Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 1
...30.x/24 UTM Port 1 to host a multi-SSID and multi-VLAN network. The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or Wireless LAN - The diagram below shows a typical scenario. UTM 10... Configuration LAN IP 192.168.1.1 VLAN1 (Corporate - UTM (Unified Threat Management) in a multi-SSID multi-VLAN network with traffic separation ...
...30.x/24 UTM Port 1 to host a multi-SSID and multi-VLAN network. The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or Wireless LAN - The diagram below shows a typical scenario. UTM 10... Configuration LAN IP 192.168.1.1 VLAN1 (Corporate - UTM (Unified Threat Management) in a multi-SSID multi-VLAN network with traffic separation ...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 2
Table of Contents Network Setup ...3 Physical setup...3 Logical setup ...3 UTM10 Configuration ...4 Create a new VLAN ...4 AP configuration (WNDAP330 5 Create a new SSID ...5 Further Notes ...6 Testing ...6 Managing devices ...6 Version 2.0
Table of Contents Network Setup ...3 Physical setup...3 Logical setup ...3 UTM10 Configuration ...4 Create a new VLAN ...4 AP configuration (WNDAP330 5 Create a new SSID ...5 Further Notes ...6 Testing ...6 Managing devices ...6 Version 2.0
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 3
... Guest - VLAN30 (ID 30) Layer 2/ Layer 3 switch configuration LAN IP 192.168.1.239 Management VLAN: 1 Membership: all ports Untagged in VLAN1 Version 2.0 Network Setup Physical setup Layer 2/Layer 3 switch Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM... 192.168.20.x/24 VLAN30 IP 192.168.30.1 Membership: Port 1 DHCP enabled 192.168.30.x/24 AP configuration LAN IP 192.168.1.235 Untagged VLAN: 1 - VLAN 20 (ID 20) SSID Engineering - Management...
... Guest - VLAN30 (ID 30) Layer 2/ Layer 3 switch configuration LAN IP 192.168.1.239 Management VLAN: 1 Membership: all ports Untagged in VLAN1 Version 2.0 Network Setup Physical setup Layer 2/Layer 3 switch Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM... 192.168.20.x/24 VLAN30 IP 192.168.30.1 Membership: Port 1 DHCP enabled 192.168.30.x/24 AP configuration LAN IP 192.168.1.235 Untagged VLAN: 1 - VLAN 20 (ID 20) SSID Engineering - Management...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 4
...the default configuration and all the ports are members of addresses within the same range as the default VLAN is the port the Access Point will connect to the Default VLAN concept. Changing the Default VLAN for a Port will be prompted with a scope of it. VLAN1 exists on Apply. Click ..., attention should be the equivalent of setting an 802.1q trunk port, as long as the VLAN IP address). Version 2.0 Change VLAN1 Profile name to create a new VLAN Repeat the same process for both VLAN 20 and VLAN 30 (for example a Netgear switch 802.1q capable. Port 1 will be equivalent to...
...the default configuration and all the ports are members of addresses within the same range as the default VLAN is the port the Access Point will connect to the Default VLAN concept. Changing the Default VLAN for a Port will be prompted with a scope of it. VLAN1 exists on Apply. Click ..., attention should be the equivalent of setting an 802.1q trunk port, as long as the VLAN IP address). Version 2.0 Change VLAN1 Profile name to create a new VLAN Repeat the same process for both VLAN 20 and VLAN 30 (for example a Netgear switch 802.1q capable. Port 1 will be equivalent to...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 5
...both Profile numbers 2 and 3 to VLAN 30 also reflecting the same profiles and SSID names NOTE: The security level on each profile will depend on Edit to modify the Netgear profile name and SSID to Corporate - AP configuration (WNDAP330) Create a new SSID Access the AP configuration via Security, Profile... settings (by default all only the SSID Netgear is active, whilst all the SSIDs are assigned to VLAN 1 In the bottom of the page click on the Security policy in ...
...both Profile numbers 2 and 3 to VLAN 30 also reflecting the same profiles and SSID names NOTE: The security level on each profile will depend on Edit to modify the Netgear profile name and SSID to Corporate - AP configuration (WNDAP330) Create a new SSID Access the AP configuration via Security, Profile... settings (by default all only the SSID Netgear is active, whilst all the SSIDs are assigned to VLAN 1 In the bottom of the page click on the Security policy in ...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 6
...the IP address assigned to the UTM in VLAN1, as VLAN 1 is enabled in VLAN 30. WNDAP330 The unit will be managed, upon being configured, from a device (wired or wireless) connected to a port in VLAN1 ,as this is the management VLAN for the Access Point (IP 192.168.1.235) Layer2/Layer3 switch The unit... will be managed using 192.168.1.1 in VLAN1, 192.168.20.1 in VLAN 20 and 192.168.30.1 in both the ...
