNDAP350 User Manual
Page 7
Contents ProSafe Dual Band Wireless-N WNDAP350 Reference Manual About This Manual Chapter 1 Introduction About the ProSafe Dual Band Wireless-N Access Point WNDAP350 1-1 Key Features and Standards 1-1 Compatible and Related NETGEAR Products 1-5 System Requirements ...1-6 What's In the Box? ...1-6 Hardware Description ...1-7 Chapter 2 Basic Installation and Configuration Wireless Equipment Placement and Range Guidelines 2-2 Understanding WNDAP350 Wireless Security Options 2-3 Installing the WNDAP350 wirelss access point 2-4 Logging In Using the Default IP Address 2-12 Setting Basic...
Contents ProSafe Dual Band Wireless-N WNDAP350 Reference Manual About This Manual Chapter 1 Introduction About the ProSafe Dual Band Wireless-N Access Point WNDAP350 1-1 Key Features and Standards 1-1 Compatible and Related NETGEAR Products 1-5 System Requirements ...1-6 What's In the Box? ...1-6 Hardware Description ...1-7 Chapter 2 Basic Installation and Configuration Wireless Equipment Placement and Range Guidelines 2-2 Understanding WNDAP350 Wireless Security Options 2-3 Installing the WNDAP350 wirelss access point 2-4 Logging In Using the Default IP Address 2-12 Setting Basic...
WNDAP350 User Manual
Page 8
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Configuring WPA-PSK and WPA2-PSK 2-42 Restricting Wireless Access by MAC Address 2-44 Chapter 3 Management Remote Management ...3-1 Remote Console ...3-3 Upgrading the Wireless Access Point Software 3-5 Configuration File Management 3-6 Changing the Administrator Password 3-10 Enabling the SysLog Server 3-11 Using Activity Log Information 3-12 Viewing General Summary Information 3-12 Viewing ...
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Configuring WPA-PSK and WPA2-PSK 2-42 Restricting Wireless Access by MAC Address 2-44 Chapter 3 Management Remote Management ...3-1 Remote Console ...3-3 Upgrading the Wireless Access Point Software 3-5 Configuration File Management 3-6 Changing the Administrator Password 3-10 Enabling the SysLog Server 3-11 Using Activity Log Information 3-12 Viewing General Summary Information 3-12 Viewing ...
WNDAP350 User Manual
Page 9
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Appendix A Default Settings and Technical Specifications Factory Default Settings A-1 Technical Specifications A-3 Appendix B Related Documents Appendix C Command Line Reference Command Sets ...C-1 Index Contents ix v1.1, November 2009
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Appendix A Default Settings and Technical Specifications Factory Default Settings A-1 Technical Specifications A-3 Appendix B Related Documents Appendix C Command Line Reference Command Sets ...C-1 Index Contents ix v1.1, November 2009
WNDAP350 User Manual
Page 20
... disabled. This socket connects to the factory default settings. 1-8 Introduction v1.1, November 2009 Male DB-9 serial port for serial DTE connections. 5. Indicates Wireless data traffic in 5GHz modes. The restore to default button restores the WNDAP350 to the WNDAP350 12V 1.2A power adapter. 3. Serial Console Port. Power Socket. RJ-45 Ethernet Port. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Table 1-1.
... disabled. This socket connects to the factory default settings. 1-8 Introduction v1.1, November 2009 Male DB-9 serial port for serial DTE connections. 5. Indicates Wireless data traffic in 5GHz modes. The restore to default button restores the WNDAP350 to the WNDAP350 12V 1.2A power adapter. 3. Serial Console Port. Power Socket. RJ-45 Ethernet Port. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Table 1-1.
WNDAP350 User Manual
Page 21
... can allow for others outside your area to your network from unauthorized access. This distance can connect over 802.11b/bg/ng or 802.11a/na wireless networks at ranges of several hundred feet or more. "Setting Basic IP Options 6. "Setting Up and Testing Basic Wireless Connectivity 8. "Setting up your ProSafe Dual Band Wireless-N Access Point WNDAP350for wireless connectivity to your LAN.
... can allow for others outside your area to your network from unauthorized access. This distance can connect over 802.11b/bg/ng or 802.11a/na wireless networks at ranges of several hundred feet or more. "Setting Basic IP Options 6. "Setting Up and Testing Basic Wireless Connectivity 8. "Setting up your ProSafe Dual Band Wireless-N Access Point WNDAP350for wireless connectivity to your LAN.
WNDAP350 User Manual
Page 22
... sources of the wireless access point. sight access (even if through your wireless access point: • A location for the WNDAP350 that it is either ceiling mounted or mounted on the physical placement of interference, such as a hub, switch, router, or Cable/DSL gateway. • One or more computers with properly configured 802.11b/g/n or 802.11a/n wireless adapters. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual 14...
... sources of the wireless access point. sight access (even if through your wireless access point: • A location for the WNDAP350 that it is either ceiling mounted or mounted on the physical placement of interference, such as a hub, switch, router, or Cable/DSL gateway. • One or more computers with properly configured 802.11b/g/n or 802.11a/n wireless adapters. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual 14...
WNDAP350 User Manual
Page 26
... protocol enables network traffic optimization in settings with Netgear Support. 6. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Figure 2-3 Access Point Name and Country / Region 4. This unique name is the United States). Spanning Tree Protocol. Note: If your LAN support the VLAN 802.1Q standard.) 2-6 Basic Installation and Configuration v1.1, November 2009 The default Access Point Name is not listed, please check with...
... protocol enables network traffic optimization in settings with Netgear Support. 6. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Figure 2-3 Access Point Name and Country / Region 4. This unique name is the United States). Spanning Tree Protocol. Note: If your LAN support the VLAN 802.1Q standard.) 2-6 Basic Installation and Configuration v1.1, November 2009 The default Access Point Name is not listed, please check with...
WNDAP350 User Manual
Page 27
... 2009 There can be tagged with this screen. Select Time from the Access Point. Untagged VLANs do not cause the outbound traffic to configure the settings on this VLAN ID. The default is not tagged. Management VLAN. Enter the Time Settings for more information... about how to be only one Management VLAN.The default is 1. 8. Untagged VLAN. Management VLANs are used for managing traffic (Telnet, SNMP, and HTTP) to be only one Untagged VLAN. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual - The Time screen displays, as the Untagged VLAN...
... 2009 There can be tagged with this screen. Select Time from the Access Point. Untagged VLANs do not cause the outbound traffic to configure the settings on this VLAN ID. The default is not tagged. Management VLAN. Enter the Time Settings for more information... about how to be only one Management VLAN.The default is 1. 8. Untagged VLAN. Management VLANs are used for managing traffic (Telnet, SNMP, and HTTP) to be only one Untagged VLAN. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual - The Time screen displays, as the Untagged VLAN...
WNDAP350 User Manual
Page 28
Figure 2-5 IP Settings 11. The default values are suitable for most users and situations. (See the online help or "Setting Basic IP Options" on page 2-13 for your time settings: 1. The ... then select Time. The IP Settings screen displays, as shown in Figure 2-5. Configuring Time Settings To configure your network. Select IP on this screen. 12. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual 10. Click Apply.
Figure 2-5 IP Settings 11. The default values are suitable for most users and situations. (See the online help or "Setting Basic IP Options" on page 2-13 for your time settings: 1. The ... then select Time. The IP Settings screen displays, as shown in Figure 2-5. Configuring Time Settings To configure your network. Select IP on this screen. 12. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual 10. Click Apply.
