Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLSE / Security / Authentication advice

Good Afternoon Everyone,

We have WLSE currently setup with around 30x Aironet 1200 AP's and 10x 1130 AP's. Unfortunately there are no security or encryption. I was wondering what is the best way to provide security. We are a Windows 2003 domain as well.



Hall of Fame Super Red

Re: WLSE / Security / Authentication advice

Hi Mark,

Wireless Security is a very complex issue (as you have probably discovered) To recommend a "best" way to secure your environment in this forum would be doing you a real disservice :( I have attached some good "getting started" type Security docs) and would suggest having a good read of them. You may also want to engage your Cisco partner and Cisco SE to help you plan and implement this most important function of Wireless.

Wireless LAN Security White Paper

Five Steps to Securing Your Wireless LAN and Preventing Wireless Threats

WLAN Security considerations (Part of WLAN SRND Guide)

Wireless LAN Security Solution

I truely hope this helps you on your way with this excellent endeavour!


New Member

Re: WLSE / Security / Authentication advice

I would recommend that you set up a lab to set up your security for the wireless and then test it. Once you get the design down for the wireless and have tested it, you may want to have your security department or IT auditors give it a vulnerability test.

We did ours years ago and did such things as switch port mac address security so nobody could plug in an A/P and get on our network.

We put wireless on a seperate vlan considered to be unsecure.

We installed a soon to be EOL 3030 VPN to provide the AAA/encryption/tunneling and placed the 3030 in a secure computer room. Only after the AAA encrypted session coming in could you get onto the secure backbone vlan.

We installed the VPN encryption software on all PC's to encrypt/de-encrypt the traffic in a VPN tunnel.

We installed mac filtering on all A/P.

Now Cisco has the new ASA5500 series security appliances and it is really much better than the old 3030/3060 VPN's.

See your Cisco Rep, they have come a long way since we put ours in.

Word of caution, watch using inexperienced people updating your network....especially contractors. We took our lab equipment out of the box and accessed a secure network a block away for a very sensitive government facility because they did not reapply their security features and they accepted defaults after an upgrade.

Good Luck,


CreatePlease login to create content