Configuring a SonicPoint Profile

NOTE: You can use Auto Provisioning to automatically provision SonicPoint profiles. For information on how to enable
automatic provisioning, see Enabling Auto Provisioning .

You can add any number of SonicPoint profiles. The SonicPoint profile configuration process varies slightly, depending on whether you
are configuring a single-radio (SonicPoint N) or a Dual Radio (SonicPoint AC and SonicPoint NDR) SonicPoint.
The following sections describe how to configure the types of SonicPoint profiles:
•Configuring a SonicPoint ACe/ACi/N2 or NDR Profile
•Configuring a SonicPoint N Profile

Configuring a SonicPoint ACe/ACi/N2 or NDR Profile

IMPORTANT: SonicPoint AC requires POE+ (802.3at Type 2) that supplies 30 watts of peak power.

NOTE: SonicPoint ACs are supported on appliances running SonicOS 6.2.2 and above, SonicOS 6.3 and above, or SonicOS
6.4 and above.

TIP: The configuration dialogs for SonicPoint ACe/ACi/N2 and SonicPoint NDA profiles are quite similar. Differences are
noted in the procedures. In this section, SonicPoint refers to both SonicPoint ACe/ACi/N2 and SonicPoint NDA.

For a SonicPoint overview, see About SonicPoints .

You can add any number of SonicPoint profiles. The specifics of the configuration vary slightly depending on which SonicPoint profile
and protocols you select.

To configure a SonicPoint provisioning profile, complete the following tasks:

1Navigate to SonicPoint > SonicPoints page.
2Do one of the following:
•To add a new:
•SonicPoint AC profile, click Add SonicPoint ACe/ACi/N2 Profile.
•SonicPoint NDR profile, click Add SonicPoint NDR Profile.
•To edit an existing AC or NDA profile, click the Configure icon on the same row as the profile you want to edit.
The Add/Edit SonicPoint … Profile dialog appears. The two dialogs are the same except if you are editing an existing profile,
the existing settings are displayed.
3You configure the SonicPoint profile through settings on these tabs:
• General Tab
•Radio 0 Basic and Radio 1 Basic Tabs
•Radio 0/Radio 1 Advanced Tabs
•Sensor Tab

General Tab
In the General tab, configure the desired settings:
•SonicPoint Settings
•Virtual Access Point Settings
•L3 SSL VPN Tunnel Settings
•SonicPoint Administrator Settings

SonicPoint Settings

1Check Enable SonicPoint to enable each SonicPoint automatically when it is provisioned with this profile. This option is selected by default.
Optionally, check Retain Settings to have the SonicPoints provisioned by this profile retain portions of their customized settings after they are
2deleted and resynchronized. The settings are retained until the SonicPoint is rebooted. This option is not selected by default.

If you select this option, Edit becomes active. To specify the settings to retain:
aIf you are editing an existing SonicPoint profile, click Edit. The Retain Settings dialog displays.
b Do one of the following:
•Click Retain All Settings; all the other options become dimmed.
•Click the checkboxes of the individual settings to be retained.
NOTE: The
settings
for each
radio must
be
selected
separately.

cClick OK.
Optionally, check Enable RF Monitoring to enable wireless RF Threat Real Time Monitoring and Management. This option is not selected by default.
3For more information about RF monitoring, see SonicPoint > RF Monitoring .
4If you are configuring a:
• SonicPoint NDR profile, go to Step 5.
SonicPoint AC profile, optionally, check Enable LED to enable/disable SonicPoint AC LEDs. This option is not selected by default
•(LEDs are disabled).
Enter a prefix for the names of all SonicPoints connected to this zone in the Name Prefix field. This prefix assists in identifying SonicPoint on a zone.
When each SonicPoint is provisioned, it is given a name that consists of the name prefix and a unique number, for example: SonicPoint AC
5 126008 or SonicPoint NDR 126009.
Select the country where you are operating the SonicPoints from the Country Code drop-down menu. The country code determines under which
6regulatory domain the radio operation falls.
From the EAPOL Version drop-down menu, select the version of EAPoL (Extensible Authentication Protocol over LAN) to use: v1 or v2. The default
7is v2, which provides better security.

Virtual Access Point Settings

Optionally, select an 802.11n Virtual Access Point (VAP) group to assign these SonicPoints to a VAP from the Radio 0 Basic Virtual
AP Group and Radio 1 Basic Virtual AP Group drop-down menus. The drop-down menus allow you to create a new VAP group. For
1more information on VAPs, see SonicPoint > Virtual Access Point .
NOTE: Selecting a
VAP group for
Radio 0 and/or
Radio 1 affects
options on the
appropriate Radio
0/1 Basictabs.
L3 SSL VPN Tunnel Settings

1In the SSL VPN Server field, enter the IP address of the SSL VPN server.
2In the User Name field, enter the User Name of the SSL VPN server.
3In the Password field, enter the Password for the SSL VPN server.
4In the Domain field, enter the domain that the SSL VPN server is located in.
5Optionally, click Auto-Reconnect for the SonicPoint to auto-reconnect to the SSL VPN server. This option is not selected by default.
IMPORTANT: To
push the
settings to the
SonicPoint
device, connect
the SonicPoint
device to the
SSL VPN Server
through a Layer
2 connection.

NOTE: To configure L3 SSL VPN, click the link to SSL VPN > Client Settings. For information about Layer 3 SSL VPN,
refer to SonicPoint Layer 3 Management and SSL VPN > Client Settings .

SonicPoint Administrator Settings

1In the Name field, enter the user name for the network administrator.
2In the Password field, enter the password for the network administrator.

Radio 0 Basic and Radio 1 Basic Tabs

NOTE: The available options on these tabs depend on whether a VAP group was selected in the Virtual Access Point
Settings on the General tab.
The Radio 0 Basic and Radio 1 Basic tabs are similar and have only a few differences that are noted in the steps.
NOTE: The sections and options displayed on the Radio 0/1 Basic tabs change depending on whether you selected a
VAP group in the Radio 0/1 Virtual AP Group drop-down menus on the General tab and the mode you select in
the Mode drop-down menu. These choices apply only to the radio for which they were selected, that is, if you select a
VAP for Radio 0 but not Radio 1, Radio 1 is not affected and vice versa.

1Click the Radio 0 Basic or Radio 1 Basic tab.

2Configure the settings for the 5GHz (Radio 0) and 2.4GHz (Radio 1) band radios:
•Radio 0/Radio 1 Basic Settings
•Wireless Security
•Virtual Access Point Encryption Settings
•ACL Enforcement
•Remote MAC Address Access Control Settings
Radio 0/Radio 1 Basic Settings
NOTE: The options change depending on the mode you select.

