Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
687
Views
0
Helpful
2
Replies

Designing Secure vs. Non-Secure WLANs

michael.kilpatrick
Level 1
Level 1

‎09-26-2002 08:13 PM - edited ‎07-04-2021 11:25 PM

I manage a large health care network with very strict security guidelines. We have dedicated FW's at all our exposure points to the Internet and Extranets. This provides an assurance that allows us not to filter any traffic inside our FW borders. We even have a dedicated DMZ switch that only connects devices exposed outside of our FW's. We have approx 100 WLAN AP's installed supporting the secure clinical network. As a policy we use 128-bit encryption and require Radius authentication of all WLAN remotes. We have 6 major sites (hospitals) with core 65xx architecture.

.

Mgmt wants to install AP's in select hospitals for vendors/customers use... these WLANs will have access to the Intenet only and will not compromise the secure network. My question is regarding design... should I (a) build an entirely separate physical LAN to support this new unsecure WLAN or do I (b) simply put this traffic on a seperate VLAN and use ACLs to keep the private networks safe? I hesitate to give in to option (b), the cheap one, because I have heard a little bit about Layer 2 attacks and that seems it might apply here. (And I really don't want to start managing ACL's on all our core 65xx routers.)

.

Is my concern about Layer 2 attacks valid? Are there any other considerations?

Thanks.

Labels:
0 Helpful
2 Replies 2

Scott Fella
Hall of Fame
Hall of Fame

‎09-29-2002 10:15 AM

Well, if you completely build a sperate WLAN, how and what services do they need. Will that WLAN have to be tied into you current network? Planning to have a sperate internet connection? Look at bluesocket.com. We have worked with their product for a while now. What I can say about this.... I'm not a slaes man, but it does CoS. You can specify how much bandwidth a user or group can have, it terminates VPN connections, you can specify what protocols or ports they are allowed to use. It works with novel, windows domain, and radius.

-Scott
*** Please rate helpful posts ***
0 Helpful

blue.modal
Level 1
Level 1
In response to Scott Fella

‎10-21-2002 09:25 PM

Michael,

Vernier has similar functions, plus some other bells and whistles, but I would be interested in more details on your experience with Bluesocket.

Have you been able to successfully segment out users by group, client type, os, ap accessed, etc.?

Matthew Wheeler

Chief Wireless Architect

Blue Modal

www.BlueModal.com

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card