NETGEAR UTM10 - ProSecure Unified Threat Management Appliance Application Note
Application note: deploy a prosecure utm in a multi ssid multi vlan network
Hide thumbs
Also See for UTM10 - ProSecure Unified Threat Management Appliance:
- Reference manual (645 pages) ,
- Installation manual (2 pages) ,
- Reference manual (631 pages)
Advertisement
Quick Links
UTM (Unified Threat Management) in a multi-SSID multi-VLAN network with
traffic separation
This document describes the steps to undertake in configuring a UTM 10 (Firmware version
1.0.16-0) and a WNDAP330 (Firmware version 3.0.3) to host a multi-SSID and multi-VLAN
network.
The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs
configured, from any other VLAN which will exist on the Wired or Wireless LAN – maintaining
same VLAN communication.
The diagram below shows a typical scenario.
UTM Port 1 to AP LAN
AP configuration (WNDAP330)
LAN IP
192.168.1.235
Untagged VLAN: 1 – Management VLAN: 1
–
SSID Corporate
VLAN 1(ID 1)
–
SSID Guest
VLAN 20 (ID 20)
SSID Engineering –
VLAN30 (ID 30)
UTM 10 Configuration
LAN IP
192.168.1.1
VLAN1 (Corporate - default)
IP 192.168.1.1
Membership: Port 1, 2, 3, 4
DHCP enabled 192.168.1.x/24
VLAN20 (Guest1)
IP 192.168.20.1
Membership: Port 1
DHCP enabled 192.168.20.x/24
VLAN30 (Engineering)
IP 192.168.30.1
Membership: Port 1
DHCP enabled 192.168.30.x/24
Corporate
Guest
Engineering
UTM Port 2 to Switch 0/1
Layer 2/ Layer 3 switch configuration
LAN IP
192.168.1.239
Management VLAN: 1
Membership : all ports Untagged in
VLAN1
Internet
Wired LAN 192.168.1.x/24
Version 2.0
Advertisement
Related Manuals for NETGEAR UTM10 - ProSecure Unified Threat Management Appliance
Summary of Contents for NETGEAR UTM10 - ProSecure Unified Threat Management Appliance
- Page 1 UTM (Unified Threat Management) in a multi-SSID multi-VLAN network with traffic separation This document describes the steps to undertake in configuring a UTM 10 (Firmware version 1.0.16-0) and a WNDAP330 (Firmware version 3.0.3) to host a multi-SSID and multi-VLAN network. The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or Wireless LAN –...
-
Page 2: Table Of Contents
Table of Contents Network Setup ........................3 Physical setup ....................... 3 Logical setup ......................... 3 UTM10 Configuration ...................... 4 Create a new VLAN ..................... 4 AP configuration (WNDAP330) ..................5 Create a new SSID ...................... 5 Further Notes ........................6 Testing ........................... -
Page 3: Network Setup
Network Setup Physical setup Layer 2/Layer 3 switch Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (default) IP 192.168.1.1 Membership: Port 1, 2, 3, 4 DHCP enabled 192.168.1.x/24... -
Page 4: Utm10 Configuration
Default VLAN concept. Changing the Default VLAN for a Port will be equivalent to changing the PVID of the port on for example a Netgear switch 802.1q capable. A port member of multiple VLANs will be instead be the equivalent of setting an 802.1q trunk port, as long as the... -
Page 5: Ap Configuration (Wndap330)
Create a new SSID Access the AP configuration via Security, Profile settings (by default all only the SSID Netgear is active, whilst all the SSIDs are assigned to VLAN 1 In the bottom of the page click on Edit to modify the Netgear profile name and SSID to Corporate –... -
Page 6: Further Notes
Further Notes Testing Testing can be performed by connecting a Wireless client to each of the SSID alternatively (i.e. Corporate, Guest, Engineering) and trying to access the Internet or ping the IP address assigned to the UTM in the VLAN associated to the SSID. Ensure the Wireless client obtains an IP address from a DHCP server or hard-code an IP address relevant to the VLAN the Wireless client will be connecting to.