Check Enable Radio to enable the 802.11ac radio bands automatically on all SonicPoint ACs provisioned with this profile. This option is
1selected by default.
From the Enable Radio drop-down menu, select a schedule for when
the 802.11n radio is on or create a new schedule; default is Always
on. You can create a new schedule by selecting Create new
• schedule to display the Add Schedule menu.
2Select your preferred radio mode from the Mode drop-down menu:

Table 69. Radio mode choices

Radio 0 Basic Radio 1 Basic Definition

5GHz 802.11n Only 2.4GHz 802.11n Only Allows only

802.11n clients
access to your
wireless
network.
802.11a/b/g
clients are
unable to
connect under
this restricted
radio mode.

5GHz 802.11n/a Mixed 2.4GHz 802.11n/g/b Mixed Supports

SonicPoint AC/NDR default. 802.11a and
802.11n (Radio
0) or 802.11b,
802.11g, and
802.11n (Radio
1) clients
simultaneously.
If your wireless
network
comprises
multiple types
of clients,
select this
mode.

5GHz 802.11a Only Select this

SonicPoint NDR default. mode if only
802.11a clients
access your
wireless
network.

2.4GHz 802.11g Only If your wireless

network
consists only of
802.11g
clients, you
might select
this mode for
increased
802.11g
performance.
You might also
select this
mode if you
wish to prevent
802.11b clients
from
associating.

5GHz 802.11ac/n/a Mixed Supports

802.11ac,
SonicPoint AC default. 802.11a, and
802.11n (Radio
0) clients
simultaneously.
If your wireless
network
comprises
multiple types
of clients,
select this
mode.
 5GHz 802.11ac Only Allows only
802.11ac
clients access
to your
wireless
network. Other
clients are
unable to
connect under
this restricted
radio mode.

TIP: For 802.11n clients only, for optimal throughput speed solely, Dell SonicWALL recommends the 802.11n
Only radio mode. Use the 802.11n/b/g Mixed radio mode for multiple wireless client authentication
compatibility.

For optimal throughput speed solely for 802.11ac clients, SonicWALL recommends the 802.11ac Only radio
mode. Use the 802.11ac/n/a Mixed radio mode for multiple wireless client authentication compatibility.
NOTE: The available 802.11n Radio 0/1 Settings options change depending on the mode selected. If the
wireless radio is configured for a mode that:

Supports 802.11n, the following options are displayed: Radio Band, Primary Channel, Secondary
•Channel, Enable Short Guard Interval, and Enable Aggregation.
•Does not support 802.11n, only the Channel option is displayed.
3If you are configuring a:
• SonicPoint AC or a SonicPoint NDR without VAP, go to Step 4.
SonicPoint NDR with VAP selected on the General tab, optionally, select Enable DFS Channels to enable the use
of Dynamic Frequency Selection (DFS) that allows wireless devices to share the same spectrum with existing
•radar systems within the 5GHz band.
TIP: If you select this
option, choose
either Standard -
2MHz
Channel or Wide -
40MHz Channel as
the Radio Band.
The Primary
Channel and Standard
Channel drop-down
menus then display a
choice of available
sensitive channels.

NOTE: This option only appears on the 802.11n Radio 0 tab as the 802.11n Radio 1 does not have a
wireless speed connection mode of at least 5GHz.

4If you are configuring a:

• SonicPoint with VAP, go to Step 5.
SonicPoint without a VAP group, in the SSID field, enter a recognizable string for the SSID of each SonicPoint using this
•profile. This is the name that appears in clients’ lists of available wireless connections.
TIP: If all
SonicPoint
ACs or NDRs
in your
organization
share the
same SSID,
it is easier
for users to
maintain
their
wireless
connection
when
roaming
from one
SonicPoint
AC/NDR to
another.

5If the Mode you selected was:

• 5GHz 80211a Only or 2.4GHz 802.11g Only, go to Step 6.
•Any other mode, select a radio band from the Radio Band drop-down menu:
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and
•integrity. Both the Primary Channel and Secondary Channel are set to Auto also. This is the default setting.
Standard - 20MHz Channel—Specifies that Radio 0 uses only the standard 20MHz channel. When this option is selected,
•the Standard Channel drop-down menu is displayed instead of the Primary Channel and Secondary Channel options.
Wide - 40MHz Channel—Available only when 5GHz 802.11ac/n/a or 5GHz 802.11ac is selected for the Radio Band, specifies that
•Radio 0 uses only the wide 80MHz channel. When this option is selected, only the Channeldrop-down menu is active
 Select a channel from the Standard/Primary Channel drop-down menu. Depending on the Mode and Radio Band selections, a Secondary
6Channel drop-down menu displays.
Auto - Allows the appliance to automatically detect and set the optimal
channel for wireless operation based on signal strength and integrity.
This is the default setting for the Standard/Primary Channels.
The Secondary ChannelIs set to Auto regardless of the setting
• of Primary Channel.
Optionally, you can select a single channel within the range of your regulatory domain. Selecting a specific a channel can also help
with avoiding interference with other wireless networks in the area. The available channels depend on which Radio you are
configuring; see Figure 23. If you select Wide – 40 MHz Channel for Radio Band, a Secondary Channel displays and is selected
•automatically by the selection of the Primary Channel.

Table 70. Specific channel choices

Radio 0: Channel/Primary Radio 1: Standard/Primary Radio 1: Secondary Channel is
Channel 1 Channel set automatically to: 2

Channel 36 (5180MHz) Channel 1 (2412MHz) Channel 5 (2432MHz)

Channel 40 (5200MHz) Channel 2 (2417MHz) Channel 6 (2437MHz)

Channel 44 (5220MHz) Channel 3 (2422MHz) Channel 7 (2442MHz)

Channel 48 (5240MHz) Channel 4 (2427MHz) Channel 8 (2447MHz)

Channel 149 (5745MHz) Channel 5 (2432MHz) Channel 1 (2412MHz)

Channel 153 (5765MHz) Channel 6 (2437MHz) Channel 2 (2417MHz)

Channel 157 (5785MHz) Channel 7 (2442MHz) Channel 3 (2422MHz)

Channel 161 (5805MHz) Channel 8 (2447MHz) Channel 4 (2427MHz)

3
Channel 165 (5825MHz) Channel 9 (2452MHz) Channel 5 (2432MHz)

Channel 10 (2457MHz) Channel 6 (2437MHz)

Channel 11 (2462MHz) Channel 7 (2442MHz)

1
The Secondary Channel is available only when 5GHz 802.11n Only or 5GHz 802.11n/a Mixed is selected for Mode and Wide – 40 MHz Channel is selected
for Radio Band. The Secondary Channel is always Auto if either Auto is selected for Radio Band or a VAP group is selected on the General tab.

2
Upon selection of a Primary Channel, the Secondary Channel is set automatically to a preset channel.

3
This option is available only when 5GHz 802.11n Only, 5GHz 802.11n/a Mixed, or 5GHZ 802.11a Only is selected for Mode and Standard – 20 MHz
Channel is selected for Radio Band.

