How can I create a Guest Wi-Fi on a Wireless capable SonicWall appliance- a cheat sheet?
03/26/2020 1013 18721
A typical wireless implementation involves creating Wireless Access Points (WAP) for both for a well regulated network used by employee (e.g., Corp) and for a less regulated network used by Guests. While it can be achieved in a few different ways, they all use Virtual Access Points (VAP). It allows one to use a single AP to support multiple (virtual) APs with different authentication and encryption. A logical way of achieving this would be as follows.
- Define Virtual Access Point Profiles for authentication and encryption.
- Define Virtual Access Points- Corp (SSID) and Guest (SSID).
- Group the VAPs (SSIDs) to a Radio Group, EXAMPLE: Internal Radio Group.
- Assign the group to the Internal Radio.
- Configure the network zone and wireless Interface.
NOTE: Wireless on a SonicWall Network Appliance can be set up in 2 different ways. For models that end with a "w" e.g., TZ500W have an internal wireless radio that can provide wireless access similar to standalone devices such as a SonicPoint. This is reflected in the GUI control where one often sees two section on a Wireless capable device (Fig. 1). For the present purpose we will discuss the setup using the Internal Wireless.
Fig. 1. GUI wireless control on a wireless capable SonicWall Network Appliance.
Network Configurations (-Fig. 2)
- Add a Guest zone with security type wireless.
- Configure the default WLAN Interface.
- Create a VLAN for the Guest Wireless Zone (the IP address of the interface will be static if the firewall distributes the DHCP addresses, EXAMPLE: step C).
- Set the Default WLAN in Layer2 Bridges Mode by bridging to the LAN, EXAMPLE: X0
- Add a Dynamic DHCP Scope.
Fig. 2. Network configurations for setting up a Guest Wireless.
- Configure the Virtual Access Point (Fig. 3).
- Configure Settings (Fig. 4).
Fig. 3. Configure Virtual access points (VAP). A VAP enables a single device (e.g., TZ500W or a Sonic Point to support multiple SSIDs with different access profiles (e.g., encryption). Please note that we already have a corporate Wi-Fi profile.
Fig. 4. Wireless Settings - Steps A: Access Role, B: Enable WLAN Radio, C: Select Radio Mode (2.4 or 5 GHz), D: Short Guard and Aggregation E: SSID (if only one SSID is used), F: VAP (if a group of SSID is used).
- Enable Short Guard Interval : Enabling Short Guard specifies an interval of 400 Nano seconds (ns) as opposed to the standard of 800 ns. This refers to a pause in transmission intended to avoid data loss from interference or multiple delays.
- Enable Aggregation : This refers to 802.11n frame aggregation which combines frames to reduce overhead and increases throughput.
- Enabling Short Guard and Aggregation may improve throughput in environments that have low interference. However, in environments with significant interferences, they are not advisable.
This should start transmitting the two SSIDs- Corporate and Guest (Fig. 5)
Fig. 5. Results of Wireless configuration using the inbuilt Radio on a TZ500W.
- As explained above, a wireless capable device (SonicWall Network Appliance or SonicPoint) may be used for supporting a single SSID or multiple SSIDs (as discussed above). For cases one would like to set up the device for a single SSID, the configurations done on the settings page can be done on the Wireless | Security page (Fig. 6).
Fig. 6. Settings for a single SSID on Wireless capable appliance (e.g., TZ500W). Based on the Authentication Type (1) WPA2-AUTO-PSK (A) or WPA2-AUTO-EAP (B), one has to update a Preshared Key (2) or the RADIUS information. Please note that, the RADIUS configuration may also be used in the VAP by selecting the WPA2-AUTO-EAP.
- Implementations using the 2.4 GHz radio is often challenging as 2.4 GHz is a common frequency used by common gadgets (e.g., cordless phones, mobile phones, Microwave). In such cases, it is useful to tweak the radio settings. Fig. 7 is an example of a 2.4GHz radio settings.
Fig. 7. Settings for a 2.4 GHz implementation. Channels 1,6 and 11 are non-overlapping. In an environment with nearby radios consider experimenting with the channels.
- Tweaking Wireless | Advanced is often useful. Fig. 8 summarizes key features.
Fig. 8. Wireless Advanced settings for performance tweaking.