Here's the workshop:
1. Wireless gateway authenticate first logon user and authorize services to this user.
2. The following users under the AP with NAT function will just pass the gateway without authentication.
3. Even I used fixed IP for AP and using ACL on the L2 switch which filtering the rogue users and APs
4. Assuming that the users may replace APs by their own, e.g. they are not compliant the wireless security policy.
Can you block the rogue user? Can you block the rogue Aps?
Please reply your opinions, thank you.
Just a take at this:
MAC filtering while good, is easily spoofable but can help deter some hackers.
ACLs can be a nightmare if you have lots of APs and users associating. I would try to stick with an enterprise AP that matches the capabilities of the gateway. A hybrid AP persay?
Bottom line: Rogue APs are easily placed on your network. You need some RF management tools/IDS to catch them and block them.
There is little leeway around this anomaly, regardless of how many layers of security are designed.
But, I do like the thought of using a firewall?
They have great products, as well as does Proxim.