DMZ Ideas

[<firewalladmin () bellsouth net>]

Hi All:

I am looking for some unique suggestions for a sitaution developing here at my place of employment. A contractor is 
being hired to set up some wireless stuff for RF tagging (bar code tracking stuff for shipping/receiving). They will be 
placing readers that send data to Wireless Access Points, which then need to terminate in a DMZ of some sort before it 
enters the LAN. We will require them to use encryption and MAC filtering along with the appropriate measures to secure 
the distance/range of the wireless signal to within the confines of the compound. My question is this - What would make 
a good DMZ for this setup? We have a few suggestions up in the air and it's all prliminary stuff right now. Some ideas 
are VLAN's (in my opinion too much management overhead, room for error and not necessarily very secure), seperate 
subnet on router, etc. The tough part is what do we filter the traffic by? There is no "user" to authenticate, only 
unmanaged readers/devices. The site is the size
  of a big college campus, so separating the devices onto a seperate backbone/subnet will be physically difficult and 
expensive as well. All suggestions are appreciated. Thanks,

Mark

Mark F.
MCP, CCNA
"You can spend your life any way you want... But you can only spend it once."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards