Wireless Controller supporting both Guest VLAN and Corporate VLAN

Unanswered Question
Mar 30th, 2007

I have an issue supporting both a Guest VLAN and Corporate VLAN from one Controller. We have members of our security staff that discusses the weakness the the VLAN approach to reside internally within the Corporate network prior to going out the Firewall as a Guest VLAN. But when you put it in a DMZ they see weaknesses to allowing VLAN's transferring through the Firewall. They are also very concerned that if a misstake is made on the controller for the Guest VLAN then this would compromise all Corporate Traffic within the Corporate Network...

The only recourse that makes everyone happy is to purchase two controllers one physically located in the dirty net and the other physically located in the corporate net with a completely different set of WAP's. Due to the cost and support this will soon become a nightmare. Has anyone been faced with this problem in their corporate network? Would appreciate any help...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bporter78 Fri, 04/06/2007 - 09:50

Get yourself the lightweight access points and a wireless lan controller. This will then allow central management and setup of all your access points, allowing setup of a corporate vlan which can do certificate based authentication for all your coporate devices, and a guest vlan which you can have a 128bit key you give out to those that require guest access.

It also allows you to monitor connectivity across your wireless lan, and identify rogue access points and wi-fi client attacks etc.

If you add in the locater appliancce too then you can actually track either real-time or one device at a time (depending on the licence), to enable you to locate where all wireless clients are, which can help track down wireless devices and clients attempting to hack into your network.

Actions

This Discussion