[c-nsp] Best practice WLC 5508 public guest network?

Roger Wiklund roger.wiklund at gmail.com
Mon Oct 21 16:50:25 EDT 2013


I'm setting up a wireless guest network with dual stack.
My concern is security, I want to protect the network as much as possible.

My exp. with Cisco WLC is rather limited, but it looks like most of the
security features are enabled out of the box.

- Dynamic ARP Inspection
- DHCP Snooping
- RA Guard
- All kinds of flooding types using the standard signatures blocking.
- IP Theft/IP Reuse

Besides that I've enabled:

- Peer to peer blocking
- DHCP Addr assigment required
- Basic ACLs

Is there anything else that I might have missed/overlooked?

Also, if I disable DHCP Proxy mode, does that mean I'm vulnerable to DHCP
starvation attacks, rouge DHCP server etc? The documentation is not very
clear on that.



More information about the cisco-nsp mailing list