Day 2 of the Implementing Aruba WLANs course has come to a close and we have managed to make a nice mess of the room. It’s amazing how quickly 6 people can fill a room with controllers, access points, cables, laptops, and courseware!
Much like the first day of the course, the second day was very educational. Focusing mainly on authentication, access control, and roles, I’d say this day represented the meat of the course. Here are my thoughts after day 2:
- To securely deploy a wireless network you had better brush up on your 802.1X, RADIUS, and PKI knowledge. Home WLANs are not the same thing as Enterprise WLANs; pre-shared keys (PSK) are not a scalable or manageable solution in most enterprise deployments. All SMB, or enterprise WLAN vendors support robust authentication when it comes to wireless networks so take advantage of these features.
- Role derivation is awesome! Having the ability to assign specific access policies and VLAN assignments to clients based on device type or group membership is a great way to avoid excessive SSID creation and provide granular control that matches the capabilities and requirements of each user/device. Regardless of the WLAN vendor you are using, I would highly recommned looking into this feature the next time you are thinking about creating a new SSID for a new business requirement. You just might save your self some configuration effort and eliminate needless wireless beacons at the same time.
Overall I’d say day 2 was a success. WLAN security is incredibly important so I was very happy to see that we spent the entire day exploring the various options available to us.
If you have thoughts, comments, or questions about WLAN security, please leave a note in the comments section.