Netgear WG103 Application Note
Contents
1. select al G ssel enable disable aad ii Default VLAN Port 1 Port 2 Port 3 Corporate E Corporate E Corporate EY Port 4 DMZ Corporate EY 2009 Copyright NETGEAR e Access the VLAN configuration via Network Config LAN settings LAN Setup VLAN1 exists on the default configuration and all the ports are members of it e Change VLAN1 Profile name to Corporate by simply editing the VLAN profile e Click on Add to create a new VLAN e Repeat the same process for both VLAN 20 and VLAN 30 for administration purposes each will have the profile name matching the respective SSID e Port 1 will be the only port member of each of the new VLANs as this is the port the Access Point will connect to e If required enable DHCP with a scope of addresses within the same range as the VLAN IP address e Click on Apply e After creating each VLAN the User will be prompted with the VLAN Profiles summary NOTE Although not relevant in this scenario attention should be dedicated to the Default VLAN concept Changing the Default VLAN for a Port will be equivalent to changing the PVID of the port on for example a Netgear switch 802 1q capable A port member of multiple VLANs will be instead be the equivalent of setting an 802 1q trunk port as long as the default VLAN is VLAN 1 Version 2 0 AP configuration WNDAP330 Create a new SSID Configuration Monitoring Maintenance Support2. Wireless Bridge System IP Wireless Profile Settings Profile Settings gt Advanced Profile Settings 802 11b bg ng 802 11a na n SSID Secu VAN eat NETGEAR NETGEAR_1lig Open System 1 A 2 NETGEAR 1 NETGEAR_1ig 1 Open System 1 C a NETGEAR 2 NETGEAR_11g 2 Open System 1 go 4 NETGEAR 3 NETGEAR_11g 3 Open System 1 C O 5 NETGEAR 4 NETGEAR_11g 4 Open System 1 oO e NETGEAR 5 NETGEAR_11g 5 Open System 1 C O 7 NETGEAR 6 NETGEAR_11g 6 Open System 1 oO O 8 NETGEAR 7 NETGEAR_11g 7 Open System 1 C a E l J Edit Security Profile Profile Definition E Profile Name Corporate No Wireless Network Name SSID Broadcast Wireless Network Name SSID Yes Authentication Settings e Network Authentication Open System wi Data Encryption Wireless Client Security Separation VLAN ID Profile Settings Profile Settings Ka 802 11b bg ng 802 i1a na REESEN Gi Corporate Corporate Open System OQ 2 Guest Guest Open System 20 3 Engineering Engineering Open System 30 4 NETGEAR 3 NETGEAR_1ig 3 Open System 1 d 5 NETGEAR 4 NETGEAR_11g 4 Open System 1 F e NETGEAR 5 NETGEAR_11g 5 Open System 1 d 7 NETGEAR 6 NETGEAR_11g 6 Open System 1 O 8 NETGEAR 7 NETGEAR_11g 7 Open System 1 L e Access the AP configuration via Security Profile settings by default all only the SSID Netgear is active whilst all the SSIDs are assigned to VLAN 1 e Inthe bottom of the page click on Ed
3. NETGEAR Connect with Innovation UTM Unified Threat Management in a multi SSID multi VLAN network with traffic separation This document describes the steps to undertake in configuring a UTM 10 Firmware version 1 0 16 0 and a WNDAP330 Firmware version 3 0 3 to host a multi SSID and multi VLAN network The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured from any other VLAN which will exist on the Wired or Wireless LAN maintaining same VLAN communication The diagram below shows a typical scenario UTM 10 Configuration LAN IP 192 168 1 1 VLAN1 Corporate default IP 192 168 1 1 Membership Port 1 2 3 4 DHCP enabled 192 168 1 x 24 VLAN20 Guest1 IP 192 168 20 1 Membership Port 1 DHCP enabled 192 168 20 x 24 VLAN30 Engineering IP 192 168 30 1 Membership Port 1 DHCP enabled 192 168 30 x 2 UTM Port 1 to AP LAN Corporate Engineering 4 J f AP configuration WNDAP330 LAN IP 192 168 1 235 Untagged VLAN 1 Management VLAN 1 SSID Corporate VLAN 1 ID 1 SSID Guest VLAN 20 ID 20 SSID Engineering VLANS30 ID 30 UTM Port 2 to Switch 0 1 Layer 2 Layer 3 switch configuration LAN IP 192 168 1 239 Management VLAN 1 Membership all ports Untagged in VLAN1 Internet yerTTT SYYYYTII T A ep Wired LAN 192 168 1 x 24 Version 2 0 Table of Contents
