05-17-2015 02:52 PM
Hi for reference,
it is not recommended to have an APs dedicated VLAN
the reason is below .
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX
[If my post is helpful please give kudos, or mark as solved if it answers your post.]
05-17-2015 08:31 PM
Well, there are other ways to hunt rogues than to have APs out on client VLANs so we feel OK in ignoring that precious gem of "advice."
Why they think 802.1x wired would prevent one from doing so if they wanted to is the most peculiar part of that statement, actually.
05-17-2015 08:55 PM
05-18-2015 07:12 AM
Sure there is. Not having to install ACLs on all your switchports to keep clients out of the telnet port when you have to debug the APs, to start with. Not everyone gets to run on an end-to-end integrated policy framework.
05-18-2015 07:18 AM
>> keep clients out of the telnet port when you have to debug the APs, to start with.
Seriously, though, why would you want your clients to be able to talk directly to APs, ever? That's just an invitation to trouble.
05-18-2015 07:23 AM
Yeah and fairies live on dandelions. A properly "hardened" device doesn't support telnet in the first place. Period. So I don't think the OP advice is sound. People should plumb alternate ways to check for rogues if they need to.