[c-nsp] Best practice WLC 5508 public guest network?
Roger Wiklund
roger.wiklund at gmail.com
Mon Oct 21 16:50:25 EDT 2013
Hi.
I'm setting up a wireless guest network with dual stack.
My concern is security, I want to protect the network as much as possible.
My exp. with Cisco WLC is rather limited, but it looks like most of the
security features are enabled out of the box.
- Dynamic ARP Inspection
- DHCP Snooping
- RA Guard
- All kinds of flooding types using the standard signatures blocking.
- IP Theft/IP Reuse
Besides that I've enabled:
- Peer to peer blocking
- DHCP Addr assigment required
- Basic ACLs
Is there anything else that I might have missed/overlooked?
Also, if I disable DHCP Proxy mode, does that mean I'm vulnerable to DHCP
starvation attacks, rouge DHCP server etc? The documentation is not very
clear on that.
Thanks!
/Roger
More information about the cisco-nsp
mailing list