Wireless Access

Reply
MVP
Posts: 340
Registered: ‎04-25-2013

APs Dedicated VLAN "not Recommanded" bizard & amazing Info

Hi for reference,

it is not recommended to have an APs dedicated VLAN

the reason  is below .

 

AP  VLAN.PNG

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Super Contributor I
Posts: 274
Registered: ‎04-04-2014

Re: APs Dedicated VLAN "not Recommanded" bizard & amazing Info

Well, there are other ways to hunt rogues than to have APs out on client VLANs so we feel OK in ignoring that precious gem of "advice."

 

Why they think 802.1x wired would prevent one from doing so if they wanted to is the most peculiar part of that statement, actually.

 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: APs Dedicated VLAN "not Recommanded" bizard

It also just makes a lot of sense from an edge configuration standpoint. There is no technical need/requirement for an AP VLAN.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 274
Registered: ‎04-04-2014

Re: APs Dedicated VLAN "not Recommanded" bizard

 

Sure there is.  Not having to install ACLs on all your switchports to keep clients out of the telnet port when you have to debug the APs, to start with.  Not everyone gets to run on an end-to-end integrated policy framework.

 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: APs Dedicated VLAN "not Recommanded" bizard

Disable telnet on the APs?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 274
Registered: ‎04-04-2014

Re: APs Dedicated VLAN "not Recommanded" bizard

>> keep clients out of the telnet port when you have to debug the APs, to start with. 

                                                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 

Seriously, though, why would you want your clients to be able to talk directly to APs, ever?  That's just an invitation to trouble.

 

 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: APs Dedicated VLAN "not Recommanded" bizard

They're hardened. There's not much you can do to them.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 274
Registered: ‎04-04-2014

Re: APs Dedicated VLAN "not Recommanded" bizard

 

Yeah and fairies live on dandelions.  A properly "hardened" device doesn't support telnet in the first place.  Period.  So I don't think the OP advice is sound.  People should plumb alternate ways to check for rogues if they need to.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: