Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
273
Views
0
Helpful
1
Replies

Wireless security on a layer 2 vlan

damico_nick
Level 1
Level 1

‎06-26-2008 12:42 PM - edited ‎03-09-2019 08:58 PM

I've been having some in depth conversations with my colleagues at work and would like to peer into this forum for advise.

Here is the setup/scenario: An AP with open auth. The AP is bridged to a layer 2 vlan on our core production switches. In this vlan, we have a dedicated dsl router. No Firewall involved possibly FW feature set on router enabled.... this is simply for hot spot access for guest users. Non-company asset machines only.

The point of concern is the fact that these unsecure devices utilize a VLAN on our internal production switches. Being that this is a layer2 vlan with no switch interfaces, does this pose a risk?

Is there anyway it can be compromised or can it be "hacked" to gain access to the production network?? Can someone wirelessly spoof ethernet tags?

What if the AP was an LWAPP ap. The controller will have an interface in that Layer2 vlan but the option to administer the controller via wireless will be disabled. Any security concerns here as well?

Thank you,

Nick

Labels:
0 Helpful
1 Reply 1

mhellman
Level 7
Level 7

‎06-26-2008 02:38 PM

What if someone horks up the vlan config accidentally or plugs something into the wrong port? Relying on that single layer for security is a bit risky, but that's just my opinion.

Do you use just VLAN isolation elsewhere in your perimeter as the sole network security control?

Out of curiousity, if it's open auth, how do you prevent company assets from connecting?

0 Helpful
Customers Also Viewed These Support Documents