...the IP address assigned to the UTM in VLAN1, as VLAN 1 is enabled in VLAN 30. WNDAP330 The unit will be managed, upon being configured, from a device (wired or wireless) connected to a port in VLAN1 ,as this is the management VLAN for the Access Point (IP 192.168.1.235) Layer2/Layer3 switch The unit... will be managed using 192.168.1.1 in VLAN1, 192.168.20.1 in VLAN 20 and 192.168.30.1 in both the ...
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 1
... solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or Wireless LAN. VLAN3 VLAN2 DGFV338 LAN to 1/0/2 WNDAP330 Management VLAN = 1 Management IP = 192.168.0.235 SSID "VLAN2" (VLAN ID = 2), Open system None SSID "VLAN3" (VLAN ID = 3), Open system None LAN...
... solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or Wireless LAN. VLAN3 VLAN2 DGFV338 LAN to 1/0/2 WNDAP330 Management VLAN = 1 Management IP = 192.168.0.235 SSID "VLAN2" (VLAN ID = 2), Open system None SSID "VLAN3" (VLAN ID = 3), Open system None LAN...
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 2
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 LAYER2/LAYER3 SWITCH CONFIGURATION 4 Create a new VLAN ...4 Assign Port's membership (to a VLAN 4 Change the port PVID 4 Save the configuration 5 ACCESS POINT CONFIGURATION 6 Enable the Wireless Radio mode and configure the Radio Channel 6 Create a new SSID and assign a VLAN ID 6 Select the management VLAN and Untagged VLAN 6 FURTHER NOTES...7 Testing ...7 Managing devices ...7 Version 1.0
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 LAYER2/LAYER3 SWITCH CONFIGURATION 4 Create a new VLAN ...4 Assign Port's membership (to a VLAN 4 Change the port PVID 4 Save the configuration 5 ACCESS POINT CONFIGURATION 6 Enable the Wireless Radio mode and configure the Radio Channel 6 Create a new SSID and assign a VLAN ID 6 Select the management VLAN and Untagged VLAN 6 FURTHER NOTES...7 Testing ...7 Managing devices ...7 Version 1.0
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 3
... to port 1/0/6 on Layer2/Layer3 switch Logical setup DGFV338 LAN IP: 10.0.0.1/24 DHCP: 10.0.0.0/24 WNDAP330 Management VLAN = 1 Untagged VLAN = 1 LAN management IP = 102.168.0.235 SSID VLAN2 (VLAN ID=2), Network authentication (Optional) SSID VLAN3 (VLAN ID=3), Network authentication (Optional) Layer2/Layer3 switch Model: FSM7328S (or any Layer2, Layer3 switch) Firmware: 7.3.1.7 (or above...
... to port 1/0/6 on Layer2/Layer3 switch Logical setup DGFV338 LAN IP: 10.0.0.1/24 DHCP: 10.0.0.0/24 WNDAP330 Management VLAN = 1 Untagged VLAN = 1 LAN management IP = 102.168.0.235 SSID VLAN2 (VLAN ID=2), Network authentication (Optional) SSID VLAN3 (VLAN ID=3), Network authentication (Optional) Layer2/Layer3 switch Model: FSM7328S (or any Layer2, Layer3 switch) Firmware: 7.3.1.7 (or above...
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 4
...: The picture shows the membership settings for VLAN 3 and VLAN1. Repeat the procedure for VLAN2 as the VLAN type and click on Add. Click on Apply. Version 1.0 LAYER2/LAYER3 SWITCH CONFIGURATION Create a new VLAN Access the VLAN configuration via Switching, VLAN. Repeat the process for the relevant VLAN (For example VLAN 3 PVID will be 3). Set the PVID to...
...: The picture shows the membership settings for VLAN 3 and VLAN1. Repeat the procedure for VLAN2 as the VLAN type and click on Add. Click on Apply. Version 1.0 LAYER2/LAYER3 SWITCH CONFIGURATION Create a new VLAN Access the VLAN configuration via Switching, VLAN. Repeat the process for the relevant VLAN (For example VLAN 3 PVID will be 3). Set the PVID to...
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 6
... , VLAN3). Click on Apply Create a new SSID and assign a VLAN ID Access the Profile settings Page via Configuration, Security. Note: In our scenario VLAN 1 will be connected to . Select the management VLAN and Untagged VLAN Ensure the Untagged and Management VLAN are optional. ACCESS POINT CONFIGURATION Enable the Wireless Radio mode and configure the Radio Channel Enable the Radio...
... , VLAN3). Click on Apply Create a new SSID and assign a VLAN ID Access the Profile settings Page via Configuration, Security. Note: In our scenario VLAN 1 will be connected to . Select the management VLAN and Untagged VLAN Ensure the Untagged and Management VLAN are optional. ACCESS POINT CONFIGURATION Enable the Wireless Radio mode and configure the Radio Channel Enable the Radio...
Layer 2/Layer and WNDAP330 to host a multi-SSID and multi-VLAN network.
Page 7
... try to ping a device in VLAN1, as VLAN 1 is the management VLAN for the Access Point Layer2/Layer3 switch The unit will be able to a port in VLAN1 on the Layer2/Layer3 switch as this scenario, when connecting to VLAN2, the Wireless client should also be able to access the Internet Managing devices DGFV338 The unit...
... try to ping a device in VLAN1, as VLAN 1 is the management VLAN for the Access Point Layer2/Layer3 switch The unit will be able to a port in VLAN1 on the Layer2/Layer3 switch as this scenario, when connecting to VLAN2, the Wireless client should also be able to access the Internet Managing devices DGFV338 The unit...
WNDAP350 Product datasheet
Page 2
... country and/or region selection to country of NETGEAR, Inc. Other brand names mentioned herein are trademarks of sale. ProSafe® Dual Band Wireless-N Access Point WNDAP350 Technical Specifications • Standards --IEEE 802.11n, 2.4 GHz and 5.0 GHz --IEEE 802.11a 5.0 GHz --IEEE 802.11g, IEEE 802.11b, 2.4 GHz --IEEE 802.3ab Gigabit Ethernet --WMM - NETGEAR, the NETGEAR Logo, NETGEAR Digital Entertainer Logo, Connect with a limited warranty, the...
... country and/or region selection to country of NETGEAR, Inc. Other brand names mentioned herein are trademarks of sale. ProSafe® Dual Band Wireless-N Access Point WNDAP350 Technical Specifications • Standards --IEEE 802.11n, 2.4 GHz and 5.0 GHz --IEEE 802.11a 5.0 GHz --IEEE 802.11g, IEEE 802.11b, 2.4 GHz --IEEE 802.3ab Gigabit Ethernet --WMM - NETGEAR, the NETGEAR Logo, NETGEAR Digital Entertainer Logo, Connect with a limited warranty, the...
WNDAP350 User Manual
Page 14
...servers but with the IEEE 802.11 a/b/g/n standards for wireless clients. • SNMP Support. When a wireless access point is connected to a wired network and a set of computers that differentiates one WLAN from your access point and assign different configuration settings...mobile device tries to connect to PCs and other devices upon request. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Supported Standards and Conventions The following features: • Dual Band Concurrent. VLANs are active and the network devices can operate in the protocol standard ...
...servers but with the IEEE 802.11 a/b/g/n standards for wireless clients. • SNMP Support. When a wireless access point is connected to a wired network and a set of computers that differentiates one WLAN from your access point and assign different configuration settings...mobile device tries to connect to PCs and other devices upon request. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Supported Standards and Conventions The following features: • Dual Band Concurrent. VLANs are active and the network devices can operate in the protocol standard ...
WNDAP350 User Manual
Page 16
...) and fine-tune power consumption. • VLAN Security Profiles. For WMM to the correct configuration. The LAN interface is modified. 802.11a/b/g/n Standards-based Wireless Networking The ProSafe Dual Band Wireless-N Access Point WNDAP350 provides a bridge between Ethernet wired networks and radio-equipped wireless notebook systems, desktop systems, print servers, and other devices. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual • Wireless Multimedia (WMM) Support. Timedependent information...
...) and fine-tune power consumption. • VLAN Security Profiles. For WMM to the correct configuration. The LAN interface is modified. 802.11a/b/g/n Standards-based Wireless Networking The ProSafe Dual Band Wireless-N Access Point WNDAP350 provides a bridge between Ethernet wired networks and radio-equipped wireless notebook systems, desktop systems, print servers, and other devices. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual • Wireless Multimedia (WMM) Support. Timedependent information...
