Home > Articles > Networking > Wireless/High Speed/Optical

  • Print
  • + Share This
From the author of Multiple SSIDs and VLANs

Multiple SSIDs and VLANs

Another option for administrators is to configure multiple SSIDs and/or VLANs for non–802.1X clients if the access points and switches support these functionalities. The most basic approach would be to create a separate virtual SSID configured with the Personal (PSK) mode of WPA or WPA2 security. Then to segregate this less-secure wireless network, you could assign this SSID to another VLAN from the main network. Thus if the PSK passphrase is compromised and access is gained by unauthorized users, damage would be minimal.

You should check if your RADIUS server and switches support guest VLANs and/or failed authentication VLANs. These features could be used to automatically allow non–802.1X clients network access, but to a particular VLAN that could be segregated from the main one.

  • + Share This
  • 🔖 Save To Your Account