Well, I've been kicking this around and thought I'd ask some experts out there. I'm planning on implementing some Wireless Access Points for guestemployee access. The APs will be connected to the core network on VLAN'd ports. I'm wondering about the security issues involved with this beyond the following assumptions;

• Native VLAN active on core switches (Yes, most devices communicating on Native VLAN as well.)
  
  
• AP guests are isolated from each other
  
  
• AP uses AES encryption and strong password
  
  
• AP and guests are on seperate subnet
  
  
• Any internal access must be established through IPSec VPN first
  
  
• Unauthorized access attempts are monitored and alerted on
  
  

I've heard VLAN hopping is nearly obsolete these days assuming core switches (Cisco) are up to date on IOS. What are the security risks I'm missing here?

Even if someone manages to get a double tagged packet through, wouldn't the attacker have to know the core network subnet? Also, wouldn't the attacked be blind since there is no route back to the original VLAN? Any advice would be greatly appreciated.

 



Software/Hardware used:
Cisco Switches, Access Points