Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WIRELESS DESIGN

A client of mine has corporate clients setup with 802.1x authentication. Is that sufficient and secure by itself. I Would like to put these users in the DMZ and ensuring LAN access via VPN (authentication using acs / ad integration) be a better design? Any cisco design documents that support or negate my design? Any best practices docs that support this?

1 REPLY
Community Member

Re: WIRELESS DESIGN

802.1x is secure if you are using the right combination of features -- WPA2 and PEAP-MSCHAPv2 or a certificate based EAP seem to be the industry standard.

If you have a mix of users that should and should not be allowed into the DMZ, the RADIUS server should be able to be configured to send a message along with the authorization accept that will cause the CISCO gear to put the users with DMZ access in a different VLAN, as long as it has a way of knowing which users those are.

251
Views
0
Helpful
1
Replies
CreatePlease to create content