Controllerless Networks

last person joined: 16 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

VLAN on Multiple SSIDs

This thread has been viewed 4 times

  • 1.  VLAN on Multiple SSIDs

    Posted Sep 08, 2017 07:28 PM

    Hopefully a quick question,

     

    Would there be security implications if I were to have a Public Guest SSID that is assigned, say VLAN 10, then have our corporate SSID (AD machine auth with WPA2/EAP-TLS/PEAP) with that same VLAN (10) as the default but then assign the corporate VLANs to the coporate machines through ClearPass based on the Active Directory OU of the machine?  My thought is that if I setup my Enforcement profile in CPPM to look at the OU and assign a VLAN, but have the Public VLAN be the last entry incase the computer is in AD, but not in an OU that has a VLAN assigned, then it would assign the Public VLAN and public role on the AP to prevent access to the corporate network. I'm thinking it'd be the same as having our public VLAN traffic flow through the same physical network as our corporate network, which we already do. Any thoughts or best practice suggestions?

     

    Thank you!!



  • 2.  RE: VLAN on Multiple SSIDs
    Best Answer

    MVP EXPERT
    Posted Sep 09, 2017 05:12 AM

    An issue I can think of is that essentially the Public and and Corp devices may end up within the same VLAN? You could enable deny inter user traffic but the preferred option would be to have segregated VLAN's. Questions are also raised with DHCP and DNS, the Corp users on a Guest VLAN may need to access Corporate DNS/DHCP servers which maybe off limits? Is this a controller or controller-less solution?

     

    If this is a physical controller you could have a direct connection from the WLAN controller to the firewall so the Guest VLAN exists only between the WLAN controller and the firewall.