Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
0
Helpful
2
Replies

WLSE / Security / Authentication advice

mark_Bayliss
Level 1
Level 1

‎02-08-2007 06:03 PM - edited ‎07-03-2021 01:36 PM

Good Afternoon Everyone,

We have WLSE currently setup with around 30x Aironet 1200 AP's and 10x 1130 AP's. Unfortunately there are no security or encryption. I was wondering what is the best way to provide security. We are a Windows 2003 domain as well.

cheers,

Mark

Labels:
0 Helpful
2 Replies 2

Rob Huffman
Hall of Fame
Hall of Fame

‎02-09-2007 06:53 AM

Hi Mark,

Wireless Security is a very complex issue (as you have probably discovered) To recommend a "best" way to secure your environment in this forum would be doing you a real disservice :( I have attached some good "getting started" type Security docs) and would suggest having a good read of them. You may also want to engage your Cisco partner and Cisco SE to help you plan and implement this most important function of Wireless.

Wireless LAN Security White Paper

http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns386/networking_solutions_white_paper09186a00800b469f.shtml

Five Steps to Securing Your Wireless LAN and Preventing Wireless Threats

http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns386/networking_solutions_white_paper0900aecd8042e23b.shtml

WLAN Security considerations (Part of WLAN SRND Guide)

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns178/c649/ccmigration_09186a00800d67eb.pdf

Wireless LAN Security Solution

http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd801e3e59.html

I truely hope this helps you on your way with this excellent endeavour!

Rob

0 Helpful

rcoblentz
Level 1
Level 1

‎02-15-2007 07:51 PM

I would recommend that you set up a lab to set up your security for the wireless and then test it. Once you get the design down for the wireless and have tested it, you may want to have your security department or IT auditors give it a vulnerability test.

We did ours years ago and did such things as switch port mac address security so nobody could plug in an A/P and get on our network.

We put wireless on a seperate vlan considered to be unsecure.

We installed a soon to be EOL 3030 VPN to provide the AAA/encryption/tunneling and placed the 3030 in a secure computer room. Only after the AAA encrypted session coming in could you get onto the secure backbone vlan.

We installed the VPN encryption software on all PC's to encrypt/de-encrypt the traffic in a VPN tunnel.

We installed mac filtering on all A/P.

Now Cisco has the new ASA5500 series security appliances and it is really much better than the old 3030/3060 VPN's.

See your Cisco Rep, they have come a long way since we put ours in.

Word of caution, watch using inexperienced people updating your network....especially contractors. We took our lab equipment out of the box and accessed a secure network a block away for a very sensitive government facility because they did not reapply their security features and they accepted defaults after an upgrade.

Good Luck,

Ron

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card