[c-nsp] Best practice WLC 5508 public guest network?
Andrew Miehs
andrew at 2sheds.de
Mon Oct 21 17:53:28 EDT 2013
You might want to think about using a second set of WLCs as anchor
controllers if the same APs are being used for Internal networks.
On Tue, Oct 22, 2013 at 7:50 AM, Roger Wiklund <roger.wiklund at gmail.com>wrote:
> Hi.
>
> I'm setting up a wireless guest network with dual stack.
> My concern is security, I want to protect the network as much as possible.
>
> My exp. with Cisco WLC is rather limited, but it looks like most of the
> security features are enabled out of the box.
>
> - Dynamic ARP Inspection
> - DHCP Snooping
> - RA Guard
> - All kinds of flooding types using the standard signatures blocking.
> - IP Theft/IP Reuse
>
> Besides that I've enabled:
>
> - Peer to peer blocking
> - DHCP Addr assigment required
> - Basic ACLs
>
> Is there anything else that I might have missed/overlooked?
>
> Also, if I disable DHCP Proxy mode, does that mean I'm vulnerable to DHCP
> starvation attacks, rouge DHCP server etc? The documentation is not very
> clear on that.
>
> Thanks!
>
> /Roger
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list