SonicWALL TZ 190 Network Settings for the Example Network, Wireless Bridging (without WiFiSec)

Wireless > Settings

327

SonicOS Enhanced 4.0 Administrator Guide

For example, in the previous network diagram, the wireless security appliance are configured

as follows:

• SSID on all three wireless security appliance are set to “myWLAN”.

• WLAN addressing for all the wireless security appliance's connected via Wireless Bridge

must place the WLAN interfaces on the same subnet: 172.16.31.1 for TZ 170 Wireless1,

172.16.31.2 for TZ 170 Wireless2, and 172.16.31.3 for TZ 170 Wireless3.

• TZ 170 Wireless4 must have a different subnet on the WLAN, such as 172.16.32.X/24.

• LAN addressing for all TZ 170 Wireless connected via Wireless Bridge must place the LAN

interfaces on different subnets: 10.10.10.x/24 for TZ 170 Wireless1, 10.20.20.x/24 for TZ

170 Wireless2, and 10.30.30.x/24 for TZ 170 Wireless3.

• LAN addressing for TZ 170 Wireless4 must be the same as TZ 170 Wireless3.

• To facilitate Virtual Adapter addressing, the TZ 170 Wireless4 can be set to forward DHCP

requests to TZ 170 Wireless3.

• When a TZ 170 Wireless is in Wireless Bridge mode, the channel cannot be configured. TZ

170 Wireless2 and TZ 170 Wireless3 operate on the channel of the connecting Access

Point TZ 170 Wireless. For example, TZ 170 Wireless1 is on channel 1.

• A Bridge Mode TZ 170 Wireless cannot simultaneously support wireless client connections.

Access Point services at Remote Site B are provided by a second TZ 170 Wireless (4). The

channel of operation is set 5 apart from the channel inherited by the TZ 170 Wireless3. For

example, Access Point TZ 170 Wireless1 is set to channel 1, then Bridge Mode TZ 170

Wireless3 inherits channel 1. Access Point TZ 170 Wireless4 should be set to channel 6.

Network Settings for the Example NetworkWireless Bridging (without WiFiSec)

To provide compatibility with other non-WiFiSec wireless access points, the wireless security

appliance supports a non-secure form of wireless bridging, but insecure wireless

communications should only be employed when data is non-sensitive. By default, WiFiSec

Enforcement is enabled on Wireless Settings for Wireless Bridge Mode. To connect to a

non-WiFiSec access point, this checkbox must be disabled. Since VPN tunnels are not

established in non-secure Wireless Bridging deployments, traffic routes must be clearly defined

for both the Access Point and the Bridge Mode sites:

• The default route on the Bridge Mode wireless security appliance must from the WLAN

interface to the WLAN interface of the connecting Access Point wireless security appliance.

Referring to the example above, the default route on TZ 170 Wireless2 and TZ 170

Wireless3 is set via their WLAN interfaces to 172.16.31.1.

Device Mode SSID Channel LAN IP Address WLAN IP Address

TZ 170 Wireless1 Access Point myWLAN 1 10.10.10.254/24 172.16.31.1/24

TZ 170 Wireless2 Wireless

Bridge myWLAN 1 (auto) 10.20.20.254/24 172.16.31.2/24

TZ 170 Wireless3 Wireless

Bridge myWLAN 1 (auto) 10.30.30.254/24 172.16.31.3/24

TZ 170 Wireless4 Access Point otherWLAN 6 10.30.30.253/24 172.16.31.1/24