manualshive.com logo in svg

SonicWALL SonicPoint, Руководство администратора


Поделиться
Скачать
background image

S

ONIC

WALL S

ONIC

P

OINT

 A

DMINISTRATOR

S

 G

UIDE

17

SonicPoint Overview

WiFiSec Enforcement

 and the 

Trust WPA Traffic as WiFiSec

 settings are only available on Wireless 

Zones. Because Wireless Zones only accept SonicPoint traffic, only SonicPoints can provide this 
feature; it is not possible to provide this security feature with any other WPA-capable OTS Access 
Point. 

Wireless Roaming

As wireless clients move through a distributed wireless network, it is necessary to support roaming 
from one SonicPoint to another in as non-interruptive a manner as possible. The SonicWALL Secure 
Wireless Solutions/Architecture was designed such that client connections, even across multiple 
SonicPoint Access Points, traverse a single point--whether it is the physical interface on the SonicOS 
device, or a Virtualized Adapter using the Global VPN Client (GVC). This method helps to ensure that 
even as a client moves through the wireless network in nomadic fashion that applications will 
experience minimal if any interruption, providing a virtually seamless wireless client experience.

Roaming decisions are made by the wireless client, and are done so in a non-prescribed fashion, 
meaning that different wireless client card vendors can implement different types of roaming decision 
algorithms. Generally, the roaming process involves the following components:

The client decides to roam: When the wireless device moves or the signal strength changes for 
some reason, the client enters into a roaming state based on such factors as signal strength, 
missed beacons, or acknowledgements, the client will enter into a roaming state.

The client determines where to roam: Once the client has decided to roam, it must then decide 
where to roam to. Finding an eligible Access Point to roam to is accomplished using some sort of 
scanning technique, either active or passive, and the scan may be performed either preemptively 
(before the decision to roam) or reactively (after the decision to roam). The scanning technique 
employed may or may not affect the client’s ability to send and receive data during the scanning 
process. This varies from vendor to vendor. Some clients cleverly employ power-saving to make 
this process more seamless--they signal the Access Point to which they’re attached that they are 
entering a Power-Save Mode before starting the scanning process. The client and Access Point 
then attempt to queue data for the “sleeping” client. During this respite, the client performs its 
scan. When the client finds a new Access Point, it wakes up, and exchanges queued data with the 
Access Point.

The client roams: by de-associating with the old access point, and re-associating with the new 
access point. Layer 2 connectivity is severed and re-established during this process. 

The client’s applications resume: Layer 3 (and higher) communications can resume after layer 2 
connectivity is restored. The effect this has on the continuity of the application depends on 
whether the application is connection-oriented (such as a telnet or SSH session), or stateless 
(such as Web-browsing). Connection-oriented applications will generally be interrupted by 
roaming while stateless applications will exhibit no ill-effects. Many client-server applications, such 
as a Microsoft Outlook client connection to an Exchange Server, use higher layer logic to 
automatically re-establish the client-server connection after layer 2/3 connectivity is restored, and 
these will operate with relative seamlessness.

There are many factors that can affect the roaming process, and the effect it will have on the user 
application. For example, using WPA introduces additional latency as a result of the 4-way 
handshake that must occur during association or re-association with the new Access Point. Latency 
can introduce a significant amount of interruption, especially to connection-oriented or streaming/
multimedia applications. 

Roaming from one Access Point to another can occur across different boundaries, within the same 
layer 2 segment, across layer 2 segments, and across layer 3 segments. Generally, remaining within 
the same layer 2 segment while roaming presents the least potential for interruption, crossing layer 2 
segments presents more, and crossing layer 3 segments presents the most. 

Содержание SonicPoint

Страница 1: ...COMPREHENSIVE INTERNET SECURITY SonicWALL SonicPoint and SonicPoint G Administrator s Guide Secure Wireless Solution...

Страница 2: ...ation 20 Bypass Guest Authentication 20 Customizable Authentication Pages 20 SMTP Redirection 21 Enabling External Guest Services 21 MAC Filtering Using MAC Address Objects 22 SonicPoint Profiles 22 A...

