Wireless and VLAN

Incident response
Intrusion management
Network security
Hi, I have the following equipment: - Symbol Spectrum24 11Mbps Access Point (AP-4131) - Cisco 2950 Switch (WS-C2950T-24) Our wireless infrastructure has been active for almost 2yrs now with WEP and Mac Address Security. I wanted to apply more security on our Wireless infrastructure by implementing VLAN. Anybody can give me a link or a procedure on how to implement VLAN with the above equipment?

Answer Wiki

Thanks. We'll let you know when a new response is added.

What are you trying to accomplish with VLANs?
Since this access point is wifi complient I would look at the standard recommendations for deploying wifi security. There are a variety of options available. You will have to decide how much security you need and are willing to implement.
See what your vendor recommends for wifi deployment with your equipment.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Sonyfreek
    VLANs will not ensure security in your environment and are not used for security on a network. A VLAN will help you segment the switch to separate collision domains, but not with the equipment you have since you don't have a router capable of understanding and routing VLAN ids. Look to use proxy servers and firewalls to create a security architecture based on your needs and secure the Wifi network as the last poster stated. SF
    0 pointsBadges:
  • Bobkberg
    I agree with astronomer and sonyfreek. VLANs are not the answer. Instead - go to www.cisecurity.org and download the baseline security document for wireless security. Bob
    1,070 pointsBadges:
  • JayCuizon
    Thank you all for the reply. I thougth VLAN would add another level of security to WLAN.
    0 pointsBadges:
  • Bouncybrit
    I do not disagree with the other posters. that said VLAN's can provide additional security if implemented properly. A VLAN for your wireless LAN coming to a second interface on a firewall, certainly helps to discourage casual netstumblers from becoming real criminals. even well implemented ACL's on teh switches can do that. WLAN best practices indicate that a secured VLAN is an appropriate step for putting an additional layer of protection on your network. http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a008009478e.shtml this is the link fo rthe cisco configuration examples for VLANs on their switches. as long as the symbol can tag the packets by SSID for a specific VLAN you shoud be OK. I would keep the access points themselves on a seperate management VLAN with the SSIDs you make available routing to other VLANs, this should also help keep the casual hacker from getting into the acess point and modifying its configuration.
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: