Cisco Switches and Wlan devices - management vlan

as00001111 · ‎01-04-2017

Hey guys,

I would like to know:

We have multiple cisco catalyst switches, two Cisco Wireless Controller and multiple Ciso Access Points in our network.

Do you put them in one Management vlan?

Or are there any security concerns to put cisco switches together with the WLCs & APs ?

There is only one connection from our entrance employees to the WLC with a lobby account to create guest wlan users.

Is that a risk?

Philip D'Ath · ‎01-04-2017

I would put them in the one VLAN.

Krash Mole · ‎01-04-2017

Hi,

how many core, access and end-devices are you planning to connect to your network?

Regard

as00001111 · ‎01-04-2017

Hi!

We have one core catalyst switch, 10 access catalyst switches, 2 WLCs and about 20 Access Points.

Krash Mole · ‎01-04-2017

HI,

you can have 2 VLANs : 1 VLAN (management) to manage all your core and access devices and another (data) for your end user devices. But if you plan to implement VoIP. I will advice you to have another separate vlan for that.

PS: Note that if you are planning to allocate more than 500 IP addresses for endusers. I will be preferable to have more than one vlan for data.

Regards.

as00001111 · ‎01-04-2017

I have installed it as you describe. (data vlan for the users).

My question is if it's good to put switches and access points in one vlan.

Or should I separate them?

It's more a security concern.

Because: Our entrance employee can connect to the wlc via https to create guest accounts.

Is this a security risk?

Maybe a virus or malicious person could use this https connection to come into the management vlan where also all switches are located.

Krash Mole · ‎01-04-2017

Hi,

you can put your switches and access point in one vlan.

and because it is a different vlan, just make sure that it doesn't talk to your data vlan.

None will connect to it via your Wireless Access point. you could connect to it only on ports which you will allow ...

regards