Страница 3: ...face 36 System Status 36 36 System Settings 36 37 System Firmware 37 37 System Restart 37 37 Network Interfaces 38 Wireless Status 38 Wireless 802 11a Radio 39 Wireless 802 11a Advanced 39 Wireless 80...

Страница 4: ...12 months that the product will be free from defects in materials and workmanship under normal use This Limited Warranty is not transferable and applies only to the original end user of the product S...

Страница 5: ...CLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS BUSINESS INTERRUPTION LOSS OF INFORMATION OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT OR FOR SPECIAL INDIRECT...

Страница 6: ...MINISTRATOR S GUIDE v Current Documentation Check the SonicWALL documentation Web site for that latest versions of this manual and all other SonicWALL product documentation http www sonicwall com supp...

Страница 7: ...vi SONICWALL SONICPOINT ADMINISTRATOR S GUIDE...

Страница 8: ...rough a SonicWALL security appliance in Managed Mode or on its own in Stand Alone Mode For more detailed instructions on managing a SonicPoint in Managed Mode see the SonicWALL SonicOS Enhanced 2 5 Ad...

Страница 9: ...oint hardware The SonicWALL SonicPoint hardware includes SonicPoint IEEE 802 11a b g SonicPoint G IEEE 802 11g b Overview of the SonicWALL SonicPoint Hardware The SonicPoint contains both 2 4 and 5 0...

Страница 10: ...SONICWALL SONICPOINT ADMINISTRATOR S GUIDE 3 Supported Platforms The following figure details the rear view of the SonicPoint 802 11 a b g Power LAN Port Power over Ethernet Console Port...

Страница 11: ...SONICWALL SONICPOINT ADMINISTRATOR S GUIDE The SonicPoint G contains only the 2 4 GHz Radio WLAN The following figure details the front view of the SonicPoint G Power 2 4 GHz Radio Link 10 100 Activit...

Страница 12: ...ks at a variable rate while transferring data with connected 802 11a stations LAN 10 act The LAN 10 act LED blinks to indicate 10Mb LAN activity LAN link The LAN link LED illuminates steadily to indic...

Страница 13: ...r on the bottom of the SonicPoint To register your SonicPoint 1 In your Web browser log into your account at https www mySonicWALL com 2 In the list of registered products click on the link for the So...

Страница 14: ...page when you are done SonicPoint Overview As the proliferation of wireless networking continues it becomes increasingly important to support more diverse and more geographically expansive wireless ne...

Страница 15: ...total recommended number of SonicPoints per appliance Feature Platform Tri Mode Dual Band Dual Radio 802 11a b g operation for simultaneous support of 802 11a and 802 11g b clients SonicPoint 802 11a...

Страница 16: ...nts maintain their Stand Alone and Managed Mode configurations separately so that they do not conflict with or overwrite one another SonicPoints will dynamically transition from one mode to the other...

Страница 17: ...e will be activated on Wireless Zones and based on the platform the top range of addresses will be reserved for SonicPoints Refer to the table on page 3 for platform specific numbers The IP Address as...

Страница 18: ...ed SonicPoint device that is a SonicPoint for which security appliance has no stored configuration Changing the configuration on an operational SonicPoint requires modification to that SonicPoint s se...

Страница 19: ...b Layer 2 connectivity between SonicPoints and the managing SonicWALL appliance is required Wireless Zone interfaces will automatically recognize when a SonicPoint has been connected using the SonicWA...

Страница 20: ...ess Zone to accept either SonicPoint sourced traffic as well as traffic sourced from any other host Packets will continue to be tagged as they pass through the SonicPoint Providing the ability to allo...

Страница 21: ...s Point Secure Wireless Gateway and the Firewall into a single unit providing full firewall Access Rule applicability to all wireless traffic on that individual unit Wireless Firewalling within the Se...

Страница 22: ...twork 192 168 168 0 255 255 255 0 VPN 172 16 17 0 Network 172 16 17 0 255 255 255 0 VPN 172 16 18 0 Network 172 16 18 0 255 255 255 0 VPN 172 16 20 0 Network 172 16 20 0 255 255 255 0 VPN From Host To...

