Because wireless network security is relatively low, wireless networking enterprises and institutions need to consider the following factors:
Wired and wireless network segments separated from each other.
Office and guest wireless radio also needs to be isolated from each other.
Wireless terminal each segment of recommended control in less than 150 to avoid broadcast storms.
Employees within the network access authentication or equipment to do the binding.
Visitors real-name authentication (optional)
Usually such a network structure:
Because the wireless router's stability is not high, it is the primary route is not recommended to use the wireless device. We can do with a wired router gateway, behind series online behavior management equipment. You can also manage gateway or firewall to make direct use of online behavior.
Recommended networking using the thin AP. Unified management by AC controller.
1. Different VLAN division
Wired, wireless office, guest wireless uses different VLAN.
Configure firewall policies to prevent visitors wireless access to the network. This can effectively protect the enterprise network information security, to avoid unauthorized access from unknown sources.
2. Binding wired network and office wireless network equipment
Internal network access device to be strictly limited, even if the wireless password leak, but also to avoid unsafe devices to access the corporate intranet.
3. Turn on the wireless segment Verified guests
Guests must go through before they can access real-name authentication, and retained access log.
In summary, such a network architecture not only meet the needs of network security, but also for the guests and provide the real-name certification audit and record Internet behavior management.