MAC addresses, hostnames, and DHCP
klussier at comcast.net
klussier at comcast.net
Thu Dec 1 12:16:00 EST 2005
> As a matter-of-fact, it's a very BAD idea to have your wireless NICs
> on the same network as your wired NICs. Wired networks have a level
> of security you can never achieve with wireless. Therefore, the
> "Right Thing" to do is have your wireless network be completely
> separate from your wired network and be off of your DMZ. If they need
> to get "inside" from the wireless net, then, for clueful users, tell
> them to use SSH. If your ratio of clueful to clueless is too low,
> then it's time for a VPN.
Yeah, I thought about that. That is the way that I always set it up on a corporate LAN. But there is a need to have APs on the same wired network here (this is a lab-thing). It doesn't compromise my corporate LAN because the wired and wireless networks in the lab aren't connected to the corp. lan :-)
> Travis Roy <travis at scootz.net> writes:
>
> > But why have the same IP on two different MACs? or even the same hostname?
>
> As a matter-of-fact, it's a very BAD idea to have your wireless NICs
> on the same network as your wired NICs. Wired networks have a level
> of security you can never achieve with wireless. Therefore, the
> "Right Thing" to do is have your wireless network be completely
> separate from your wired network and be off of your DMZ. If they need
> to get "inside" from the wireless net, then, for clueful users, tell
> them to use SSH. If your ratio of clueful to clueless is too low,
> then it's time for a VPN.
>
> And *that* means you should put all your completely untrustworthy
> systems which need to be accessed by these clueless people on a
> totally separate and and isolated subnet so that when they access this
> stuff from home using the VPN and infect their Exchange server, your
> clueful users don't suffer :)
>
> --
>
> Seeya,
> Paul
More information about the gnhlug-discuss
mailing list