Страница 23: ...oints Consider the above example where there are two SonicPoints connected to the WLAN Zone where WiFiSec is enforced SonicPoint1 does not have WPA enabled but WPA is enabled and is Trusted as WiFiSec...

Страница 24: ...the client s ability to send and receive data during the scanning process This varies from vendor to vendor Some clients cleverly employ power saving to make this process more seamless they signal the...

Страница 25: ...the following configuration In the above configuration the WLAN Zone has WiFiSec enforced but the WLAN GroupVPN does not have Use DHCP to obtain Virtual IP for this Connection enabled ClientA associat...

Страница 26: ...ope As ClientA moves from SonicPoint1 to SonicPoint2 both of which use the same SSID corpNet roaming occurs within the same L2 segment When ClientA re associates the physical adapter IP address 10 1 1...

Страница 27: ...st communications controls occur at the Wireless Gateway layer below the Firewall Access Rules and will not manifest itself in the Access Rule table If IP addresses are known or predictable it will st...

Страница 28: ...bound e mail for all hotspot visitors regardless of their client software configurations Note The potential for using this sort of arrangement for spamming must be mitigated by anti spam software runn...

Страница 29: ...onicWALL Discovery Protocol SDP is a layer 2 protocol employed by SonicPoints and devices running SonicOS Enhanced 2 5 and higher SDP is the foundation for the automatic provisioning of SonicPoint uni...

Страница 30: ...aged Mode two additional SonicPoint transitions have been defined to help provide uninterrupted connectivity and high availability The first such transition is specific to configurations wherein two S...

Страница 31: ...detected resulting in Managed Mode but then becomes unavailable such as it is powered off or physically disconnected from the SonicPoint the SonicPoint will poll at a longer interval 6 minutes and the...

Страница 32: ...o The LED blinks at a constant rate when the SonicPoint is ready to receive traffic using the 5 GHz radio 802 11a and blinks at a variable rate when transferring data LAN 10 activity The LAN 10 act LE...

Страница 33: ...optional If you do not assign a default profile for a zone SonicPoints in that zone will use the first profile in the list Assign one or more interfaces to the Wireless zone Attach the SonicPoints to...

Страница 34: ...settings for the 802 11a 5GHz band radio Enable 802 11a Radio Check this to automatically enable the 802 11a radio bands on all SonicPoints provisioned with this profile Note 802 11a radio settings o...

Страница 35: ...dio For most 802 11a advanced options the default settings give optimum performance Hide SSID in Beacon Check this option to have the SSID broadcast as part of the wireless beacon rather than as a sep...

Страница 36: ...tings are appropriate when you allow both the SonicPoint b and g clients to be present at the same time Since g clients transmit at a high rate the b clients that operate at a slower rate cannot under...

Страница 37: ...Hz radio settings Modifications to profiles will not affect units that have already been provisioned and are in an operational state Configuration changes to operational SonicPoint devices can occur i...

Страница 38: ...riate for the amount of devices you have The undiscriminating addressing requirement sometimes proved unnecessary or disruptive To configure a number of SonicPoint access points perform the following...

Страница 39: ...t device 2 Navigate to the System Administration page 3 From the Download URL section of the page change the path of the SonicPoint image retrieval point in the SonicPoint Download URL http field Make...

Страница 40: ...nnected SonicPoints and displays updated settings on the page Enable and Disable Individual SonicPoints You can enable or disable individual SonicPoints on the Wireless SonicPoints page 1 Check the bo...

Страница 41: ...cations are restored or the SonicPoint is deleted from the SonicOS device s table Updating Firmware If the SonicOS security appliance detects that it has a firmware update available for a SonicPoint i...

Страница 42: ...Management Interface 1 Configure your management station If you are connecting to the LAN port on the SonicPoint directly from your managements station or through only the PoE injector you need to co...

Страница 43: ...f the SonicOS Management Interface see Managing SonicPoints in Managed Mode for instructions on managing the SonicPoint in Stand Alone Mode System Status System Settings Provides a view of operating p...

Страница 44: ...an interface to upload new firmware using FTP Requires access to an external FTP server hosting a SonicPoint Firmware image SonicPoint firmware can be downloaded from a SonicOS Enhanced 2 5 or greate...

