We have a prety well configured WLAN: WPA+TKIP using Radius and client certficates. (we have 150 W2kXP machines using this setup). All APs are Cisco AP1200s and support multiple VLANS
Now we want to add in some Wireless projectors *without* compromising our security. Problem is that that projectors (Sony) only support WEP 128 (which they promote as *secure*) through their air-shot technology (come on Sony get WPA support worked out!).
Question: Any recommendations for the bset way to setup these WEP devices so that they dont act as a weak point into our otherwise secure WLAN? I thought: a) Create NEW SSID called WEP128 and associate with new VLAN b) setup projectors to connect to that SSID b) Set Mac address filter on the APs for the projectors mac addresses (there are only a few and they dont move so list is not dynamic) c) Some sort of access lists at the router to control packets between WEP128 and the rest of the LAN - I'd need to work out what packets need to travel across to the projectors.
Any better ideas? Anyone done this already? Anyone know when Sony will have WPA on their projectors?
What are the risks:
- someone spoofs the projector Mac address and gets onto the WLAN and gets an IP
- someone breaks the WEP key and reads traffic between the projector and the client PC - depending on the traffic this might be useful......
- anything I forgot?
Al Blake, Australia