SonicPoint Provisioning Profiles provide a scalable and highly automated method of configuring and provisioning multiple SonicPoints across a secure distributed wireless architecture. SonicPoint Profile definitions include all of the settings that can be configured on a SonicPoint, such as radio settings for the 2.4GHz and 5GHz radios, SSID’s, and channels of operation.
Once you have defined a SonicPoint profile, you can apply it to a Wireless zone. Each Wireless zone can be configured with one SonicPoint profile. Any profile can apply to any number of zones. Then, when a SonicPoint is connected to a zone, it is automatically provisioned with the profile assigned to that zone. SonicOS includes a default SonicPoint profile, named SonicPoint. You can modify this profile or create a new one. The default settings for the SonicPoint profile are listed in Table 3.
Table 3 Default SonicPoint Profile Settings Function Description
Administrative password Sets the admin password.
Time settings Sets the time zone for the system clock.
WAN configuration Sets the WAN networking mode to static IP, DHCP client, PPPoE, or
PPTP. Configures the WAN interface network settings, depending on the selection of WAN networking mode.
LAN configuration Configures the IP address, netmask, and DNS servers for the LAN
interface.
LAN DHCP server settings Configures the DHCP server range for clients connected to the LAN
interface.
802.11a Radio 802.11g Radio
Enable 802.11a Radio
Yes Enable 802.11g Radio
Yes
SSID SonicWALL SSID SonicWALL
Radio Mode 54Mbps - 802.11a Radio Mode 2.4 GHz 54Mbps - 802.11g
ACL Enforcement Disabled ACL Enforcement Disabled
Authentication Type
WEP - Both
Open System & Shared Key
Authentication Type
WEP - Both
Open System & Shared Key
Data Rate Best Data Rate Best
Adding a SonicPoint Profile
You can add any number of SonicPoint profiles in the Wireless SonicPoints page of the management interface. The Add SonicPoint Profile window is divided into five tabs as illustrated in Figure 12:
• “General Tab” section on page 29
• “802.11a Radio Tab” section on page 30
• “802.11a Advanced Tab” section on page 31
• “802.11g Radio Tab” section on page 32
• “802.11g Advanced Tab” section on page 34
Figure 12 The Add SonicPoint Profile Window
General Tab
This section describes configuration elements on the General tab as illustrated in Figure 12. General SonicPoint configuration settings include the following:
• Enable SonicPoint: When checked, automatically enables each SonicPoint when it is provisioned
with this profile.
• Name Prefix: A prefix for the names of all SonicPoints connected to this zone. When each
SonicPoint is provisioned it is given a name that consists of the name prefix and a unique number, for example: “SonicPoint 126008.“
• Country Code: The country where the SonicPoint is operating. Thecountry code determines which
802.11a Radio Tab
This section describes configuration elements on the 802.11a Radio tab as illustrated in Figure 13.
Figure 13 The 802.11a Radio Tab
Radio settings for the 802.11a (5GHz band) radio include the following:
• Enable 802.11a Radio: When checked, automatically enables the 802.11a radio bands on all
SonicPoints provisioned with this profile. When the radio is enabled, the schedule determines when the radio is on. Select Always On, select an existing schedule, or select Create New Schedule to create a custom schedule. Schedules are configured in the System > Schedules page of the SonicOS management interface.
• SSID: The SSID of each SonicPoint using this profile. This is the name that will appear in clients lists of available wireless connections.
Note If all SonicPoints in your organization share the same SSID, it is easier for users to maintain their wireless connection when roaming from one SonicPoint to another.
• Radio Mode: The speed of the wireless connection, 54 Mbps or 108 Mbps (Turbo) mode.
• Channel: The channel the radio will operate on. The default is AutoChannel, which automatically
selects the channel with the least interference. Use AutoChannel unless you have a reason to use or avoid specific channels.
ACL enforcement settings include the following:
• Enable MAC Filter List: When selected, enforces Access Control by allowing traffic from devices
WEP/WPA encryption settings include the following:
• Authentication Type: The method of authentication for your wireless network, WEP - Both (Open
System & Shared Key), WEP - Open System, WEP - Shared Key, WPA - PSK, or WPA - EAP.
• WEP Key Mode: The size of the WEP encryption key.
• Default Key: Determines which key in the list below is the default key, which will be tried first
when trying to authenticate a user.
• Key Entry: Determines whether the key is alphanumeric or hexadecimal.
