[c-nsp] Network Security.

Jason Gurtz jasongurtz at npumail.com
Wed Mar 7 11:49:19 EST 2012


> this. Should I be able to take a personal laptop that is not setup on
our
> domain, plug into our network, obtain an ip address dynamically through
> our cisco router and browse the internet?

As other posts have alluded, there is a lot more to this question than
meets the eye.

If the business policy dictates that byod/guest access is to be allowed (a
likely scenario in many cases IMHO), there is a baseline architecture to
improve security. Create a guest vlan/subnet on the switch to be used by
guests or other unmanaged devices. Create ACL entries on the switch so
guest devices can only access the Internet and can't access the other
internal vlans. Your 861W can do this.

Things start to get more interesting if there will be an AUP/Captive
portal, port security a la 802.1X, a need for guests to access certain
internal resources, or a guest wireless infrastructure.

~JasonG



More information about the cisco-nsp mailing list