|
Posted by Anthony Chavez on March 3, 2005, 2:53 pm
If you were Registered and logged in, you could reply and use other advanced thread options
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In the following configuration,
[x]-----O-------O
switch WAP station
the switch supports multiple VLANs per segment and the Wireless Access
Point is an Apple Airport Extreme. At first glance, my impression is
that the WAP is not capable of routing, but I have not confirmed this.
It seems to me that I could obtain better security if I were to place
the WAP in one VLAN and the station in another (which grabs its IP
address from a DHCP server behind the switch). My reasoning is that I
could place the WAP inside a firewalled VLAN and allow management access
only to that VLAN.
I'm not terribly familiar with the way WAPs work (they're essentially
bridges, correct?), so I'm curious to know if such a configuration would
actually work, if indeed the WAP is *not* a router.
Moreover, I have to wonder if this design would actually result in the
security I'm after. Couldn't an attacker simply sniff the segment
between the WAP and the station(s), including traffic on the opposite
VLAN to which they are connected?
- --
Anthony Chavez http://anthonychavez.org/
mailto:acc@anthonychavez.org jabber:acc@jabber.anthonychavez.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
iD8DBQFCJ4dzbZTbIaRBRXERAr2SAJ42rQmh/bXgfYCnVRRyWWw81OjDngCeMIrm
zxSQ63lh2BIUBvchC7jVej4=
=CkEy
-----END PGP SIGNATURE-----
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map