• Key 1 - Key 4: The encryption keys for WEP encryption. Enter the most likely to be used in the field
you selected as the default key. 802.11a Advanced Tab
This section describes configuration elements on the 802.11a Advanced tab as illustrated in Figure 14.
Figure 14 The 802.11a Advanced Tab
Performance settings for the 802.11a radio. For most 802.11a advanced options, the default settings provides optimum performance.
• Hide SSID in Beacon: Check this option to have the SSID broadcast as part of the wireless beacon,
rather than as a separate broadcast.
• Schedule IDS Scan: Select a schedule for the SonicPoint to automatically perform an IDS Scan.
IDS Scans can briefly interrupt wireless connectivity, so automatic scans should be scheduled for a time with a lower amount of network activity. You can select an existing schedule or create one of your own.
• Data Rate: Select the speed at which the data is transmitted and received. Best automatically selects
the best rate available in your area given interference and other factors. You can select: Best, 6
• Transmit Power: Select the transmission power. Transmission power affects the range of the SonicPoint. You can select: Full Power, Half (-3 dB), Quarter (-6 dB), Eighth (-9 dB), or
Minimum.
• Antenna Diversity: Select whether you want to use both antennas, one antenna, or have the
SonicPoint automatically select the best setup for the situation.
• Beacon Interval (milliseconds): Enter the number of milliseconds between sending out wireless
beacons.
• DTIMInterval: The Delivery Traffic Indication Message (DTIM) is a component of the beacon
sent by the SonicPoint to alert clients that are in sleep (power saving) mode that there is data waiting for them. The DTIM Interval specifies the number of beacons that are sent between Delivery Traffic Indication Messages.
• Fragmentation Threshold (bytes): Enter the number of bytes of fragmented data you want the
network to allow.
• RTS Threshold (bytes): Enter the number of bytes.
• Maximum Client Associations: Enter the maximum number of clients you want the SonicPoint to
support on this radio at one time. 802.11g Radio Tab
These settings affect the operation of the 802.11g and 802.11b radio bands. The SonicPoint has two separate radios built in. Therefore, it can send and receive on both the 802.11a and 802.11g bands at the same time.
The settings in the 802.11g Radio and 802.11g Advanced tabs are similar to the settings in the 802.11a
Radio and 802.11a Advanced tabs.
This section describes configuration elements on the 802.11g Radio tab as illustrated in Figure 15.
Radio settings for the 802.11g (2.4GHz band) radio include the following:
• Enable 802.11g Radio: When checked, automatically enables the 802.11g radio bands on all
SonicPoints provisioned with this profile. When the radio is enabled, the schedule determines when the radio is on. Select Always On, select an existing schedule, or select Create New Schedule to create a custom schedule. Schedules are configured in the System > Schedules page of the SonicOS management interface.
• SSID: The SSID of each SonicPoint using this profile. This is the name that will appear in clients’ lists of available wireless connections.
Note If all SonicPoints in your organization share the same SSID, it is easier for users to maintain their wireless connection when roaming from one SonicPoint to another.
• Radio Mode: The speed of the wireless connection, 11 Mbps (802.11b), 54 Mbps (802.11g), or
108 Mbps (Turbo) mode.
• Channel: The channel the radio will operate on. The default is AutoChannel, which automatically
selects the channel with the least interference. Use AutoChannel unless you have a reason to use or avoid specific channels.
ACL enforcement settings include the following:
• Enable MAC Filter List: When selected, enforces Access Control by allowing traffic from devices
specified in the Allow List and denying traffic from devices specified in the Deny List. WEP WPA encryption settings include the following:
• Authentication Type: The method of authentication for your wireless network, WEP - Both (Open
System & Shared Key), WEP - Open System, WEP - Shared Key, WPA - PSK, or WPA - EAP.
• WEP Key Mode: The size of the WEP encryption key.
• Default Key: Determines which key in the list below is the default key, which will be tried first
when trying to authenticate a user.
• Key Entry: Determines whether the key is alphanumeric or hexadecimal.
• Key 1 - Key 4: The encryption keys for WEP encryption. Enter the most likely to be used in the field
802.11g Advanced Tab
This section describes configuration elements on the 802.11g Advanced tab as illustrated in Figure 16.
Figure 16 The 802.11g Advanced Tab
Performance settings for the 802.11g radio. For most 802.11g advanced options, the default settings provide optimum performance.
