Wireless security on a layer 2 vlan

Unanswered Question
Jun 26th, 2008

I've been having some in depth conversations with my colleagues at work and would like to peer into this forum for advise.

Here is the setup/scenario: An AP with open auth. The AP is bridged to a layer 2 vlan on our core production switches. In this vlan, we have a dedicated dsl router. No Firewall involved possibly FW feature set on router enabled.... this is simply for hot spot access for guest users. Non-company asset machines only.

The point of concern is the fact that these unsecure devices utilize a VLAN on our internal production switches. Being that this is a layer2 vlan with no switch interfaces, does this pose a risk?

Is there anyway it can be compromised or can it be "hacked" to gain access to the production network?? Can someone wirelessly spoof ethernet tags?

What if the AP was an LWAPP ap. The controller will have an interface in that Layer2 vlan but the option to administer the controller via wireless will be disabled. Any security concerns here as well?

Thank you,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Thu, 06/26/2008 - 14:38

What if someone horks up the vlan config accidentally or plugs something into the wrong port? Relying on that single layer for security is a bit risky, but that's just my opinion.

Do you use just VLAN isolation elsewhere in your perimeter as the sole network security control?

Out of curiousity, if it's open auth, how do you prevent company assets from connecting?


This Discussion