A client of mine has corporate clients setup with 802.1x authentication. Is that sufficient and secure by itself. I Would like to put these users in the DMZ and ensuring LAN access via VPN (authentication using acs / ad integration) be a better design? Any cisco design documents that support or negate my design? Any best practices docs that support this?
802.1x is secure if you are using the right combination of features -- WPA2 and PEAP-MSCHAPv2 or a certificate based EAP seem to be the industry standard.
If you have a mix of users that should and should not be allowed into the DMZ, the RADIUS server should be able to be configured to send a message along with the authorization accept that will cause the CISCO gear to put the users with DMZ access in a different VLAN, as long as it has a way of knowing which users those are.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...