Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest Access Security

We have two wireless controllers in the DMZ that we use for guest access only. Right now the management, ap-management and dhcp addresses for users are all on the same IP segment. I know that's not the most secure way to deploy and wondered what the best practice is for this situation.

Thanks!

1 REPLY

Re: Guest Access Security

It would be better if you were to seperate out the guest users into their own wlan/vlan/subnet. Assuming that the dmz endpoint allows for multiple subnets and/or vlan/subintefaces (PIX or IOS) You could then drop the guests into a subnet that can only access the internet and not any other local networks. This can also be acheived or aided by ACLs the wlan(s) as well.

150
Views
0
Helpful
1
Replies