Hi for reference,
it is not recommended to have an APs dedicated VLAN
the reason is below .
Well, there are other ways to hunt rogues than to have APs out on client VLANs so we feel OK in ignoring that precious gem of "advice."
Why they think 802.1x wired would prevent one from doing so if they wanted to is the most peculiar part of that statement, actually.
Sure there is. Not having to install ACLs on all your switchports to keep clients out of the telnet port when you have to debug the APs, to start with. Not everyone gets to run on an end-to-end integrated policy framework.
>> keep clients out of the telnet port when you have to debug the APs, to start with.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Seriously, though, why would you want your clients to be able to talk directly to APs, ever? That's just an invitation to trouble.
Yeah and fairies live on dandelions. A properly "hardened" device doesn't support telnet in the first place. Period. So I don't think the OP advice is sound. People should plumb alternate ways to check for rogues if they need to.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.