cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2039
Views
0
Helpful
1
Replies

WLC and network zones design

computerone1
Level 1
Level 1

Hi.

I post these question here because after a lot of searching, I stumble upon the lack of good material about this subject. In a WLC (Wireless Lan Controller) central switching scenario:

  1. Imagine I have a very secure (RADIUS/802.1x) lan vlan data subnet, vlan 10. Imagine my data wlan is very secure too (wpa2-entreprise/eap-peap-mschapv2 with certificates enforcing). What is the drawback of having my data lan and my data wlan share directly the same vlan 10? Saying it otherwise, what is the benefit of separating lan and wlan data subnets?
  2. In case of separated lan and wlan subnets, should they be separated by simple inter vlan routing ACLs, or is a firewall (Cisco ASA) a better security option. What would be the benefits of using a firewall ?
  3. Concerning the guest wlan, a good security design would be to have a guest-dedicated wlc, placed in the DMZ. Should it be directly terminated in the DMZ, or should a firewall (Cisco ASA) be placed between the WLC termination and the DMZ (In this latter case, that would place 2 firewalls between the WLC and Internet: the WLC firewall, then the DMZ firewall ? What would be the security benefits?

 

Thanks for any comment, or hint about good firewall/security zones design book to (e-)buy!!

 

 

 

1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

i would start with this below CVD :

 

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Campus-LAN-WLAN-Design-Guide-2018JAN.pdf

 

make some proto type design how exactly you would like to design based on the business requirement.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card