4. Network Setup 0 cece cccescccesssscecceessceeccessseecceessseeceeesseeceessseeeceesseeceeessseeceeeesseeeeessaeees 3 B SI Gell SOND E 3 LOG AUS UID EE 3 OTMTO e eier let ge e eea eaa E E E E EE R N E E AEA AEE 4 Create a NEW VLAN ssiusisinicsiurioc nirean ei raran cais iee n reo ENa RONE S E EET E ENS 4 AP GCOMMOULATION VVINDAIP E 5 SS NS IG EE 5 ee La 1 Gl le 6 STING E 6 Managing devices oee nnessoeeeesssseeeessssseseesssssereesssssresssssrresssssseressssserresssssreesssssereessss 6 Version 2 0 Network Setup Physical setup Layer 2 Layer 3 switch Port 0 1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM 10 Configuration LAN IP 192 168 1 1 VLAN1 default IP 192 168 1 1 Membership Port 1 2 3 4 DHCP enabled 192 168 1 x 24 VLAN20 IP 192 168 20 1 Membership Port 1 DHCP enabled 192 168 20 x 24 VLAN30 IP 192 168 30 1 Membership Port 1 DHCP enabled 192 168 30 x 24 AP configuration LAN IP 192 168 1 235 Untagged VLAN 1 Management VLAN 1 SSID Corporate VLAN 1 ID 1 SSID Guest VLAN 20 ID 20 SSID Engineering VLANS0 ID 30 Layer 2 Layer 3 switch configuration LAN IP 192 168 1 239 Management VLAN 1 Membership all ports Untagged in VLAN1 Version 2 0 UTM10 Configuration Create a new VLAN IEN LAN teed ii VLAN Profiles Profile Name VLAN ID Subnet I
5. P DHCP Status Action DHCP Log defaultVlan 1 192 168 1 1 DHCP Enabled aa select all Goen enable CH disable add Port 1 Port 2 Port 3 Port 4 DM2Z defaultVlan defaultVlan defaultVlan v defaultVlan Profile Name Subnet IP DHCP Status Corporate 192 168 1 1 DHCP Enabled select all delete enable D disable D add ii Default VLAN Port 1 Port 2 Port 3 Corporate EI Corporate EI Corporate EI Port 4 DMZ Corporate EY 2009 Copyright NETGEAR Add VLAN Profile VLAN Profile Profile Name VLAN ID Port Membership Port 1 C Port 4 DMZ ii LAN TCP IP Setup IP Address x92 les bo bk Subnet Mask bas Jess 255 fo Disable DHCP Server C Enable LDAP information LDAP Server Search Base port enter 0 for default port Enable DHCP Server Domain Name FT Starting IP Address 192 les Heo Je Ending IP Address 192 les Io Is Primary DNS Server E92 Jiss Meo bk Secondary DNS Server L U U U WINS Server O fo E U j Lease Time Hours DHCP Relay Relay Gateway I L Enable DNS Proxy Fj 22 Inter VLAN Routng D Enable Inter VLAN Routing O Profile Name Subnet IP DHCP Status Corporate 192 168 1 1 DHCP Enabled DHCP Enabled Guest 192 168 20 1 Engineering 192 168 30 1 DHCP Enabled
6. VLAN 1 is the management VLAN for the Access Point IP 192 168 1 235 Layer2 Layer3 switch The unit will be managed connecting to a port in VLAN1 as this is the management VLAN for the switch 192 168 1 239 Version 2 0
7. it to modify the Netgear profile name and SSID to Corporate note how this will reflect the settings performed on the UTM relating to the VLAN 1 profile e Apply the changes e Enable both Profile numbers 2 and 3 to activate the respective SSID e Perform the relevant changes to assign one profile to VLAN 20 and one to VLAN 30 also reflecting the same profiles and SSID names NOTE The security level on each profile will depend on the Security policy in use in the network Version 2 0 Further Notes Testing Testing can be performed by connecting a Wireless client to each of the SSID alternatively i e Corporate Guest Engineering and trying to access the Internet or ping the IP address assigned to the UTM in the VLAN associated to the SSID Ensure the Wireless client obtains an IP address from a DHCP server or hard code an IP address relevant to the VLAN the Wireless client will be connecting to Inter VLAN routing will work between VLANs if the following option is enabled in both the source and destination VLAN a Enable Inter VLAN Routing Managing devices UTM The unit will be managed using the IP address configured on the VLAN the managing device will try to connect from The unit will therefore be accessible using 192 168 1 1 in VLAN1 192 168 20 1 in VLAN 20 and 192 168 30 1 in VLAN 30 WNDAP330 The unit will be managed upon being configured from a device wired or wireless connected to a port in VLAN1 ae
Download Pdf Manuals
Related Search