Security Solutions
3-134
Designing Access Controls
Lay Out the Network
Public Wireless Zone
The public wireless zone is a wireless environment intended for endpoints,
typically laptop computers and PDAs, that belong to guests, customers, or
possibly contractors. Often, the goal of the zone is to provide convenient
Internet access to people who are not members of your organization. How-
ever, you might also grant limited access to private resources: for example, a
library could allow access to its catalog.
Table 3-108. Public Wireless Zone Policies
Access Control Method. The public wireless zone may use any of the three
access control methods (MAC-Auth, Web-Auth, or 802.1X).
Although 802.1X is more often associated with private zones, it is possible to
use this method for greater security: most wireless client utilities support
802.1X, and you receive the benefit of secure encryption. However, a user may
have to alter the settings on his or her utility—for example, to select the
3400clXXXX
2900XXXX
2810XXXX
2800XXXX
2600XXXX
2510 X X
2500 local only X X
1800
1700
Switch Series MAC-Auth Web-Auth 802.1X Dynamic VLAN
Assignment
Dynamic ACLs
Zone Authentication
Method
EI Deployment Testing Method Authentication
Protocol
Encryption
Public wireless • Web-Auth
• 802.1X (high
security)
• DHCP
•802.1X
ActiveX • PEAP-
MS-CHAPv2
•EAP-TTLS
•None
•WPA-PSK
(higher
security)
•WPA with
802.1X
(highest
security)