Hi all,
I have a question about Cisco wireless AP with VLAN and I hope someone can help me. We are using Cisco AP1200 with PEAP and ACS server. I know that Cisco AP can configure VLAN for different security level. Suppose I have this environments:
Wireless:
- SSID: SSID_Int
--- vlan 1
--- for internal staff
--- username: marketing01
--- access right: all internal network
- SSID: SSID_ext
--- vlan 2
--- for vendor
--- username: vendor01
--- access right: Internet only
All users accounts are stored in the ACS server. I suppose the user account "vendor01" can only access the AP using the SSID "SSID_ext". How about if the vendor change their SSID to "SSID_int" and use the "vendor01" account? Can it access the internal network? As I know, the ACS should not know the authentication request is from which vlan. If so, it will be very danger. Please advise. Thanks.
Regards, Dovelet