Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
1
Replies

WIRELESS DESIGN

htaluja_2
Level 1
Level 1

‎10-02-2007 09:35 PM - edited ‎07-03-2021 02:42 PM

A client of mine has corporate clients setup with 802.1x authentication. Is that sufficient and secure by itself. I Would like to put these users in the DMZ and ensuring LAN access via VPN (authentication using acs / ad integration) be a better design? Any cisco design documents that support or negate my design? Any best practices docs that support this?

Labels:
0 Helpful
1 Reply 1

b.julin
Level 3
Level 3

‎10-03-2007 04:50 AM

802.1x is secure if you are using the right combination of features -- WPA2 and PEAP-MSCHAPv2 or a certificate based EAP seem to be the industry standard.

If you have a mix of users that should and should not be allowed into the DMZ, the RADIUS server should be able to be configured to send a message along with the authorization accept that will cause the CISCO gear to put the users with DMZ access in a different VLAN, as long as it has a way of knowing which users those are.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card