WNDAP350 User Manual
Page 26
... characters long. 5. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Figure 2-3 Access Point Name and Country / Region 4. Spanning Tree Protocol. The default is the access point NetBIOS name. This unique name is Disable. 7. 802.1Q VLAN. From the Country/Region pull-down menu, select the region where the WNDAP350 can be associated with multiple WNDAP350 wirelss access points. Note: If your LAN support the VLAN 802.1Q standard...
... characters long. 5. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual Figure 2-3 Access Point Name and Country / Region 4. Spanning Tree Protocol. The default is the access point NetBIOS name. This unique name is Disable. 7. 802.1Q VLAN. From the Country/Region pull-down menu, select the region where the WNDAP350 can be associated with multiple WNDAP350 wirelss access points. Note: If your LAN support the VLAN 802.1Q standard...
WNDAP350 User Manual
Page 27
... about how to and from the left panel. Management VLANs also cause outbound traffic to 1. - However, if their VLAN ID is same as shown in Figure 2-4. Select Time from the Access Point. Basic Installation and Configuration 2-7 v1.1, November 2009 Untagged VLANs do not cause the outbound traffic to be only one Untagged VLAN. Management VLAN. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual -
... about how to and from the left panel. Management VLANs also cause outbound traffic to 1. - However, if their VLAN ID is same as shown in Figure 2-4. Select Time from the Access Point. Basic Installation and Configuration 2-7 v1.1, November 2009 Untagged VLANs do not cause the outbound traffic to be only one Untagged VLAN. Management VLAN. ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual -
WNDAP350 User Manual
Page 47
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual - If enabled, the associated wireless clients will be from 8 to 32 alphanumeric characters. SSID and WEP/WPA Settings Setup Form 802.11b/bg/ng Configuration For a new wireless network, print or copy this information. For an existing wireless network, the person who set the Regulatory Domain correctly as those in the wireless... below. Write your customized SSID on your LAN support the VLAN (802.1Q) standard and this feature has been enabled, the default VLAN ID for the network will not be able to provide this...
ProSafe Dual Band Wireless-N Access Point WNDAP350 Reference Manual - If enabled, the associated wireless clients will be from 8 to 32 alphanumeric characters. SSID and WEP/WPA Settings Setup Form 802.11b/bg/ng Configuration For a new wireless network, print or copy this information. For an existing wireless network, the person who set the Regulatory Domain correctly as those in the wireless... below. Write your customized SSID on your LAN support the VLAN (802.1Q) standard and this feature has been enabled, the default VLAN ID for the network will not be able to provide this...
WNDAP350 User Manual
Page 53
... enable VLAN 802.1Q.) Configuring WEP To configure WEP data encryption: 1. The default Profile VLAN ID must match the IDs used by default. From the Network Authentication drop-down menu, choose either Open System or Shared Key authentication. Wireless Client Security Separation is disabled by other . 9. Click Apply to your Security Profile settings. 11. ProSafe Dual Band Wireless-N Access Point WNDAP350...
... enable VLAN 802.1Q.) Configuring WEP To configure WEP data encryption: 1. The default Profile VLAN ID must match the IDs used by default. From the Network Authentication drop-down menu, choose either Open System or Shared Key authentication. Wireless Client Security Separation is disabled by other . 9. Click Apply to your Security Profile settings. 11. ProSafe Dual Band Wireless-N Access Point WNDAP350...
WNDAP350 User Manual
Page 90
... of the configured VLAN ID will get their IP addresses only from the AP. • Starting IP Address: Enter the starting IP address that can be assigned from the DHCP server on this Access Point. • Ending...WNDAP350 as a DHCP Server for any traffic beyond the local network. • Primary DNS Server: The Access Point will assign this IP address as the default gateway for wireless clients. • DHCP Server: By default, the Dynamic Host Configuration Protocol (DHCP) server on the AP is disabled. Figure 4-1 DHCP server settings 3. ProSafe Dual Band Wireless-N Access Point WNDAP350...
... of the configured VLAN ID will get their IP addresses only from the AP. • Starting IP Address: Enter the starting IP address that can be assigned from the DHCP server on this Access Point. • Ending...WNDAP350 as a DHCP Server for any traffic beyond the local network. • Primary DNS Server: The Access Point will assign this IP address as the default gateway for wireless clients. • DHCP Server: By default, the Dynamic Host Configuration Protocol (DHCP) server on the AP is disabled. Figure 4-1 DHCP server settings 3. ProSafe Dual Band Wireless-N Access Point WNDAP350...