I've been having some in depth conversations with my colleagues at work and would like to peer into this forum for advise.
Here is the setup/scenario: An AP with open auth. The AP is bridged to a layer 2 vlan on our core production switches. In this vlan, we have a dedicated dsl router. No Firewall involved possibly FW feature set on router enabled.... this is simply for hot spot access for guest users. Non-company asset machines only.
The point of concern is the fact that these unsecure devices utilize a VLAN on our internal production switches. Being that this is a layer2 vlan with no switch interfaces, does this pose a risk?
Is there anyway it can be compromised or can it be "hacked" to gain access to the production network?? Can someone wirelessly spoof ethernet tags?
What if the AP was an LWAPP ap. The controller will have an interface in that Layer2 vlan but the option to administer the controller via wireless will be disabled. Any security concerns here as well?