Securing WLAN with VPN's: Any other Tricks ?

tlchant · ‎06-19-2003

Hello,

Newbie to VPN's and security.

Securing our WLAN environement with about 50 Cisco 1200AP's, 65 SpectraLink VoIP phones, various wireless users. Currently have a seperate Wireless VLAN. Will be putting this on our corporate VPN. Is there any other security measures in the AP that could be turned on ? ex. TKIP, MIC, MAC address filtering. Will the VPN solution protect against rogue AP's.

Any assistance would be very helpful.

TLC

ED CARMODY · ‎06-22-2003

Doing an EAP method via 802.1x is going to be stronger than a VPN is, at least for wireless. VPNs only protect your unicast data, not your wlan or broadcast data....there are several other drawbacks to vpn for wireless.

Create multiple SSID-VLAN mappings: one for EAP-capable devices, and others for less secure devices like the Spectralinks. This way you can let more-capable devices do better security, and the phones will do static WEP. Set up ACLs to restrict what devices coming in on the phone ssid-vlan can get to to just the spectralink gateway and you should be good.

It's probably best to set the spectralink gateway on the same vlan as the phones, and only let the server off the net (assuming it needs to talk to a Call Manager or something). Otherwise if it's just interfacing to your PBX, don't let anything of that vlan.