02-20-2003 11:36 AM - edited 07-04-2021 08:31 AM
I am wanting to add wireless to our campus, but I also want to protect our wired network. The powers that be also want a single login for our clients (students with differant types of wireless cards).
I am looking at using the 1200 series APs
Could I add an port to my firewall and put the APs on a seperate vlan and treat the APs as an untrusted network?
Also could I use a RADIUS server to authenticate the wireless users with active directory accounts from another server?
Solved! Go to Solution.
02-21-2003 12:19 PM
Radius proxy will give you single sign-on.
If you put all of the APs in a subnet separated from your wired network by a firewall (you can use trunking between switches to avoid pulling a whole new cable plant) you can achieve what you are after.
Alternately, you can use a multi-layered security approach to protect APs directly on the wired subnet. A VPN on top of WEP and a MAC Address filter would protect you well.
Matthew Wheeler
Chief Wireless Architect
Blue Modal, Inc
02-21-2003 12:19 PM
Radius proxy will give you single sign-on.
If you put all of the APs in a subnet separated from your wired network by a firewall (you can use trunking between switches to avoid pulling a whole new cable plant) you can achieve what you are after.
Alternately, you can use a multi-layered security approach to protect APs directly on the wired subnet. A VPN on top of WEP and a MAC Address filter would protect you well.
Matthew Wheeler
Chief Wireless Architect
Blue Modal, Inc
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: