Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
1
Replies

Guest Access Security

Mark Pottebaum
Level 1
Level 1

‎10-03-2007 05:56 AM - edited ‎07-03-2021 02:42 PM

We have two wireless controllers in the DMZ that we use for guest access only. Right now the management, ap-management and dhcp addresses for users are all on the same IP segment. I know that's not the most secure way to deploy and wondered what the best practice is for this situation.

Thanks!

Labels:
0 Helpful
1 Reply 1

ericgarnel
Level 7
Level 7

‎10-04-2007 07:20 AM

It would be better if you were to seperate out the guest users into their own wlan/vlan/subnet. Assuming that the dmz endpoint allows for multiple subnets and/or vlan/subintefaces (PIX or IOS) You could then drop the guests into a subnet that can only access the internet and not any other local networks. This can also be acheived or aided by ACLs the wlan(s) as well.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card