WNDAP350 User Manual
Page 29
The Default is time-b.netgear.com. 3. Hostname / IP Address. Click Apply. Basic Installation and Configuration 2-9 v1.1, November 2009 Enable NTP Client to get the current time. - Check the option if ..., select the local time zone for your wireless access point from a list of the access point with an NTP Server. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Figure 2-6 Time zone and system time related settings 2. Use Custom NTP Server. Enter the host name or the IP address of the custom NTP server. The default is Enabled. Note: You must have a custom...
The Default is time-b.netgear.com. 3. Hostname / IP Address. Click Apply. Basic Installation and Configuration 2-9 v1.1, November 2009 Enable NTP Client to get the current time. - Check the option if ..., select the local time zone for your wireless access point from a list of the access point with an NTP Server. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Figure 2-6 Time zone and system time related settings 2. Use Custom NTP Server. Enter the host name or the IP address of the custom NTP server. The default is Enabled. Note: You must have a custom...
WNDAP350 User Manual
Page 31
... you must match the SSID configured in the ProSafe Dual Band Wireless-N Access Point WNDAP350. The default name is elevated, such as Mozilla Firefox or Internet Explorer to the wireless access point and plug the power adapter in the Advanced Configuration chapter of your network assigns it will be deployed. the default SSID for the 802.11a/na mode is NETGEAR_11g; Disconnect the...
... you must match the SSID configured in the ProSafe Dual Band Wireless-N Access Point WNDAP350. The default name is elevated, such as Mozilla Firefox or Internet Explorer to the wireless access point and plug the power adapter in the Advanced Configuration chapter of your network assigns it will be deployed. the default SSID for the 802.11a/na mode is NETGEAR_11g; Disconnect the...
WNDAP350 User Manual
Page 32
....255.0. Your Web browser should be configured with an IP address that starts with the IP address of http://192.168.0.237 into your browser. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Logging In Using the Default IP Address After you are using the default IP Address: 1. To log in lower case letters. Connect to the...
....255.0. Your Web browser should be configured with an IP address that starts with the IP address of http://192.168.0.237 into your browser. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Logging In Using the Default IP Address After you are using the default IP Address: 1. To log in lower case letters. Connect to the...
WNDAP350 User Manual
Page 33
... IP Settings. By default, the Dynamic Host Configuration Protocol (DHCP) client is 192.168.0.237. To change it, enter an unused IP address from the DHCP server on this screen. Basic Installation and Configuration v1.1, November 2009 2-13 DHCP Client. Enter the IP Address of the WNDAP350. - IP Address. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Setting...
... IP Settings. By default, the Dynamic Host Configuration Protocol (DHCP) client is 192.168.0.237. To change it, enter an unused IP address from the DHCP server on this screen. Basic Installation and Configuration v1.1, November 2009 2-13 DHCP Client. Enter the IP Address of the WNDAP350. - IP Address. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Setting...
WNDAP350 User Manual
Page 34
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual - Wireless Settings The following sections describe how to validate that you can use this IP address as the primary Domain Name Server used by stations on the IP address that the upstream link is connected. - Primary DNS Servers. Click Apply to which the wireless access point is active before allowing wirelessassociations.If you...
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual - Wireless Settings The following sections describe how to validate that you can use this IP address as the primary Domain Name Server used by stations on the IP address that the upstream link is connected. - Primary DNS Servers. Click Apply to which the wireless access point is active before allowing wirelessassociations.If you...
WNDAP350 User Manual
Page 35
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual 1. The options are: - 11b - Basic Installation and Configuration v1.1, November 2009 2-15 Both 802.11b and 802.11g wireless stations can operate in Figure 2-10 below. From main menu under Configuration, select Wireless. All 802.11b wireless stations can be used. (The 802.11g wireless stations can still be used if they can be supported. The Wireless Settings...
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual 1. The options are: - 11b - Basic Installation and Configuration v1.1, November 2009 2-15 Both 802.11b and 802.11g wireless stations can operate in Figure 2-10 below. From main menu under Configuration, select Wireless. All 802.11b wireless stations can be used. (The 802.11g wireless stations can still be used if they can be supported. The Wireless Settings...