Cisco 9800 Wireless 2024 – Phase 13 – Part 1 – PoC

Lab topology:

Objective: Demonstrate that BYOD and guest can be successfully implemented and segmented.

Network security is a critical component of modern organizational infrastructure, ensuring data confidentiality, integrity, and availability. It encompasses the strategies, technologies, and processes to protect networks, devices, and data from unauthorized access, cyberattacks, and disruptions. A robust network security framework mitigates risks while enabling operational efficiency and regulatory compliance.

By achieving this balance, organizations can ensure secure operations without sacrificing productivity, fostering an environment where security policies and functionality complement each other rather than compete.

Integrating BYOD and guest networks into an organization’s infrastructure has unique challenges. Ensuring secure and seamless integration requires thorough due diligence, meticulous care, and extensive testing to mitigate risks and maintain network integrity.

Challenges:
  1. Security Risks:
    • Untrusted Devices: BYOD and guest devices may lack the necessary security controls, exposing the network to malware or unauthorized access.
    • Data Leakage: Devices may access sensitive data and inadvertently leak it outside the organization.
  2. Network Segmentation:
    • BYOD and guest devices should operate on isolated network segments to prevent unauthorized access to internal resources.
    • Misconfiguration in segmentation can lead to vulnerabilities.
  3. Compliance Issues:
    • Certain industries have strict compliance requirements (e.g., GDPR, HIPAA). BYOD and guest networks can make ensuring compliance more complex.
  4. Device Management:
    • Organizations have limited control over personal devices, making enforcing security policies challenging.
    • Identifying and authenticating devices properly is a critical but complex task.

The mobility configurations can be found here and here. This lab will focus on securely segmenting BYOD and guest traffic.


Configure the firewall’s sub interfaces to support BYOD and guest wireless
interface GigabitEthernet0/0
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/0.777
 vlan 777
 nameif DMZ_WLAN_MGMT
 security-level 50
 ip address 10.0.77.23 255.255.255.192
!
interface GigabitEthernet0/0.778
 vlan 778
 nameif WIRELESS_778
 security-level 50
 ip address 10.0.78.23 255.255.255.192
 dhcprelay server 10.0.66.2
!
interface GigabitEthernet0/0.779
 vlan 779
 nameif WIRELESS_779
 security-level 50
 ip address 10.0.79.23 255.255.255.192
 dhcprelay server 10.0.66.2
!
interface GigabitEthernet0/1
 nameif INSIDE
 security-level 100
 ip address 10.0.0.23 255.255.255.192
!
interface GigabitEthernet0/2
 nameif DMZ
 security-level 50
 ip address 10.0.66.23 255.255.255.192

!

Configure the DMZ DHCP scopes for VLAN 778 and VLAN 779
  • Repeat the above steps to create VLAN 779

Two new scopes were created

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.