Advertisement
Online Test Banks
Score higher
See Online Test Banks
eLearning
Learning anything is easy
Browse Online Courses
Mobile Apps
Learning on the go
Explore Mobile Apps
Dummies Store
Shop for books and more
Start Shopping

Wireless Network Security: Isolating Users with VLANs

Virtual local area networks (VLANs) are a wonderful wireless network security tool by enabling its separation technology. You can implement VLANs in several ways when working with your wireless LAN. VLANs allow you to

  • Separate different types of traffic based on the SSID to which they connect.

  • Provide isolation between more secure and less secure clients when required to support clients that do not support the maximum security settings of the WLAN. A less secure SSID can be used only for the lower security clients; ACLs can then be used on the routers and firewalls to control their access.

  • Provide guest Internet access out of your office while keeping these clients from accessing internal resources. These clients may get their access through a separate interface on your firewall, a separate firewall, or a secondary Internet service provider (ISP) connection rather than your main connection.

  • Provide access to the management interfaces on network devices. Because most network devices allow for management to be conducted over a separate VLAN, thereby keep this traffic away from less secured VLANs.

    image0.jpg

If you follow the flow from the wireless clients at the bottom of of the illustration to the Internet connections at the top, you can see that

  • Each wireless computer has a connection to a different SSID.

  • All SSIDs are hosted on the same LWAPP, but each SSID is associated with a different VLAN because the traffic on VLANs can be passed to the controller using a network connection.

  • Traffic is passed in separate VLANs to the controller. The controller takes care of functions, such as decrypting WPA2 data and passing the data frames onto the wired network.

  • Still on separate VLANs and using a single network connection, the traffic is passed onto a switch where VLAN traffic is separated into virtual networks, each with their own servers and network resources.

  • All three of these virtual networks get their outside access through an ASA firewall, which can split the traffic from different VLANs through dual connections to two ISPs. This is done for load balancing for fault tolerant services.

blog comments powered by Disqus
Advertisement
Advertisement

Inside Dummies.com

Dummies.com Sweepstakes

Win an iPad Mini. Enter to win now!