7If, from the Radio Band drop-down menu, you selected:

• 5GHz 802.11a Only or 2.4GHz 802.11g Only, and are configuring:
•SonicPoint AC:
•Without VAP, go to Wireless Security .
•With VAP, go to Virtual Access Point Encryption Settings .
•SonicPoint NDR, go to Step 10.
•Any other radio band, go to Step 8
8 Enable Short Guard Interval—Specifies the short guard interval of 400ns (as opposed to the standard guard interval of 800ns).
NOTE: This option is not available if 5GHz 802.11a Only or 2.4GHz 802.11g Only mode is selected.

IMPORTANT: To avoid compatibility issues, ensure the wireless client also supports a short guard interval.

A guard interval is a set amount of time between transmissions that is designed to ensure distinct transmissions do not
interfere with one another. The guard interval introduces immunity to propagation delays, echoes, and reflections. An access
point identifies any signal content received inside this interval as unwanted inter-symbol interference, and rejects that data.
The guard interval is a pause in transmission intended to avoid data loss from interference or multipath delays.
The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns (long).
Enabling a short guard interval can decrease network overhead by reducing unnecessary idle time on each access point. A short
guard interval of 400 nanoseconds (ns) works in most office environments as distances between points of reflection, as well as
 between clients, are short. Most reflections are received quickly. The shorter the guard interval, the more efficiency there is
in the channel usage, but a shorter guard interval also increases the risk of interference.
Some outdoor deployments might, however, require a longer guard interval. The need for a long guard interval of 800 ns
becomes more important as areas become larger, such as in warehouses and in outdoor environments, as reflections and
echoes become more likely to continue after the short guard interval would be over.
The guard interval is a pause in transmission intended to avoid data loss from interference or multipath delays and increase
802.11n and 802.11ac data rate. Ensure the wireless client also can support a short guard interval to avoid compatibility
issues.
TIP: The Enable Short Guard Interval and Enable Aggregation options can slightly improve throughput. They
both function best in optimum network conditions where users have strong signals with little interference. In
networks that experience less than optimum conditions (interference, weak signals, and so on), these options
could introduce transmission errors that eliminate any efficiency gains in throughput.

Select Enable Aggregation to enable 802.11n and 802.11ac frame aggregation that combines multiple data frames in a single
9transmission to reduce overhead and increase throughput.
NOTE: This
option is not
available
if 5GHz
802.11a
Only or 2.4GHz
802.11g
Only mode is
selected.

IMPORTANT: To avoid compatibility issues, ensure the wireless client also supports aggregation.

Data over wireless networks are sent as a stream of packets known as data frames. Frame aggregation takes these packets and
combines them into fewer, larger packets, thereby allowing an increase in overall performance. Frame aggregation was added
to the 802.11n and 802.11ac specification to allow for an additional increase in performance. Frame aggregation is a feature
that only 802.11n and 802.11ac clients can take advantage of, as legacy systems are not able to understand the new format of
the larger packets.
10If you are configuring:
• SonicPoint AC:
•Without VAP, go to Wireless Security .
•With VAP, go to Virtual Access Point Encryption Settings .
•SonicPoint NDR, optionally select Enable MIMO. This option is selected by default.
The Enable MIMO option enables/disables MIMO (multiple-input multiple output). Enabling this option increases 802.11n
throughput by using multiple-input/multiple-output antennas. This option is enabled by default for all 802.11n modes
and is dimmed to ensure it is not disabled. The option is activated and selected by default if 5GHz 802.11a
Only or 2.4GHz 802.11g Only mode is selected.
NOTE: Ensure the wireless client also can support these antennas to avoid compatibility issues. If the
802.11a or 502.11g client cannot support these antennas, disable the option by deselecting it.

Wireless Security
NOTE: If a VAP was selected in the Virtual Access Point Settings section of the General tab, this section is not
available. Instead, the Virtual Access Point Encryption Settings section is displayed. Go to Virtual Access Point
Encryption Settings .

NOTE: The options change depending on the authentication type you select.
The Wireless Security sections of both Radio 0 Basic and Radio 1 Basic tabs are the same as for the SonicPoint N 802.11n Radio tab.
For how to configure the Wireless Security settings, see Wireless Security .

Virtual Access Point Encryption Settings

NOTE: This section displays only if a VAP was selected from the Radio 0 Basic/1 Virtual AP Group drop-down menus in
the Virtual Access Point Settings section of the General tab.

The Virtual Access Point Encryption Settings section of both Radio 0 Basic and Radio 1 Basic tabs are the same as for the SonicPoint
N 802.11n Radio tab. For how to configure the Virtual Access Point Encryption Settings settings, see Virtual Access Point Encryption
Settings .

ACL Enforcement

The ACL Enforcement section of both Radio 0 Basic and Radio 1 Basic tabs are the same as for the SonicPoint N 802.11n Radio tab.
For how to configure the ACL Enforcement settings, see ACL Enforcement .

Remote MAC Address Access Control Settings

NOTE: If a VAP was selected in the 802.11n Radio Virtual AP Group drop-down menu on the Settings tab, this section
is not available; go to Radio 0/Radio 1 Advanced Tabs .

The Remote MAC Address Access Control Settings section of both 802.11n Radio 0 and 802.11n Radio 1 tabs are the same as for
the SonicPoint N 802.11n Radio tab.
IMPORTANT: You cannot enable the Remote MAC address access control option at the same time that IEEE 802.11i
EAP is enabled. If you try to do so, you could receive the following error message:

Remote MAC address access control can not be set when

IEEE 802.11i EAP is enabled.

Select Enable Remote MAC Access Control. This option enforces radio wireless access control according to the MAC-based authentication policy in
1the remote Radius server. The Configure button becomes active.
Click Configure. The SonicPoint Radius Server Global Settings dialog displays.
2
3In the appropriate fields, enter the RADIUS server settings that you want. See Table 71.

Table 71. WPA-EAP/WPA2-EAP encryption settings

Option Description

Radius Server The number of times SonicOS will attempt to contact the RADIUS server. If the RADIUS server
Retries does not respond within the specified number of retries, the connection is dropped.

Retry Interval The time, from 0 to 60 seconds, to wait between retries. The number 0 means no wait
(seconds) between retries.

Radius Server 1 IP The name/location of your RADIUS authentication server

Radius Server 1 The port on which your RADIUS authentication server communicates with clients and network
Port devices. The default port is 1812.

Radius Server 1 The secret passcode for your RADIUS authentication server
Secret

Radius Server 2 The name/location of your backup RADIUS authentication server

Radius Server 2 The port on which your backup RADIUS authentication server communicates with clients and
Port network devices. The default port is 1812.

Radius Server 2 The secret passcode for your backup RADIUS authentication server
Secret
4Click OK.

Radio 0/Radio 1 Advanced Tabs

These settings affect the operation of the Radio 1 Basic radio bands. The SonicPoint has two separate radios built in. Therefore, it can
send and receive on both bands at the same time.
The Radio 1 Advanced tab has the same options as the Radio 0 Advanced tab plus other options. The tabs for SonicPoint AC and
SonicPoint NDR are quite similar. Differences are noted in the procedure.

To configure the Radio 0/Radio 1 Advanced setting:

1Click the Radio 0/1 Advanced tab.
2If you:
•Selected a VAP on the Settings tab, go to Step 3.
Did not select a VAP on the Settings tab, optionally, select Hide SSID in Beacon to have the SSID send null SSID beacons in place of
advertising the wireless SSID name. Sending null SSID beacons forces wireless clients to know the SSID to connect. This option is
•unchecked by default.
From the Schedule IDS Scan drop-down menu, select a schedule for the IDS (Intrusion
Detection Service) scan. Select a time when there are fewer demands on the wireless
network to minimize the inconvenience of dropped wireless connections. You can
create your own schedule by selecting Create new schedule or disable the feature by
3selecting Disabled, the default.
NOTE: IDS offers a wide selection of intrusion detection
features to protect the network against wireless threats. This
feature detects attacks against the WLAN Infrastructure that
consists of authorized access points, the RF medium, and the
wired network. An authorized or valid-AP is defined as an
access point that belongs to the WLAN infrastructure. The
access point is either a SonicPoint or a third-party access
point.

From the Data Rate drop-down menu, select the speed at which the data is transmitted and received. Best (default) automatically selects the best
4rate available in your area given interference and other factors.
5From the Transmit Power drop-down menu, select the transmission power. Transmission power effects the range of the SonicPoint.
•Full Power (default)
•Half (-3 dB)
•Quarter (-6 dB)
•Eighth (-9 dB)
•Minimum
6 If you are configuring:
•SonicPoint AC, go to Step 7.
SonicPoint NDR, from the Antenna Diversity drop-down menu, select Best, the default. The Antenna Diversity setting determines
which antenna the SonicPoint uses to send and receive data. When Best is selected, the SonicPoint automatically selects the
•antenna with the strongest, clearest signal.
In the Beacon Interval (milliseconds) field, enter the number of milliseconds between sending wireless SSID beacons. The minimum interval is 100
7milliseconds, the maximum is 1000 milliseconds, and the default is 100 milliseconds.
8In the DTIM Interval field, enter the DTIM interval in milliseconds. The minimum number of frames is 1, the maximum is 255, and the default is 1.

For 802.11 power-save mode clients of incoming multicast packets, the DTIM interval specifies the number of beacon frames
to wait before sending a DTIM (Delivery Traffic Indication Message).
9If you are configuring a SonicPoint:
• SonicPoint AC, go to Step 10.
SonicPoint NDR, in the Fragmentation Threshold (bytes) field, enter the number of bytes of fragmented data you want the
network to allow. The fragmentation threshold limits the maximum frame size. Limiting frame size reduces the time required
to transmit the frame and, therefore, reduces the probability that the frame will be corrupted (at the cost of more data
overhead). Fragmented wireless frames increase reliability and throughput in areas with RF interference or poor wireless
coverage. Lower threshold numbers produce more fragments. The minimum is 256 bytes, the maximum is 2346 bytes, and the
•default is 2346 bytes.
In the RTS Threshold (bytes) field, enter the threshold for a packet size, in
10 bytes, at which a request to send (RTS) is sent before packet transmission.
 Sending an RTS ensures that wireless collisions do not take place in situations
where clients are in range of the same access point, but might not be in range
of each other. The minimum threshold is 256 bytes, the maximum is 2346
bytes, and the default is 2346 byes.
In the Maximum Client Associations field, enter the maximum number of clients you want each SonicPoint using this profile to support on this radio
11at one time. The minimum number of clients is 1, the maximum number is 128, and the default number is 32.
In the Station Inactivity Timeout (seconds) field, enter the maximum length of wireless client inactivity before Access Points age out the wireless
12client, in seconds. The minimum period is 60 seconds, the maximum is 36000 seconds, and the default is 300 seconds.
13If you are configuring:
• Radio 0 Advanced settings, go to Step 17.
•Radio 1 Advanced tab settings, go to Step 14.
14 Select a preamble length from the Preamble Length drop-down menu:
•Long (default)
•Short
15Select a protection mode from the Protection Mode drop-down menu:
• 1 Mbps (default)
•2 Mbps
•5 Mbps
•11 Mbps
16 Select a protection type from the Protection Type drop-down menu:
•CTS-only (default)
•RTS-CTS
Optionally, to allow clients to disassociate and reassociate more quickly, select the Enable Short Slot Time checkbox. Specifying this option
increases throughput on the 802.11n/g wireless band by shortening the time an access point waits before relaying packets to the LAN. This setting is
17not selected by default.
Optionally, if you are using Turbo G mode and, therefore, are not allowing 802.11b clients to connect, select the Do(es) not allow 802.11b Client
18to Connect checkbox. Specifying this option limits wireless connections to 802.11g and 802.11n clients only. This setting is not selected by default.
19From the WMM (Wi-Fi Multimedia) drop-down menu, select whether a WMM profile is to be associated with this profile:
• Disabled (default)
Create new WMM profile. If you select Create new WMM profile, the Add Wlan WMM Profile dialog displays. For information about
•configuring a WMM profile, see Configuring Wi-Fi Multimedia Parameters .
•A previously configured WMM profile
Optionally, select Enable Green AP to allow the SonicPoint ACe/ACi/N2 radio to go into sleep mode. This saves power when no clients are actively
connected to the SonicPoint. The SonicPoint immediately goes into full power mode when any client attempts to connect to it. Green AP can be set
20on each radio independently, Radio 0 (5GHz) and Radio 1 (2.4GHz).
21If you are configuring:
•Radio 0 Advanced, repeat the procedure for Radio 1 Advanced.
•Radio 1 Advanced for:
•SonicPoint AC, go to Step 22.
•SonicPoint NDR, go to Sensor Tab .
In the Green AP Timeout(s) field, enter the transition time, in seconds, that the access point waits while it has no active connections before it goes
into sleep mode, that is, the time between power-save off to power-save on. The transition values can range from 20 seconds to 65535 seconds with
22a default value of 20 seconds.

Sensor Tab

In the Sensor tab, enable or disable Wireless Intrusion Detection and Prevention (WIDP) mode.
IMPORTANT: If this option is selected, Access Point or Virtual Access Point(s) functionality is disabled automatically.

1Select Enable WIDF sensor to have the SonicPoint operate as a dedicated WIDP sensor. This option is not selected by default.
From the drop-down menu, select the schedule for when the SonicPoint operates as a WIDP sensor or select Create new schedule… to specify a
2different time; default is Always on.

Configuring a SonicPoint N Profile

For a SonicPoint overview, see Understanding SonicPoints .
You can add any number of SonicPoint profiles. The specifics of the configuration varies slightly depending on which 802.11 protocols
you select.

