How To – Configure Wireless Local Area Network (WLAN)
Applicable Version: 10.02.0 Build 224 onwards
Applicable Models: Wi-Fi Models Only
Overview
A local area network that uses high frequency radio signals to transmit and receive data using
Ethernet protocol is termed as WLAN. A WLAN can be either an extension to a current wired network
or an alternative to it. A WLAN allows users to move around while keeping their computers connected.
This article describes a detailed configuration example that demonstrates how to configure Wifi
Access points using Cyberoam to provide real-time network protection and high-speed wireless
connectivity.
Scenario
INTERNET
DMZ ZONE
10.10.1.0/24
WAN
172.16.16.0/24
File Server
10.10.1.2/24
ADS
10.10.1.3/24
ERP
10.10.1.4/24
ENGINEERING
ZONE
M
MARKETING
LAN
S
LE E
SA ON
Z
AR
ZO KE
N TIN
E G
DMZ
2.2.2.1/24
SALES
10.10.10.0/24
172.16.1.0/24
ENGINEERING
192.168.1.0/24
Throughout the article we will use the network parameters displayed in the given network diagram.
As shown in the network diagram, Cyberoam is deployed in gateway mode with 3 servers – File
server, Domain Controller: ADS and ERP server are hosted in DMZ zone. Three LAN Zones are
created for 3 departments – Marketing, Engineering and Sales. Marketing department needs access
How To – Configure Wireless Local Area Network (WLAN)
of File server while Sales department needs access of ERP server. Engineering team needs access
to all the 3 servers hosted in DMZ zone.
Zone
IP Subnet
SSID
MARKETING
10.10.10.0/24
MARKETING
SALES
172.16.1.0/24
SALES
ENGINEERING
192.168.1.0/24
ENGINEERING
DMZ
10.10.1.0/24
NIL
WAN
172.16.16.0/24
NIL
Configuration
You must be logged on to the Web Admin Console as an administrator with Read-Write permission
for relevant feature(s).
Step 1. Create Custom Zones for Sales, Marketing and Engineering
Go to Network > Interface > Zone and click Add to add a new zone for SALES department.
Parameter
Name
Value
Description
Sales
Specify a name to identify the
Zone. Duplicate names are not
allowed.
How To – Configure Wireless Local Area Network (WLAN)
LAN
Select Zone Type : LAN or DMZ
Admin Services
HTTP: Enabled
HTTPS: Enabled
TELNET:Disabled
SSH: Disabled
Check/Uncheck to
Enable/Disable Admin Services
that should be allowed through
this zone.
Authentication Services
Check/Uncheck to
Windows/Linux Client: Enabled
Enable/Disable Authentication
Captive Portal: Enabled
Services that should be allowed
NTLM: Disabled
through Zone.
Network Services
DNS: Enabled
Ping/Ping6: Enabled
Check/Uncheck to
Enable/Disable Network
Services that should be allowed
through Zone.
Web Proxy: Enabled
SSLVPN: Enabled
Check/Uncheck to
Enable/Disable Other Services
that should be allowed through
Zone as per requirement.
Type
Appliance Access
Other Services
Similarly, create zones for Marketing and Engineering departments.
Step 2. Add Access Points
By default, all WiFi Appliances include a wireless interface called WLAN1 and support up to seven
additional wireless interfaces to be configured as Access Points. All the configured access points use
the same wireless parameters.
Note:
If you have not assigned any zone to the default wireless interface: WLAN1, you will not be allowed to
add additional access points.
Go to Network > Wireless LAN > Access Point and click Add to create access point. Create an
Access Point for Sales zone with “Sales-WiFi” as SSID as shown in the table below.
Parameter
Value
Description
Zone
Sales
Specify the Zone in which Access
Point is to be created
IP Address
172.16.1.1
Specify IP Address
Netmask
/24 (255.255.255.0)
Specify Netmask
SSID
Sales-WiFi
Broadcast SSID
Enable
Security Mode
WEP-Auto
Select the Security Mode.
Key Entry
cyberoam
Select Key entry mode
Available
Options:
Hexadecimal
Specify the Service Set Identifier
(SSID) by which the WLAN is to be
identified
Enable if you want to broadcast the
SSID, i.e., make the WLAN
discoverable.
ASCII
or
How To – Configure Wireless Local Area Network (WLAN)
Key Length
Disable
Select the length of security key. A
longer key length ensures better
security.
Available Options: 64 bit or 128 bit
Key
12345
Specify
security
authentication.
255
Specify the maximum number of
clients that are allowed to connect
across all the access points
simultaneously.
Default - 255
Maximum Clients allowed range 1 to
255
Maximum Clients
key
Click OK to add the Access Point. You are immediately asked to configure the DHCP Server linked
with this Access Point as shown below.
for
How To – Configure Wireless Local Area Network (WLAN)
Step 3: DHCP Configuration
Click Configure DHCP Server >> to configure the DHCP Server linked to WLAN2 created in step 2.
Set parameters according to the table given below.
Parameter
Value
Description
Name
Sales DHCP Server
Name to identify the Server.
Interface
WLAN2 – 172.16.16.1
Select internal interface
Lease Type
Dynamic
Select Lease Type.
Lease IP Range
172.16.16.2 – 172.16.16.20
Specify range of IP addresses
that are to be leased.
Subnet Mask
/24 (255.255.255.0)
Specify Subnet Mask.
Domain Name
cyberoam.com
Specify domain name that the
DHCP server will assign to the
DHCP Clients.
Gateway
Specify IP address for default
Use Interface IP as Gateway:
Gateway or click “Use Interface
Enabled
IP as Gateway”
Default Lease Time
1440
Specify Default Lease Time.
Max Lease Time
2880
Specify Maximum Lease Time
Enabled
Enable Conflict detection to
check the IP before leasing i.e. if
enabled the already leased IP will
not be leased again.
Conflict Detection
How To – Configure Wireless Local Area Network (WLAN)
DNS Server
Click “Use Appliance’s DNS
settings” to use appliance DNS
Use Appliance’s DNS Settings:
server or specify IP address of
Enabled
Primary and Secondary DNS
servers.
Similarly, create Access Points for Marketing and Engineering departments.
Step 3. Add IP Hosts
Go to Objects > Hosts > IP Host and click Add to add IP hosts for File server, ADS and ERP server,
as shown below, for ERP Server.
How To – Configure Wireless Local Area Network (WLAN)
Step 4. Configure firewall rules
Go to Firewall > Rule > Rule and click Add to configure firewall rule to allow access of Sales
department to access the ERP Server in DMZ Zone as shown in the image below.
Similarly, create Firewall Rule for Marketing and Engineering departments for enabling access of the
servers, based on the requirement as given in the Scenario.
Document Version 2.0 – 10 October, 2014