Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Securing WLAN with VPN's: Any other Tricks ?

Hello,

Newbie to VPN's and security.

Securing our WLAN environement with about 50 Cisco 1200AP's, 65 SpectraLink VoIP phones, various wireless users. Currently have a seperate Wireless VLAN. Will be putting this on our corporate VPN. Is there any other security measures in the AP that could be turned on ? ex. TKIP, MIC, MAC address filtering. Will the VPN solution protect against rogue AP's.

Any assistance would be very helpful.

TLC

1 REPLY
New Member

Re: Securing WLAN with VPN's: Any other Tricks ?

Doing an EAP method via 802.1x is going to be stronger than a VPN is, at least for wireless. VPNs only protect your unicast data, not your wlan or broadcast data....there are several other drawbacks to vpn for wireless.

Create multiple SSID-VLAN mappings: one for EAP-capable devices, and others for less secure devices like the Spectralinks. This way you can let more-capable devices do better security, and the phones will do static WEP. Set up ACLs to restrict what devices coming in on the phone ssid-vlan can get to to just the spectralink gateway and you should be good.

It's probably best to set the spectralink gateway on the same vlan as the phones, and only let the server off the net (assuming it needs to talk to a Call Manager or something). Otherwise if it's just interfacing to your PBX, don't let anything of that vlan.

225
Views
0
Helpful
1
Replies
CreatePlease to create content