By Ken Spickler -
WiFi, even using WPA, can be somewhat easily compromised. We've taken a similar access-via-VPN approach, too. I guess it all depends on what you can stomach...
Ken Spickler
Sent from my iPhone, srry for tpos.I think its a bad idea to treat WiFi diff then wired clients.
Your policies should reflect user group rather then layer 1.
Brian
From: Jeremy Lang <jeremy.lang@it4vfx.com>
Sent: Wed Feb 15 12:36:34 PST 2012
To: discuss@studiosysadmins.com
Subject: Re: [SSA-Discuss] Laptops and IP reservations / handling in your offices...
I kinda like the two birds with one stone approach: all wireless is on an external (naughty) subnet, people who justifiably need more than just Internet get the ability to VPN. In-office it's just about as quick as being on that net, and they can now do all the same stuff wherever they need to...
__
Jeremy M. Lang
it4vfx
¯¯¯¯¯¯¯¯¯¯¯¯¯¯On Wed, Feb 15, 2012 at 8:17 AM, Brian Krusic <brian@krusic.com> wrote:Yep, reserve on both interfaces and assign a name like johndoe.domain.name so that my sflows make sense.
I also do diff subnets for traffic shaping.
Brian
From: Tommy Asbee <tommy@a52.com>
Sent: Wed Feb 15 08:13:04 PST 2012
To: discuss@studiosysadmins.com
Subject: [SSA-Discuss] Laptops and IP reservations / handling in your offices...Hi Guys,
Question for everyone....
Was wondering how you handle laptops in your offices... More interested in what you do with producers and such who may plug in for a part of the day, but also roam around wirelessly.. Do you set reservations on the ethernet mac addresses?
I hope that makes sense
-Tommy