> this. Should I be able to take a personal laptop that is not setup on our > domain, plug into our network, obtain an ip address dynamically through > our cisco router and browse the internet?
As other posts have alluded, there is a lot more to this question than meets the eye. If the business policy dictates that byod/guest access is to be allowed (a likely scenario in many cases IMHO), there is a baseline architecture to improve security. Create a guest vlan/subnet on the switch to be used by guests or other unmanaged devices. Create ACL entries on the switch so guest devices can only access the Internet and can't access the other internal vlans. Your 861W can do this. Things start to get more interesting if there will be an AUP/Captive portal, port security a la 802.1X, a need for guests to access certain internal resources, or a guest wireless infrastructure. ~JasonG _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