To configure a SonicPointN provisioning profile, perform the following tasks:

1Navigate to SonicPoint > SonicPoints page.
2Do one of the following:
•To add a new SonicPoint N profile, click Add SonicPoint N Profile.
•To edit an existing SonicPoint N profile, click the Configure icon on the same row as the profile you want to edit.
The Add/Edit SonicPointN Profile dialog appears. The two dialogs are the same except if you are editing an existing profile,
the existing settings are displayed.

3Configure the SonicPoint N through options on these tabs:

• Settings Tab
•802.11n Radio Tab
•Advanced Tab
•Sensor Tab

Settings Tab
The Settings tab has these sections:
•SonicPoint Settings
•Virtual Access Point Settings
•L3 SSL VPN Tunnel Settings
•SonicPoint Administrator Settings

SonicPoint Settings

1To automatically enable each SonicPoint when it is provisioned with this profile, select Enable SonicPoint. This option is selected by default.
Optionally, check Retain Settings to have the SonicPoint Ns provisioned by this profile retain customized settings until system restart or reboot. This
2option is not selected by default.

If you select this option, Edit becomes active. To specify the settings to retain:
aClick Edit. The Retain Settings dialog displays.
b Do one of the following:
•Click Retain All Settings; all the other options are dimmed.
•Click the checkboxes of the individual settings to be retained.
c Click OK.
3Optionally, check Enable RF Monitoring to enable wireless RF Threat Real Time Monitoring and Management. This option is not selected by default.
4Optionally, check Enable LED (Ni/Ne) to turn SonicPointN LEDs on/off.
NOTE: This option applies only to the SonicPoint N model that has controllable LED hardware support.

Enter a prefix for the names of all SonicPointNs connected to this zone in the Name Prefix field. This prefix assists in identifying SonicPoints on a
zone. When each SonicPointN is provisioned, it is given a name that consists of the name prefix and a unique number, for example: MySonicPoint
5126008.
Select the country where you are operating the SonicPoint Ns from the Country Code drop-down menu. The country code determines which
6regulatory domain the radio operation falls under.
From the EAPOL Version drop-down menu, select the version of EAPoL (Extensible Authentication Protocol over LAN) to use: v1 or v2. The default
7is v2, which provides better security than v2.

Virtual Access Point Settings

Optionally, from the 802.11n Radio Virtual AP Group drop-down menu, select an 802.11n Virtual Access Point (VAP) group to assign these SonicPoint
1Ns to a VAP. This drop-down menu allows you to create a new VAP group. For more information on VAPs, see SonicPoint > Virtual Access Point .

L3 SSL VPN Tunnel Settings

1In the SSL VPN Server field, enter the IP address of the SSL VPN server.
2In the User Name field, enter the user name of the SSL VPN server.
3In the Password field, enter the password for the SSL VPN server.
4In the Domain field, enter the domain that the SSL VPN server is located in.
5Click Auto-Reconnect for the SonicPoint to auto-reconnect to the SSL VPN server.
NOTE: To configure L3 SSL VPN, click the link to SSL VPN > Client Settings.
For information about Layer 3 SSL VPN, refer to SonicPoint Layer 3
Management and SSL VPN > Client Settings .

SonicPoint Administrator Settings

1In the Name field, enter the user name for the network administrator.
2In the Password field, enter the password for the network administrator.

802.11n Radio Tab

NOTE: The sections and options displayed on the 802.11n Radio tab change depending on whether you selected a VAP
group in the 802.11n Radio Virtual AP Group drop-down menu on the Settings tab and the mode you selected from
the Mode drop-down menu.

1Click the 802.11n Radio tab.

2Configure the options on this tab:
•802.11n Radio Settings
•Wireless Security
•Virtual Access Point Encryption Settings
•ACL Enforcement
•Remote MAC Address Access Control Settings

802.11n Radio Settings

NOTE: The options change depending on the mode you select.

Check Enable Radio to automatically enable the 802.11n radio bands on all SonicPoints provisioned with this profile. This option is selected
1by default.
From the Enable Radio drop-down menu, select the schedule for when
the802.11n radio is on. The default schedule is Always On. You can
• create a new schedule by selecting Create new schedule.
Select your preferred radio mode from the Mode drop-down menu. The wireless security
2appliance supports the modes shown in Table 72.
NOTE: The available 801.11n Radio Settings options
change depending on the mode selected. If the wireless
radio is configured for a mode that:

Supports 802.11n, the following options are

displayed: Radio Band, Primary Channel, Secondary
•Channel.
Does not support 802.11n, only the Channel option is
•displayed.
Supports 5GHz 802.11n/a, the Enable DFS
•Channels option is displayed.
TIP: For optimal throughput speed solely for 802.11n clients, SonicWALL recommends the 802.11n Only radio
mode. Use the 802.11n/b/g Mixed radio mode for multiple wireless client authentication compatibility.

Table 72. Radio mode choices

2.4GHz 5Ghz Definition

2.4GHz 802.11n 5GHz 802.11n Only Allows only 802.11n clients access to your wireless network. 802.11a/b/g
Only clients are unable to connect under this restricted radio mode.

2.4GHz 5GHz 802.11n/a Supports 802.11b, 802.11g, and 802.11n clients simultaneously. If your
802.11n/g/b Mixed wireless network comprises multiple types of clients, select this mode.
Mixed
This is the default.

2.4GHz 802.11g If your wireless network consists only of 802.11g clients, you might select
Only this mode for increased 802.11g performance. You might also select this
mode if you wish to prevent 802.11b clients from associating.

2.4GHz 802.11g/b If your wireless network consists of both 802.11b and 802.11g clients, you
Mixed might select this mode for increased performance.

5GHz 802.11a Only Select this mode if only 802.11a clients access your wireless network.

5GHz 802.11n/a/ac Supports 802.11a, 802.11ac, and 802.11n clients simultaneously. If your
Mixed wireless network comprises multiple types of clients, select this mode.

5GHz 802.11ac Select this mode if only 802.11ac clients access your wireless network.
Only
If you chose 5GHz 802.11n Only, 5GHz 802.11a/n Mixed, or 5GHz 802.11a Only for Mode, optionally check Enable DFS Channels. Enabling
Dynamic Frequency Selection (DFS) allows wireless devices to share spectrum with existing radar systems in the 5GHz band. This setting is not
3selected by default.
If you did not specify a VAP group on the Settings tab, in the SSID field, enter a recognizable string for the SSID of each SonicPoint using this profile.
4This is the name that appears in clients’ lists of available wireless connections.
NOTE: If all SonicPoints in your organization share the same SSID, it is easier for users to maintain their wireless
connection when roaming from one SonicPoint to another.

5If the mode you selected supports:

• 802.11g only or 802.11a only, go to Step 6
•802.11n only or 802.11n mixed, go to Step 8
6 Only for 802.11a/g: Select the channel for the radio from the Channel drop-down menu:
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and
•integrity. This is the default setting. Use Auto unless you have a specific reason to use or avoid specific channels.
Specific channel: Select a single channel within the range of your regulatory domain. Selecting a specific a channel can also help
•with avoiding interference with other wireless networks in the area.

Table 73. 802.11g/802.11a channels

802.11g Channels 802.11a Channels

Channel 1 (2412 MHz) Channel 36 (5180 MHz)

Channel 2 (2417 MHz) Channel 40 (5200 Mhz)

Channel 3(2422 MHz) Channel 44 (5220 Mhz)

Channel 4 (2427 MHz) Channel 48 (5240 Mhz)

Channel 5 (2432 MHz) Channel 149 (5745 Mhz)

Channel 6 (2437 MHz) Channel 153 (5765 Mhz)

Channel 7 (2442 MHz) Channel 157 (5785 Mhz)

Channel 8 (2447MHz) Channel 161 (5805 Mhz)

Channel 9 (2452 MHz)

Channel 10 (2457 MHz)

Channel 11 (2462 MHz)

7If you selected 5GHz 802.11a Only or 2.4GHz 802.11g Only mode, go to Step 11.
8For 802.11n only or 802.11n mixed: From the Radio Band drop-down menu, select the band for the 802.11n radio:
Auto - Allows the appliance to automatically detect and set the optimal channel for wireless operation based on signal strength and
•integrity. This is the default setting.
•The Primary Channel and Secondary Channel drop-down menus are set to Auto and cannot be changed.
Standard - 20 MHz Channel - Specifies that the 802.11n radio will use only the standard 20 MHz channel. When this option is
•selected, the Channel drop-down menu is displayed instead of the Primary Channel and Secondary Channel drop-down menus.
Channel - By default, this is set to Auto, which allows the appliance to set the optimal channel based on signal strength and
integrity. Optionally, you can select a single channel within the range of your regulatory domain. Selecting a specific a channel can
also help with avoiding interference with other wireless networks in the area. The available channels are the same as for 802.11g
•in Step 6.
Wide - 40 MHz Channel - Specifies that the 802.11n radio will use only the wide 40 MHz channel. When this option is selected,
•the Primary Channel and Secondary Channel drop-down menus are displayed:
Primary Channel - By default, this is set to Auto. Optionally, you can specify a specific primary channel. The available channels are
•the same as for 802.11a in Step 6
•Secondary Channel - The configuration of this drop-down menu is set to Auto regardless of the primary channel setting.
Optionally, select the Enable Short Guard Interval checkbox to specify a short guard interval of 400ns as opposed to the standard guard interval of
9 800ns. This setting is not selected by default.
NOTE: This option is not available if 5GHz 802.11a Only or 2.4GHz 802.11g Only mode is selected.

A guard interval is a set amount of time between transmissions that is designed to ensure distinct transmissions do not
interfere with one another. The guard interval introduces immunity to propagation delays, echoes, and reflections. An AP
identifies any signal content received inside this interval as unwanted inter-symbol interference, and rejects that data. The
guard interval is a pause in transmission intended to avoid data loss from interference or multipath delays.
The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns (long). Enabling a short guard interval can
decrease network overhead by reducing unnecessary idle time on each AP. A short guard interval of 400 nanoseconds (ns) will
work in most office environments as distances between points of reflection, as well as between clients, are short. Most
reflections will be received quickly. The shorter the guard interval, the more efficiency there is in the channel usage, but a
shorter guard interval also increases the risk of interference
Some outdoor deployments, may, however, require a longer guard interval. The need for a long guard interval of 800 ns
becomes more important as areas become larger, such as in warehouses and in outdoor environments, as reflections and
echoes become more likely to continue after the short guard interval would be over.
Optionally, to enable 802.11ac or 802.11n frame aggregation, which combines multiple frames to reduce overhead and increase
10throughput, select the Enable Aggregation checkbox.
NOTE: This
option is not
available
if 5GHz
802.11a
Only or 2.4GHz
802.11g
Only mode is
selected.
 Data over wireless networks are sent as a stream of packets known as data frames. Frame aggregation takes these packets and
combines them into fewer, larger packets, thereby allowing an increase in overall performance. Frame aggregation was added
to the 802.11n specification to allow for an additional increase in performance. Frame aggregation is a feature that only
802.11n clients can take advantage of as legacy systems will not be able to understand the new format of the larger packets.
TIP: The Enable Short Guard Interval and Enable aggregation options can slightly improve throughput. They
both function best in optimum network conditions where users have strong signals with little interference. In
networks that experience less than optimum conditions (interference, weak signals, and so on), these options
may introduce transmission errors that eliminate any efficiency gains in throughput.

Select Enable MIMO to enable MIMO (multiple-input multiple output). Enabling this option increases 802.11n throughput by using multiple-
11input/multiple-output antennas.

This option is enabled by default for all 802.11n modes and is dimmed to ensure it is not disabled. The option is activated and
selected by default if 5GHz 802.11a Only or 2.4GHz 802.11g Only mode is selected.
IMPORTANT: To avoid compatibility issues, ensure the 802.11a or 802.11g wireless client also can support these
antennas. If the client cannot support these antennas, disable the option by deselecting it.

Disabling MIMO may cause weaker signal strength and lower throughput for some wireless clients. If you do
disable MIMO for compatibility, a confirmation message displays. Click OK to continue.
12If you:
• Did not select a VAP, go to Wireless Security .
Selected a VAP from the 802.11n Radio Virtual AP Group drop-down menu in the Virtual Access Point Settings section of
•the Settings tab, go to Virtual Access Point Encryption Settings .

Wireless Security
NOTE: If a VAP was selected in the 802.11n Radio Virtual AP Group drop-down menu on the Settings tab, this section
is not available. Instead, the Virtual Access Point Encryption Settings section is displayed. Go to Virtual Access Point
Encryption Settings .

1In the Wireless Security section, select the method of authentication for your wireless network from the Authentication Type drop-down menu:
NOTE: The options available change with the type of configuration you select.

1 2
WEP WPA WPA2 2.

