Educause Security Discussion mailing list archives
Re: Public Use VLAN (x-posted to netman listserv)
From: H Morrow Long <morrow.long () YALE EDU>
Date: Wed, 3 Oct 2012 14:23:44 -0400
Best Practices: * Disallow all other protocols than HTTP and HTTPS on the standard ports. * Allow VPN. * NAT to a public IP outside your public IP address space. * Require a capture page with a 'Accept our policy' button (along with your legal notice). But don't rely on any info (this is why we don't ask for the guest's email). * Restrict the bandwidth (or you will end up having your internal students, staff and faculty using guest wireless rather than your secure wireless. * Make certain that guest wifi traffic has to pass through your external firewall rather than being handled by just a router. * Log the WiFi physical addresses using your guest wifi (e.g. Log at the DHCP server and/or NAT) to track if internal users are using the guest network rather than secure wifi??? From: Allen Wood <awood () HILLCOLLEGE EDU> Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Tuesday, October 2, 2012 9:56 PM To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Public Use VLAN (x-posted to netman listserv) As much as I hate it, I¹ve been told to setup an open wireless network for our campus. I created a vlan with access lists that deny all traffic to inside our network, and created the open SSID to put on it. Traffic can flow freely now from the open wireless to the internet. However, I¹m using a public DNS for the clients and they¹re unable to reach our locally hosted (NAT¹d) web servers. We¹re currently using a Cisco ASA at the edge of our network which does all of our NAT¹ing. I could open up the VLAN access list a bit and allow them access to our internal DNS & web servers, but I¹d rather not. Has anyone run into this issue before? What¹s the ³best practices² at this point other than removing the public network in the first place! Thanks in advance, Allen
Current thread:
- Public Use VLAN (x-posted to netman listserv) Allen Wood (Oct 02)
- Re: Public Use VLAN (x-posted to netman listserv) Jeff Kell (Oct 02)
- Re: Public Use VLAN (x-posted to netman listserv) Jeff Moore (Oct 03)
- Re: Public Use VLAN (x-posted to netman listserv) H Morrow Long (Oct 03)
- Re: Public Use VLAN (x-posted to netman listserv) David Gillett (Oct 03)
- Re: Public Use VLAN (x-posted to netman listserv) Morrow Long (Oct 04)
- Re: Public Use VLAN (x-posted to netman listserv) David Gillett (Oct 03)
- <Possible follow-ups>
- Re: Public Use VLAN (x-posted to netman listserv) Aaron Hockett (Oct 02)
- Re: Public Use VLAN (x-posted to netman listserv) Jeff Kell (Oct 03)