Wireless > Settings
327
SonicOS Enhanced 4.0 Administrator Guide
For example, in the previous network diagram, the wireless security appliance are configured
as follows:
SSID on all three wireless security appliance are set to “myWLAN”.
WLAN addressing for all the wireless security appliance's connected via Wireless Bridge
must place the WLAN interfaces on the same subnet: 172.16.31.1 for TZ 170 Wireless1,
172.16.31.2 for TZ 170 Wireless2, and 172.16.31.3 for TZ 170 Wireless3.
TZ 170 Wireless4 must have a different subnet on the WLAN, such as 172.16.32.X/24.
LAN addressing for all TZ 170 Wireless connected via Wireless Bridge must place the LAN
interfaces on different subnets: 10.10.10.x/24 for TZ 170 Wireless1, 10.20.20.x/24 for TZ
170 Wireless2, and 10.30.30.x/24 for TZ 170 Wireless3.
LAN addressing for TZ 170 Wireless4 must be the same as TZ 170 Wireless3.
To facilitate Virtual Adapter addressing, the TZ 170 Wireless4 can be set to forward DHCP
requests to TZ 170 Wireless3.
When a TZ 170 Wireless is in Wireless Bridge mode, the channel cannot be configured. TZ
170 Wireless2 and TZ 170 Wireless3 operate on the channel of the connecting Access
Point TZ 170 Wireless. For example, TZ 170 Wireless1 is on channel 1.
A Bridge Mode TZ 170 Wireless cannot simultaneously support wireless client connections.
Access Point services at Remote Site B are provided by a second TZ 170 Wireless (4). The
channel of operation is set 5 apart from the channel inherited by the TZ 170 Wireless3. For
example, Access Point TZ 170 Wireless1 is set to channel 1, then Bridge Mode TZ 170
Wireless3 inherits channel 1. Access Point TZ 170 Wireless4 should be set to channel 6.
Network Settings for the Example NetworkWireless Bridging (without WiFiSec)
To provide compatibility with other non-WiFiSec wireless access points, the wireless security
appliance supports a non-secure form of wireless bridging, but insecure wireless
communications should only be employed when data is non-sensitive. By default, WiFiSec
Enforcement is enabled on Wireless Settings for Wireless Bridge Mode. To connect to a
non-WiFiSec access point, this checkbox must be disabled. Since VPN tunnels are not
established in non-secure Wireless Bridging deployments, traffic routes must be clearly defined
for both the Access Point and the Bridge Mode sites:
The default route on the Bridge Mode wireless security appliance must from the WLAN
interface to the WLAN interface of the connecting Access Point wireless security appliance.
Referring to the example above, the default route on TZ 170 Wireless2 and TZ 170
Wireless3 is set via their WLAN interfaces to 172.16.31.1.
Device Mode SSID Channel LAN IP Address WLAN IP Address
TZ 170 Wireless1 Access Point myWLAN 1 10.10.10.254/24 172.16.31.1/24
TZ 170 Wireless2 Wireless
Bridge myWLAN 1 (auto) 10.20.20.254/24 172.16.31.2/24
TZ 170 Wireless3 Wireless
Bridge myWLAN 1 (auto) 10.30.30.254/24 172.16.31.3/24
TZ 170 Wireless4 Access Point otherWLAN 6 10.30.30.253/24 172.16.31.1/24