• Hide SSID in Beacon: Check this option to have the SSID broadcast as part of the wireless beacon,
rather than as a separate broadcast.
• Schedule IDS Scan: Select a schedule for the SonicPoint to automatically perform an IDS Scan.
IDS Scans can briefly interrupt wireless connectivity, so automatic scans should be scheduled for a time with a lower amount of network activity. You can select an existing schedule or create one of your own.
• Data Rate: Select the speed at which the data is transmitted and received. Best automatically selects
the best rate available in your area given interference and other factors. You can select: Best,
6 Mbps, 9 Mbps, 12 Mbps, 18 Mbps, 24 Mbps, 36 Mbps, 48 Mbps, or 54 Mbps.
• Transmit Power: Select the transmission power. Transmission power affects the range of the
SonicPoint. You can select: Full Power, Half (-3 dB), Quarter (-6 dB), Eighth (-9 dB), or
Minimum.
• Antenna Diversity: Select whether you want to use both antennas, one antenna, or have the
SonicPoint automatically select the best setup for the situation.
• Beacon Interval (milliseconds): Enter the number of milliseconds between sending out a wireless
beacon.
• DTIMInterval: The Delivery Traffic Indication Message (DTIM) is a component of the beacon
sent by the SonicPoint to alert clients that are in sleep (power saving) mode that there is data waiting for them. The DTIM Interval specifies the number of beacons that are sent between Delivery Traffic Indication Messages.
• Fragmentation Threshold (bytes): Enter the number of bytes of fragmented data you want the
• RTS Threshold (bytes): Enter the number of bytes.
• Maximum Client Associations: Enter the maximum number of clients you want the SonicPoint to
support on this radio at one time.
• Preamble Length: The preamble is a portion of the wireless frame that is used to define
information, such as timing and phase, necessary for a client to synchronize to the SonicPoint. The preamble length of the clients must match that of the SonicPoint. Older wireless client cards used Long Preambles. However most newer client wireless cards use the more efficient Short Preamble standard.
• Protection Mode: Protection can decrease collisions, particularly where you have two overlapping
SonicPoints. However, it can slow down performance. Auto is probably the best setting, as it will engage only in the case of overlapping SonicPoints.
• Protection Rate: The protection rate determines the data rate when protection is on. The slowest
rate offers the greatest degree of protection but the slowest data transmission rate. Choose 1 Mbps,
2 Mbps, 5 Mbps, or 11 Mbps.
• Protection Type: Select the type of handshake used to establish a wireless connection: CTS-only
or RTS-CTS. 802.11b traffic is only compatible with CTS.
• CCK OFDM Power Delta: This setting determines the difference in transmission power between
802.11b (CCK mode) and 802.11g (OFDM mode). When both 802.11g and 802.11b are used simultaneously, 802.11g covers a smaller physical area than 802.11b. Increasing the CCK OFDM Power Delta lowers the transmission power for 802.11b, so the two radio modes will cover the same area. Choose 0 dBm, 1 dBm, or 2 dBm.
• Enable Short Slot Time: Select Enable Short Slot Time to increase performance if you only
expect 802.11g traffic. 802.11b is not compatible with short slot time.
• Allow Only 802.11g Clients to Connect: Select this to block all traffic from 802.11b clients,
allowing your network to take advantage of the features of 802.11g.
Provisioning the SonicPoint
When a SonicPoint unit is first connected and powered up, it will have a factory default configuration (IP Address 192.168.1.20, username: admin, password: password). Upon initializing, it will attempt to find a SonicOS device (such as a SonicWALL PRO Series security appliance) with which to peer. If it is unable to find a peer SonicOS device, it will enter into a stand-alone mode of operation with a separate stand-alone configuration allowing it to operate as a standard Access Point.
If the SonicPoint does locate, or is located by a peer SonicOS device, via the SonicWALL Discovery Protocol, an encrypted exchange between the two units will ensue wherein the profile assigned to the relevant Wireless Zone will be used to automatically configure (provision) the newly added SonicPoint unit.
As part of the provisioning process, SonicOS will assign the discovered SonicPoint device a unique name, and it will record its MAC address and the interface and WLAN Zone on which it was discovered. It can also automatically assign the SonicPoint an IP address, if so configured, so that the SonicPoint can communicate with an authentication server for WPA-EAP support. SonicOS will then use the profile associated with the relevant WLAN Zone to configure the 2.4GHz and 5GHz radio settings.