Guest Access Security

Unanswered Question
Oct 3rd, 2007

We have two wireless controllers in the DMZ that we use for guest access only. Right now the management, ap-management and dhcp addresses for users are all on the same IP segment. I know that's not the most secure way to deploy and wondered what the best practice is for this situation.

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ericgarnel Thu, 10/04/2007 - 07:20

It would be better if you were to seperate out the guest users into their own wlan/vlan/subnet. Assuming that the dmz endpoint allows for multiple subnets and/or vlan/subintefaces (PIX or IOS) You could then drop the guests into a subnet that can only access the internet and not any other local networks. This can also be acheived or aided by ACLs the wlan(s) as well.

Actions

This Discussion

 

 

Trending Topics - Security & Network