WEP - Both (Open System & Shared Key) – default WPA - PSK WPA2-PSK

WEP - Open System 3 WPA - EAP WPA2-EAP

WEP - Shared Key WPA2-AUTO-PSK

WPA2-AUTO-EAP

1
For WEP - Both (Open System & Shared Key) and WEP - Shared Key, go to WEP Configuration .

2
For WPA and WPA 2 options, go to WPA or WPA2 Configuration: .

3
All options are dimmed; go to ACL Enforcement .

WEP Configuration
 WEP (Wired Equivalent Privacy) is a standard for Wi-Fi wireless network security.
A WEP key is a security code system for Wi-Fi networks. WEP keys allow a group of devices on a local network (such as a home
network) to exchange encoded messages with each other while hiding the contents of the messages from easy viewing by
outsiders.
You choose the WEP keys. When WEP security is enabled on a network, matching WEP keys must be set on Wi-Fi routers and
each device connecting over Wi-Fi, for them all to communicate with each other.
1Select the size of the encryption key from the WEP Key Mode drop-down menu:
None – Default for WEP - Both (Open System & Shared Key). If
selected, the rest of the options in this section remain dimmed; go
• to ACL Enforcement .
•64 bit
•128 bit
•152 bit - default for WEP - Shared Key
2 From the Default Key drop-down menu, select which key is the default key, that is, the key that is tried first when trying to authenticate a user:
•Key 1 (default)
•Key 2
•Key 3
•Key 4
3From the Key Entry drop-down menu, select whether the key is:
• Alphanumeric (default)
•Hexadecimal (0-9, A-F)
In the Key 1 - Key 4 fields, enter up to four possible WEP encryptions keys used when transferring encrypted wireless traffic. Enter the most likely to
4 be used in the field you selected as the default key:
NOTE: The length of each key is based on the selected key type (alphanumeric or hexadecimal) and WEP
strength (WEP Key Mode): 64, 128, or 152 bits.

•Key 1: First static WEP key associated with the key index.
•Key 2: Second static WEP key associated with the key index.
•Key 3: Third static WEP key associated with the key index.
•Key 4: Fourth static WEP key associated with the key index.
5Go to ACL Enforcement

WPA or WPA2 Configuration:

NOTE: The options change depending on the authentication type selected.

1From the Cipher Type drop-down menu, select the cipher to encrypt your wireless data:
AES (newer, more secure; default): AES (Advanced Encryption
Standard) is a set of ciphers designed to prevent attacks on wireless
networks. AES is available in block ciphers of either 128, 192 or 256
bits depending on the hardware you intend to use with it. In the
networking field, AES is considered to be among the most secure of
• all commonly installed encryption packages.
TKIP (older, more compatible): TKIP (Temporary Key Integrity Protocol) is not actually a cipher, but a set of security algorithms
meant to improve the overall safety of WEP (wired equivalent privacy networks). WEP is widely known to have a host of serious
•security vulnerabilities. TKIP adds a few extra layers of protection to WEP.
•Auto: the appliance chooses the cipher type automatically.
In the Group Key Interval (seconds) field, enter the period for which a Group Key is valid, that is, the time interval before the encryption key is
2changed automatically for added security. The default value is 86400 seconds (24 hours). Setting too low of a value can cause connection issues.
3If, from the Authentication Type drop-down menu, you selected:
•PSK authentication types, go to Step 4.
•EAP authentication types, go to RADIUS Server Settings .
For PSK authentication types only, in the Passphrase field, enter the passphrase your network users must enter to gain network
4access.
NOTE: This
option displays
only if you
configure WPA-
PSK, WPA2-
PSK, or WPA2-
AUTO-PSK for
your
authentication
type.

5Go to ACL Enforcement .

RADIUS Server Settings
NOTE: This option displays only if you selected WPA-EAP, WPA2-EAP, or WPA2-AUTO-EAP for your authentication
type.

Extensible Authentication Protocol (EAP) is available when using WPA or WPA2. This solution uses an external
802.1x/EAP-capable RADIUS server for key generation. An EAP-compliant RADIUS server provides 802.1X authentication.
The RADIUS server must be configured to support this authentication and all communications with the SonicWALL

1Click the Configure button. The SonicPoint Radius Server Settings dialog displays.

In the Radius Server Retries field, enter the number times, from 1 to 10, the firewall attempts to connect before it fails over to the other Radius
2server.
In the Retry Interval (seconds) field enter the time, from 0 to 60 seconds, to wait between retries. The default number is 0 or no wait between
3retries.
4To configure the Radius Server Settings, see Remote MAC Address Access Control Settings .
5Go to ACL Enforcement .

Virtual Access Point Encryption Settings

NOTE: This section displays only if a VAP was selected from the 802.11n Radio Virtual AP Group drop-down menu in
the Virtual Access Point Settings section of the Settings tab.

1Click Configure. The Edit 802.11n Virtual Access Point WEP Key dialog displays.

2From the Key Entry Method radio buttons, select whether the key is:
• Alphanumeric (default)
•Hexadecimal (0-9, A-F)
3 From the Default Key radio buttons, select the default key that is tried first when trying to authenticate a user:
•Key 1 (default)
•Key 2
•Key 3
•Key 4
In the Key 1 - Key 4 fields, enter up to four possible WEP encryptions keys to be used when transferring encrypted wireless traffic. Enter the
4most likely to be used in the field you selected as the default key.
• Key 1: First static WEP key associated with the key index.
•Key 2: Second static WEP key associated with the key index.
•Key 3: Third static WEP key associated with the key index.
•Key 4: Fourth static WEP key associated with the key index.
5 From the Key Type drop-down menus, select the size of each key:
•None (default)
•64-bit
•128-bit
•152-bit
6Click OK.

ACL Enforcement

Check the Enable MAC Filter List checkbox to enforce Access Control by allowing or denying traffic from specific devices. By default, this option is
1not selected, and the Allow List and Deny List options are dimmed.
2From the Allow List drop-down menu, select a MAC address group to allow traffic automatically from all devices with a MAC address in the group:
•Create new Mac Address Object Group… – The Add Address Object Group dialog displays.

a In the Name field, enter a friendly name for the address object group.
bSelect one or more objects from the left column.
cClick the Right Arrow button to move the selection(s) to the right column.
Repeat Step b and Step c until all you have selected all the objects you want
d for the address object group.
eClick OK. The new group becomes the default selection in the Allow List drop-down menu.
• All MAC Addresses
TIP: It is recommended that the Allow List be set to All MAC Addresses.

•Default SonicPoint ACL Allow Group

•Custom MAC Address Object Groups
From the Deny List drop-down menu, select a MAC address group from the drop-down menu to automatically deny traffic from all devices with MAC
3address in the group.
IMPORTANT: The Deny List is enforced before the Allow List.

Create new Mac Address Object Group… – The Add Address Object Group dialog displays. For configuring the address object
•group, see Step a.
•No MAC Addresses
•Default SonicPoint ACL Deny Group
TIP: It is
recommended
that the Deny
List be set
to Default
SonicPoint
ACL Deny
Group.

•Custom MAC Address Object Groups

Optionally, select Enable MIC Failure ACL Blacklist to detect WPA TKIP MIC failure floods and automatically places the problematic wireless
station(s) into a blacklist to stop the attack. As wireless clients generate the TKIP countermeasures, they are also moved automatically into blacklist,
4 so the other wireless stations within the same wireless LAN network are not affected. By default, this setting is not selected.
Enter the maximum number of MIC failures per minute in the MIC Failure Frequency Threshold field; default is 3. After the
5threshold is reached, the source is blacklisted.
TIP: When a
source is
blacklisted, it
is added to the
dynamically
created Default
SonicPoint ACL
Deny Group.
You can view
this on
the Network >
 Address
Objects page.