Страница 45: ...38 SONICWALL SONICPOINT ADMINISTRATOR S GUIDE Network Interfaces Wireless Status Configuration of LAN IP netmask and default gateway View statistics for both radios and associated Station status...

Страница 46: ...NICWALL SONICPOINT ADMINISTRATOR S GUIDE 39 Managing the SonicPoint in Stand Alone Mode Wireless 802 11a Radio Wireless 802 11a Advanced 802 11a 5GHz Radio settings Advanced 802 11a 5GHz Radio setting...

Страница 47: ...40 SONICWALL SONICPOINT ADMINISTRATOR S GUIDE Wireless 802 11g Radio Wireless 802 11g Advanced 802 11g b 2 4GHz Radio settings Advanced 802 11g b 2 4GHz Radio settings...

Страница 48: ...image The default IP address of the Safe Mode and Stand Alone GUI is 192 168 1 20 Safe Mode does not require a login while Stand Alone Mode employs a default username of admin and a password of passw...

Страница 49: ...ating in to the factory defaults It does not reset the configuration for the other mode Depending on the mode the SonicPoint is operating in and the amount of time you press the reset button the Sonic...

Страница 50: ...the FCC regulatory domain it supports and additional 5 channels with channel frequencies of 5200 5240 5280 5765 and 5805Mhz The 2 4Ghz 802 11g b radio supports a maximum of 14 channels depending on t...

Страница 51: ...Sensitivity typical 802 11a 82dBm 6Mbps 81dBm 9Mbps 79dBm 12Mbps 78dBm 18Mbps 75dBm 24Mbps 72dBm 36Mbps 70dBm 48Mbps 68dBm 54Mbps 802 11b g 91dBm 1Mbps 90dBm 2Mbps 89dBm 5 5Mbps 84dBm 6Mbps 82dBm 9Mb...

Страница 52: ...mes mentioned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change with out notice T 408 745 9600 F 408 745 9300 www so...

Отзывы:

Нет отзывов

Похожие инструкции для SonicPoint

D-Link DES-7200 User Manual preview
DES-7200
Бренд: D-Link Страницы: 100
D-Link DES-3226L Manual preview
DES-3226L
Бренд: D-Link Страницы: 134
D-Link DES-3010F Command Line Interface Manual preview
DES-3010F
Бренд: D-Link Страницы: 187
D-Link DES-3010F Manual preview
DES-3010F
Бренд: D-Link Страницы: 225
D-Link DES-1048G Manual preview
DES-1048G
Бренд: D-Link Страницы: 31
D-Link DES-1050G User Manual preview
DES-1050G
Бренд: D-Link Страницы: 35
D-Link DES-1016D - Switch Quick Install Manual preview
DES-1016D - Switch
Бренд: D-Link Страницы: 19
D-Link COVR-2202 User Manual preview
COVR-2202
Бренд: D-Link Страницы: 107
D-Link AirPlusXtremeG DI-624 Troubleshooting preview
AirPlusXtremeG DI-624
Бренд: D-Link Страницы: 5
D-Link DGS-1210-28P Getting Started Manual preview
DGS-1210-28P
Бренд: D-Link Страницы: 48
D-Link DI-106 Series Faq preview
DI-106 Series
Бренд: D-Link Страницы: 29
D-Link DGS-3700 Series User Manual preview
DGS-3700 Series
Бренд: D-Link Страницы: 292
D-Link DGS-3224SR User Manual preview
DGS-3224SR
Бренд: D-Link Страницы: 140
D-Link DGS-1224T - Web Smart Switch User Manual preview
DGS-1224T - Web Smart Switch
Бренд: D-Link Страницы: 61
D-Link DI-LB604 - Load Balancing Router Quick Installation Manual preview
DI-LB604 - Load Balancing Router
Бренд: D-Link Страницы: 14
D-Link DIR-605L Specification preview
DIR-605L
Бренд: D-Link Страницы: 2
D-Link DIR-510L Manual preview
DIR-510L
Бренд: D-Link Страницы: 45
D-Link DES-3550 Manual preview
DES-3550
Бренд: D-Link Страницы: 218

Бренды по названию

Популярные бренды

Загрузить еще бренды