http://thebeagle.itgroove.net/2012/07/24/sonicwall-virtual-access-point-vap-configuration/

This blog post is from July 2012, but still provides a good understanding including screen shots about the correct use case of Dell SonicWALL VAP services

So, just what is a VAP anyway? In Sonicwall terms as VAP is a security profile and access point configuration that is overlaid on top of a physical Sonicpoint access point OR on top of the Sonicwall built-in access point on any Sonicwall "W" model which provides all of the connectivity (and security restrictions) of a physical access point. (Whew! Long sentence!!). A given Sonicwall or Sonicwall W model can support multiple VAP’s over the same physical hardware (the number varies according to the Sonicwall itself as well as the Sonicpoint model).

So, why would you want to use VAP’s? That’s a good question with a pretty straightforward answer — you want to provide multiple types of wireless connectivity, say GUEST and CORPORATE, that would normally be provided by multiple physical AP’s and multiple physical networks over a single Sonicpoint, group of Sonicpoints and/or the AP built into the Sonicwall W model. This is sort of the "buy one get one free" school of AP’s but why not? The stuff works and works well. And for those of you that aren’t in the Sonicwall world I’m fairly certain that a number of the other UTM (Unified Threat Management) firewall vendors as well as some of the networking vendors provide similar capabilities. My experience and expertise is with Sonicwall so I’ll stick with what I know for this post.

OK, so what do you need to construct a VAP? First off you need a Sonicwall/SonicPoint combination or a Sonicwall W model. For purposes of this post I’ll be focusing on Sonicpoints but the concepts are identical for the internal AP in the W models. A Sonicpoint is a Sonicwall-specific access point that requires a Sonicwall firewall in order to do any useful work. All Sonicpoints are initialized by and controlled from their parent Sonicwall firewall. A Sonicpoint without a parent Sonicwall firewall is just so much circuitry and plastic and about as useful as your average door stop. There are a few different types of Sonicpoints but they all work on the same basic principles so I won’t elaborate on their differences here.

Second, you need to design your wireless network and define what your various VAP’s are going to do (who is their user audience and what are the security constraints that are required by those audiences) so that you can then define "security profiles" for each VAP. We (itgroove) deal with lots of smaller companies and their usual profile requirement is what I mentioned earlier, they require on set of AP rules for CORPORATE and another for GUEST. In almost all cases the needs are pretty clear — CORPORATE will provide secured wireless access on the inside of the CORPORATE LAN for authorized corporate users while GUEST will provide Internet-only access on it’s own separate network segment (subnet) to guests within the office. At no point will the GUEST wireless network be granted access into the corporate LAN.

Obviously you need to decide on your security preferences (WPA-2 and so forth) for the two networks but that is no different from any other AP configuration.

OK, so now comes the fun part, the configuration!

http://thebeagle.itgroove.net/2012/07/24/sonicwall-virtual-access-point-vap-configuration/