RE: guest + private wlan

I did this in our environment utilizing an HP solution. HP infrastructure
(already had this in place), HP WESM module (controller), and HP RPs (radio

We have a private wireless network that is on its own VLAN. We use 802.1x
with EAP/TLS on this network for company owned laptops. We also have
another wireless VLAN that is used for guest access. This is set with no
wireless security (open) and is funneled directly out to the internet via
our firewall without a path back into our company network. Users connect
to the guest wireless network, are prompted for a Terms of Service page,
and can then surf the net.

We also setup bandwidth management/prioritization to make sure that guest
wireless access to not eat up our internet pipe. They are limited in
regards to bandwidth speeds.


Original Message:
From: razigarbie@xxxxxxxxx
Date: 14 Jan 2008 12:52:35 -0000
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: guest + private wlan

Hi everyone,

Im in a position where i need to setup a guest wlan (open for public use)
and a employee wlan that will handle "buissess data".

Does anyone have any suggestions on how this setup would look like from a
secure perspective?

I thought of creating 2 VLANs one that uses WPA2 encryption while the other
one is open (both within DMZ), is this good/bad?

// Thanks in advance, boney

-------------------------------------------------------------------- - Microsoft® Exchange solutions from a leading provider -