Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Public Access Point Security

Hi,

Is it possible to extend the concept of layer 2 ethernet vlans to wifi networks, with a system that allocates a VLAN per user (allowing 4096 users) on wifi connection?

I was thinking that this could help prevent Man In The Middle attacks as any new user joining a wifi network would be on their own separate subnet isolated from every other user.

If this is achieved at the SSID level by assigning each one to a VLAN, is it possible to have this happen automatically?

Is this how public access points work already and if so how is a MITM attack launched?

Thanks.

Everyone's tags (4)
3 REPLIES

Public Access Point Security

yes and no.

the WLC will only take 512 interfaces so you could do that many /32 subnets if you really wanted to.  But you wouldn't be able to max out the 4096

But, what you can do, is enable Peer to Peer blocking, which disallows clients to talk to each other on the same WLAN

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Public Access Point Security

Thanks for that explanation.

So why do MITM attacks happen on public wifi?

Surely its not just the network admin failing to enable Peer to Peer isolation?

Public Access Point Security

some of it is yes.  Others are people that don't use SSL sites, or the location is just open.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
179
Views
0
Helpful
3
Replies
CreatePlease login to create content