6If you:
Did not specify a VAP on the Settings tab, go to Remote MAC Address
• Access Control Settings .
•Specified a VAP on the Settings tab, go to Advanced Tab .

Remote MAC Address Access Control Settings

IMPORTANT: If a VAP was selected in the 802.11n Radio Virtual AP Group drop-down menu on the Settings tab, this
section is not available. Go to Advanced Tab .

If an EAP authentication type was selected in the Authentication Type drop-down menu, this message is displayed:
Remote MAC address access control can not be set
when IEEE 802.11i EAP is enabled.
Click OK.

Check the Enable Remote MAC Access Control checkbox to enforce radio wireless access control based on MAC-based authentication policy in a
1remote Radius server.
2Click Configure. The SonicPoint Radius Server Global Settings dialog displays.

For the procedure in configuring the settings on the SonicPoint Radius Server Global Settings dialog, see Remote MAC Address Access Control
3Settings .
4Click OK.

Advanced Tab

In the Advanced tab, configure the performance settings for the 802.11n radio. For most 802.11n advanced options, the default
settings give optimum performance.
 NOTE: Except for two settings, the advanced settings are the same for both VAP and non-VAP profiles. The differences
are noted in the procedure.

1Click the Advanced tab.

2If you:
•Selected a VAP on the Settings tab, go to Step 3.
Did not select a VAP on the Settings tab, optionally select Hide SSID in Beacon to have the SSID send null SSID beacons in place of
advertising the wireless SSID name. Sending null SSID beacons forces wireless clients to know the SSID to connect. This option is
•unchecked by default.
From the Schedule IDS Scan drop-down menu, select a schedule for the IDS
(Intrusion Detection Service) scan. Select a time when there are fewer demands on
the wireless network to schedule an IDS scan to minimize the inconvenience of
dropped wireless connections. You can create your own schedule by
selecting Create new schedule or disable the feature by
3selecting Disabled (default).
NOTE: IDS offers a wide selection of intrusion detection features
to protect the network against wireless threats. This feature
detects attacks against the WLAN Infrastructure, which consists of
authorized APs, the RF medium, and the wired network. An
authorized or valid-AP is defined as an AP that belongs to the
WLAN infrastructure. The AP is either a SonicPoint or a third party
AP.

4From the Data Rate: drop-down menu, select the speed at which the data is transmitted and received.

Best (default) 9 Mbps 18 Mbps 36 Mbps 54 Mbps

6 Mbps 12 Mbps 24 Mbps 48 Mbps

Best automatically selects the best rate available in your area given interference and other factors. Best is the default and is
the only choice if you selected a VAP on the Settings tab.
5From the Transmit Power drop-down menu, select the transmission power, which affects the range of the SonicPoint:
• Full Power (default)
•Half (-3 dB)
•Quarter (-6 dB)
•Eighth (-9 dB)
•Minimum
From the Antenna Diversity drop-down menu, select Best, the default. The Antenna Diversity setting determines which antenna the SonicPoint uses
6to send and receive data. When Best is selected, the SonicPoint automatically selects the antenna with the strongest, clearest signal.
In the Beacon Interval (milliseconds) field, enter the number of milliseconds between sending out wireless SSID beacons. This interval represents the
amount of time between beacon transmissions. Before a station enters power-save mode, the station needs the beacon interval to know when to
7wake up to receive the beacon (and learn whether there are buffered frames at the access point).

The minimum interval is 20 milliseconds, the maximum is 1000, milliseconds, and the default is 100 milliseconds.
In the DTIM Interval field, enter the interval, in milliseconds, between the sending of Delivery Traffic Indication Messages (DTIMs) in the beacon. This
interval is the maximum number of beacon cycles before unacknowledged network broadcasts are flushed. When using wireless clients that use
power management features to sleep, the client must revive at least once during the DTIM period to receive broadcasts. 802.11 power-save mode
8clients are alerted of incoming multicast packets.

The minimum interval is 1 millisecond, the maximum is 255 milliseconds, and the default is 1 millisecond.
In the Fragmentation Threshold (bytes) field, enter the number of bytes of fragmented data you want the network to allow. The fragmentation
threshold limits the maximum frame size. This reduces the time required to transmit the frame, and therefore reduces the probability that the frame
will be corrupted (at the cost of more data overhead). Fragmented wireless frames increase reliability and throughput in areas with RF interference
9or poor wireless coverage. Lower threshold numbers produce more fragments.

The minimum is 256 bytes, the maximum is 2346 bytes, and the default is 2346 bytes.
In the RTS Threshold (bytes) field, enter the number of bytes of the Request to Send (RTS) threshold. The RTS threshold specifies the frame size
the transmitter must use. Fragmented wireless frames increase reliability and throughput in areas with RF interference or poor wireless coverage.
Wireless clients transmitting frames larger than this threshold must issue Request to Send (RTS) and wait for the AP to respond with Clear to Send
(CTS). This option also not only can be used to avoid hidden node problems, but also helps prevent mid-air collisions for wireless clients that are not
within wireless peer range and cannot detect when other wireless clients are transmitting or in range of the same access point, but may not in range
10of each other.

The minimum value is 256 bytes, the maximum is 2346 bytes, and the default is 2346 bytes. The default value used by many
vendors is 2346 bytes. Lower threshold numbers produce more fragments.
In the Maximum Client Associations field, enter the maximum number of clients you want each SonicPoint using this profile to support on this radio
11at one time. The minimum number is 1 client, the maximum is 128 clients, and the default is 32 clients.
In the Station Inactivity Timeout (seconds) field, enter the maximum length of wireless client inactivity, in seconds, before access points age out
12the wireless client. The minimum period is 60 seconds, the maximum is 36000 seconds, and the default number is 300seconds.
13If you:
• Did not select a VAP on the Settings tab, go to Step 14.
Selected a VAP on the Settings tab, from the Preamble Length drop-down menu, select the length of the preamble—the
•initial wireless communication sent when associating with a wireless host: Long or Short.
From the WMM (Wi-Fi Multimedia) drop-down menu, select whether a WMM
14 profile is associated with this profile:
•Disabled (default)
Create new WMM profile. The Add Wlan WMM Profile window displays. For information about configuring a WMM profile,
•see Configuring Wi-Fi Multimedia Parameters .
•Configured WMM profile

Sensor Tab
In the Sensor tab, you enable or disable Wireless Intrusion Detection and Prevention (WIDP) mode.
IMPORTANT: If this option is selected, Access Point or Virtual Access Point(s) functionality is disabled automatically.

1Check the Enable WIDF checkbox to have the SonicPoint N operate as a dedicated WIDP sensor.
From the drop-down menu, select the schedule for when the
SonicPoint N operates as a WIDP sensor or select Create new
• schedule… to specify a different time; default is Always on.
2Click OK.