Справочник Пользователя для SonicWALL 5.8.1
SonicPoint > Virtual Access Point
563
SonicOS 5.8.1 Administrator Guide
A Sample Network
The following is a sample VAP network configuration, describing four separate VAPs:
•
VAP #1, Corporate Wireless Users – A set of users who are commonly in the office, and
to whom should be given full access to all network resources, providing that the connection
is authenticated and secure. These users already belong to the network’s Directory
Service, Microsoft Active Directory, which provides an EAP interface through IAS – Internet
Authentication Services.
to whom should be given full access to all network resources, providing that the connection
is authenticated and secure. These users already belong to the network’s Directory
Service, Microsoft Active Directory, which provides an EAP interface through IAS – Internet
Authentication Services.
•
VAP#2, Legacy Wireless Devices – A collection of older wireless devices, such as
printers, PDAs and handheld devices, that are only capable of WEP encryption.
printers, PDAs and handheld devices, that are only capable of WEP encryption.
•
VAP#3, Visiting Partners – Business partners, clients, and affiliated who frequently visit
the office, and who need access to a limited set of trusted network resources, as well as
the Internet. These users are not located in the company’s Directory Services.
the office, and who need access to a limited set of trusted network resources, as well as
the Internet. These users are not located in the company’s Directory Services.
•
VAP# 4, Guest Users – Visiting clients to whom you wish to provide access only to
untrusted (e.g. Internet) network resources. Some guest users will be provided a simple,
temporary username and password for access.
untrusted (e.g. Internet) network resources. Some guest users will be provided a simple,
temporary username and password for access.
•
VAP#5, Frequent Guest Users – Same as Guest Users, however, these users will have
more permanent guest accounts through a back-end database.
more permanent guest accounts through a back-end database.
Determining Security Configurations
Understanding these requirements, you can then define the zones (and interfaces) and VAPs
that will provide wireless services to these users:
that will provide wireless services to these users:
•
Corp Wireless – Highly trusted wireless zone. Employs WPA2-AUTO-EAP security.
WiFiSec (WPA) Enforced.
WiFiSec (WPA) Enforced.
•
WEP & PSK – Moderate trust wireless zone. Comprises two virtual APs and subinterfaces,
one for legacy WEP devices (e.g. wireless printers, older handheld devices) and one for
visiting clients who will use WPA-PSK security.
one for legacy WEP devices (e.g. wireless printers, older handheld devices) and one for
visiting clients who will use WPA-PSK security.
•
Guest Services – Using the internal Guest Services user database.
•
LHM – Lightweight Hotspot Messaging enabled zone, configured to use external LHM
authentication-back-end server.
authentication-back-end server.
VAP Configuration Worksheet
The worksheet below provides some common VAP setup questions and solutions along with a
space for you to record your own configurations.
space for you to record your own configurations.
Questions
Examples
Solutions
How many different types of
users will I need to support?
users will I need to support?
Corporate wireless, guest access, visiting
partners, wireless devices are all common
user types, each requiring their own VAP
partners, wireless devices are all common
user types, each requiring their own VAP
Plan out the number of different
VAPs needed. Configure a zone
and VLAN for each VAP needed
VAPs needed. Configure a zone
and VLAN for each VAP needed
Your Configurations: