Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1079
  • Last Modified:

Cisco WLC 5508 Quarantine / Remediation Methods

I am looking for suggestions on Quarantine / Remediation / Production design on our wireless network.

We are moving from an autonomous AP environment to a Cisco WLC 5508 controlling LAPs.


I am considering Dynamic VLAN Assignment at the WLC using RADIUS for authentication.

Does anyone have anything on quarantine / remediation / production design best-practices for wireless infrastructures?
0
c-h-r-i-s-t-o-p-h
Asked:
c-h-r-i-s-t-o-p-h
  • 3
  • 2
1 Solution
 
SouljaCommented:
I assume you are planning on using 802.1X  for Radius VLAN assignment. 802.1x alone won't provide posture assessement and remediation, but may offer some type or quarantine by placing a failed authentication client on a "failed authentication" vlan. If you want full blow posture assessement and remediation you may want to look into Cisco NAC Clean Access.
0
 
c-h-r-i-s-t-o-p-hAuthor Commented:
We have an internal NAC solution. I plan to tie it into radius and the wlc using 802.1x... possibly AD in the future.
0
 
c-h-r-i-s-t-o-p-hAuthor Commented:
To add, I am interested in the shortcomings/  failings of this system as well as other best practice suggestions.
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
SouljaCommented:
What NAC solution are you using. I did a NAC Deployment a few years ago and we did not need Radius for Wireless Quarantine and Remediation on our WLC's.
0
 
SouljaCommented:
If you currently don't have AD, what identity source will you use for Radius, or would you be creating account locally on the radius server?
0
 
Craig BeckCommented:
Just a note, but if you're using AD and want to use GPOs to configure policies on machines you may hit problems.  Microsoft don't support Dynamic-VLANs and in quite a few installations I've seen you will get problems when applying GPOs.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now