I manage a large health care network with very strict security guidelines. We have dedicated FW's at all our exposure points to the Internet and Extranets. This provides an assurance that allows us not to filter any traffic inside our FW borders. We even have a dedicated DMZ switch that only connects devices exposed outside of our FW's. We have approx 100 WLAN AP's installed supporting the secure clinical network. As a policy we use 128-bit encryption and require Radius authentication of all WLAN remotes. We have 6 major sites (hospitals) with core 65xx architecture.
Mgmt wants to install AP's in select hospitals for vendors/customers use... these WLANs will have access to the Intenet only and will not compromise the secure network. My question is regarding design... should I (a) build an entirely separate physical LAN to support this new unsecure WLAN or do I (b) simply put this traffic on a seperate VLAN and use ACLs to keep the private networks safe? I hesitate to give in to option (b), the cheap one, because I have heard a little bit about Layer 2 attacks and that seems it might apply here. (And I really don't want to start managing ACL's on all our core 65xx routers.)
Is my concern about Layer 2 attacks valid? Are there any other considerations?
Well, if you completely build a sperate WLAN, how and what services do they need. Will that WLAN have to be tied into you current network? Planning to have a sperate internet connection? Look at bluesocket.com. We have worked with their product for a while now. What I can say about this.... I'm not a slaes man, but it does CoS. You can specify how much bandwidth a user or group can have, it terminates VPN connections, you can specify what protocols or ports they are allowed to use. It works with novel, windows domain, and radius.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...