Wireless Access

 View Only
last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

MSM760 Wireless Controller with Muptiple VSC's (What setup is more secure?)

This thread has been viewed 0 times

  • 1.  MSM760 Wireless Controller with Muptiple VSC's (What setup is more secure?)

    Posted Nov 12, 2020 01:12 AM

    The controller is configured with 2 VSC's (Guest.wifi, Office.wifi)

     Option A (Not using the WAN Port on the controller) Connecting the LAN Port of the controller to a managed switch. This connection trunked with 2 Vlans (Guest Vlan, Office Vlan) The Guest.wifi VSC is assigned to the LAN port of the controller and bound to the Guest Vlan. The Guest Vlan receives DHCP from the Firewall. The Guest Vlan is configured to have access to the Gateway for internet with no other network access. The Office.wifi VSC is assigned to the LAN port of the controller and bound to the Office Vlan. The Office Vlan received DHCP from a server on the network. The Office Vlan is configured to have access to the Gateway for internet and shares access with other wired network Vlans (Production, Administration, Management).

    Option B (Using the WAN Port on the controller) Connecting the WAN Port of the controller to the modem and the LAN Port of the controller to a managed switch. The Guest.wifi VSC is Assigned to the WAN port of the controller. The Guest.wifi receives DHCP from the controller with access to the internet via the WAN Port. The Office wifi and Vlan networks have no changes in this configuration and are connected through the LAN Port receiving DHCP from a server on the office network. There is no "Guest Vlan" in this configuration since no Guest.wifi traffic is routed to the switch.

    I am considering what option is better and why...

     


    #msm760
    #wireless


  • 2.  RE: MSM760 Wireless Controller with Muptiple VSC's (What setup is more secure?)

    EMPLOYEE
    Posted Nov 12, 2020 04:49 AM

    Hello

    Maybe I better answer can be provided if we have more details about the configuration in both scenario. I can think of the following questions which can give us a better understanding of the traffic flow.

    • In the VSC menu of the respective VSCs for both scenarios, how are configured the options Use Controller for Authentication, Use Controller for Access Control?
    • If Use Controller for Access Control is enabled for any VSC, what is configured as VSC egress mapping in the VSC menu?
    • If Use Controller for Access Control is not enabled, what is configured as Egress Network under AP Group ->VSC Binding for the respective VSC?
    • What options for Wireless Protection (WPA) and Authentication (PSK, 802.1x, html-based, mac auth) are configured for both VSCs in both scenarios?

    Also I think we need to know what aspect of the security you are concerned about. Is it mainly preventingof the guest users from accessing the office network? Or generally the wireless security, things like secure authentication, privacy etc?