Sonicpoint: How-to

| Sunday, January 30th, 2011 | 18 Comments »

SonicWALL comes with nifty little access points called Sonicpoint’s. They can either be plugged in directly to your SonicWALL TZ or NSA series firewalls. They are PoE capable which makes installation a breeze if plugging them into PoE(802.3af) capable switchports.

If you do not have PoE switchports, you will need their power injector which I am using in this blog.

What I’m going to show you are the quick steps to get one up and running so you can see how easily these devices can be configured in your existing network.

Power Injector

Take a straight-through Cat5 cable and plug it into the “Data In” port, and plug the other end into a spare port on your firewall. I will be using X6. Once done, you’ll get a solid green light for your LED Port. Also make sure that you have plugged in the actual power cord that comes with the injector. If done properly, you’ll have a solid green light next to your LED AC light.
Now take another straight-through cable and plug the “Data&Power Out” port into your Sonicpoint. I am using a Sonicpoint Ni in this lab.

You’ll need to now jump on your firewall and configure your X6 port (or the port you have chosen) to be part of the WLAN zone. Once you establish this, the Sonicpoint will begin to be detected via it’s SDP protocol.

Click for larger image

As you can see here, I’m giving my wireless network 192.168.50.x range. I always like to include HTTPS and PING for management reasons. This is up to you to decide based on your company’s policy. As soon as the the Sonicpoint is detected, it is autmatically given an IP address within the DHCP scope of the WLAN network.

In my case, my Sonicpoint was given an IP address of 192.168.50.239. I always like to use PING to make sure my devices are up. (if PING is enable of course. I jump over to the diagnostics page to ping 192.168.50.239 and you can see that it is alive!

Click for larger image

So what’s next?

Now that the Sonicpoint has fully established a connection. It will go through a series of checking its firmware and updating it if necessary. In my next series of screenshots below, you’ll see that it first checks for firmware, downloads if necessary, and then goes into operational state! You can find this page in the “Sonicpoints” category in your navigation menu.

Connecting to our new WLAN

Our assigned SSID is: sonicwall-542C, as you can see in the following screenshots, my laptop quickly discovers the new SSID that is being broadcasted. Clicking on this SSID allows me to connect right away, receive an IP address from the DHCP scope and ping Google! It’s that simple!

Final Thoughts

There’s a lot of advantages when using one centrally managed system to control access to your network. I’ve seen many networks where they’ve naturally hung a D-Link or Linksys off their main network for guest access. Then they start hanging more of these WAP’s for other types of network access and it grows out of control.

If you are in the position to replace these and go with one nice clean system, I would recommend it. You can take advantage of the features within your firewall such as: content filtering, anti-virus, anti-spyware, IPS for example. It’s also easier to provide guest access to your printer segment, assuming you have one.

You can daisy-chain these or spread them out and still be part of one large guest network in multiple locations! The advantages become clearer as you deploy multiple Sonicpoints in your networking environment.

I’ll go into more details in future blogs of how you can secure your WLAN and even connect them from multiple buildings without directly connecting to the firewall itself!

In my case, my Sonicpoint was given an IP address of 192.168.50.239. I always like to use PING to make sure my devices are up. (if PING is enable of course. I jump over to the diagnostics page to ping 192.168.50.239 and you can see that it is alive!
Share
  • Pingback: Tweets that mention BrandonTek » Blog Archive » Sonicpoint: How-to -- Topsy.com()

  • Pingback: BrandonTek » Blog Archive » Solution to your SonicPoint WLAN woes.()

  • Anonymous

    Brandon, is there a way for the wireless APs to share the same network subnet as the LAN? I would prefer the clients on wireless to be on the same network segment.

  • http://www.brandontek.com admin

    Hey there,

    Sure, there is a feature called “stand alone mode”. However for the newer Sonicpoint-N devices, this feature is no longer supported.
    The stand alone mode is basically when the Sonicpoint directly connects to the LAN zone, instead of being part of the WLAN zone.

    Hope that helps!

  • http://twitter.com/brandontek Brandon Kim

    Hey, sorry for the late reply, I had responded earlier but for some reason it didn’t go through?

    Anyways, if you have the newer Sonicpoint-N, then it does have to be on its own network. Apparently though, if you have the older b/g, you can set it up in standard mode and it will work with your current LAN.

    Let me know if you have anymore questions!

  • Anonymous

    Hmm, that seems like a disadvantage to having the wirless give seameless integration with the LAN and I wouldn’t think it would be that hard of a feature to include. Maybe there are other reasons for this however….

  • http://twitter.com/brandontek Brandon Kim

    Hi there,

    My apologies for the delay, very busy around here. I wanted to let you know that this can be accomplished very easily. All you need to do is make sure that the port that the SonicPoint plugs into is set for “layer 2 bridged mode” and have it applied to the LAN port, which typically will be X0.

    Once you do that and connect the SonicPoint, it picks up an IP address from that same LAN zone right away (for itself) and anyone connecting to it, will get an IP address on that same LAN zone.

    Now, I’m not sure if the TZ 210W (TZ 210’s with built-in wireless) supports this or not, but I have verified that SonicPoints work in this setup.

    Hope that helps!

    FYI – This was tested on SonicOS 5.8 with SonicPoint Ni.

  • Tom Lyczko

    I see this about layer 2 bridged mode — SonicWall support had me do this — but the SonicPoint is NOT directly connected to the NSA3500.

    Then how do I set up the SonicPoint to get its firmware etc.?? Do I set the X3 port as L2 bridged temporarily only??

    Also, something went seriously wrong with the above layer 2 bridged etc. but I do not know what because 1) the SonicPoint never got picked up by the NSA3500, perhaps due to not being directly plugged into the NSA3500 (5.8.x firmware); 2) all our VPNs went down and only rebooting the NSA3500 fixed this.

    Does anyone reading this know of other good writeups about setting up SonicPoints?? Particularly to HP switches??

    Thank you, Tom

  • http://twitter.com/BlindTheNet BlindTheNet

    Thanks so much for the help brandon.

    Without reading this guide and your other on the sonicwall and sonic point, There was no way I would have gotten my configuration working.
    We had around 60 people without connectivity, and their all up thanks to you!

    The only thing i need to figure out know is how to get the sonic points and main sonic wall to work seamlessly up and down floors (1 sonic point per floor). Im broadcasting the same SSID, but most devices have problems accounting for the different accesspoint(sonicpoint), most likely due to the ip range change?

  • http://twitter.com/brandontek Brandon Kim

     Great to hear and glad the info above was helpful!

    In regards to your issue, since I don’t know enough about your exact setup, on a general high level point of view, you can take all the sonicpoints on each floor, connect them to the same switch (like a small 5-port Netgear switch)  so they will be on their own isolated VLAN. The switch will act as a central “hub” for your sonicpoints.
    Then from that switch, you connect it to the firewall. The broadcasting between the SP’s will now be handled from your little switch that’s connecting them together.

    I don’t know if that is even close to your issue but give it some thought…..

    If that doesn’t resolve your issue, it could just very well be that they are out of wireless range when roaming between floors, so by the time they pick up the SP, they are provided a different IP address…

  • Butch

    Brandontek, Do i have to connect directly to the back of the firewall appliance or i could connect to any port on my secondary switch? Would the sonicwall firewall and sonicpoint see each other?

  • brandontek

    Hi Butch,

    You can only use a switch and connect the sonicpoint to that switch if they are all on the same VLAN. This is because the protocol is layer2 based and cannot be routed.

  • Butch

    Yes i think thats what i have, its just a remotely located switch that is patched to the main switch and to the firewall lastly

  • Fred

    Using a TZ210. Trying to add a Sonicpoint NE. When I try to configure the port (using x4) and put in a static IP it gives me this error. (Subnet on this interface overlaps with another interface) Already have the built in wireless (w0) bridged to the x0. Kinda stumped at this point. Any help would be deeply appreciated.

  • brandontek

    Hi Fred:

    Please take a look at your other interfaces and specifically their subnet, this is most likely what the error is indicating, that there is an overlap somewhere…

  • Fred

    It is an overlap. I’m not wanting the Sonicpoint to issue out it’s own separate IPs and subnet. I’m simply trying to use the Sonicpoint as an extension of our wireless. It is in the other side of our building. It won’t allow me to put it in bridge mode or portshield mode either. The TZ210 already has wireless built in and that is being used to bridge to X0. So i’m kind of at a loss. I read somewhere where it won’t allow for a second wireless. Is that true? If so, I guess I’m looking to do something completely different at that point.

  • brandontek

    Yes that’s correct. The Sonicpoint wireless network needs to be on a separate LAN and it cannot share the same network as the built-in wireless.

    There is an undocumented feature, depending on your firmware that will allow you to bridge your wireless network to the LAN if you go here:

    http://yourfirewallip/diag.html

    Of course any changes here is not supported by SonicWALL and your mileage may vary as far as performance goes!

    Good luck!

  • Garry Masters

    My nsa2400 was updated to 5.9.0.4 but I did not notice any sonicpoint update occur- “MySonicWall.com reports them as being 3.5 but the nsa2400 says ‘all operational sonicpoints are at 6.1.0.2_21 ?????. Mysonicwall.com has NO click for sonicpoint download like some of the tech papers say? What to do,, my throughput is bad and I am suspecting mismatched fw.???