Cisco Meraki wireless access points (WAPs) are some of the most popular in the industry. Resulting from the overall shift from wired to WiFi networks, Meraki is often a IT admin’s first choice when it comes to WAPs. However, solutions from Aruba and Ruckus get a fair amount of consideration as well. As an important aspect of managing and securing WiFi environments, many IT admins are leveraging VLAN tagging with Meraki equipment.
Physical VLAN Networking
IT networks have historically been connected via wires and switches/routers. Part of the security model with wired networks was greater physical control. IT admins could manage Virtual Local Area Network (VLAN) access by assigning designated ports on a switch to a specific group of users. Accounting would get assigned to a grouping of ports while Marketing was on another. This helped to segment traffic and increase security. The security of the network these physical devices emit has been radically improved with software. But, with organizations shifting to WiFi, the security model must also adjust as well.
Security Improvements via RADIUS
One way that IT admins have begun to step up the security posture on their WiFi networks is through RADIUS authentication. RADIUS offers an excellent increase in security for WiFi networks because it enables users of a given network to log in with their own unique set of credentials. For example, think about a large college campus where students each access the network using a university-assigned username (often a student number) and a password created by the student. By eliminating the shared SSID and passphrase commonly used for WiFi access, network security is increased because only those registered with the university can access the student network. It’s the same scenario for instructors. Yet, some IT admins are seeking to increase their network even further, and VLAN tagging – or network segmentation – is often considered.
VLAN Tagging, Groups, and Additional Equipment
As stated above, the idea is to create separate VLANs for different groups of users on the network so that they can only communicate and access the resources that have been explicitly granted (Read more...)