You are configuring an autonomous wireless guest network for your customer.
The customer requires that guest users be unable to communicate with one another.
Which solution best meets this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D. E.E.
To meet the requirement of preventing guest users from communicating with each other on an autonomous wireless guest network, we can use public secure packet forwarding on the AP along with other measures to secure the switch ports.
Option A - Public Secure Packet Forwarding on the AP and Switch-Port Protected on the AP Switch Port: Public secure packet forwarding (PSPF) is a feature that blocks client-to-client communication at the AP. It is enabled by default on most autonomous APs. This option adds another layer of security by protecting the switch port on the AP. This means that only authorized devices can connect to the switch port on the AP, which helps to prevent unauthorized access and communication. However, this option does not completely prevent guest users from communicating with each other because they could still communicate through broadcast/multicast traffic.
Option B - Public Secure Packet Forwarding on the AP and Limiting the AP Switch Port to the Guest VLAN Only: This option is similar to option A, but it limits the AP switch port to the guest VLAN only. This further restricts guest users from accessing other VLANs on the network, which enhances security. However, like option A, this option does not completely prevent guest users from communicating with each other.
Option C - Port Security on the AP and 802.1X on the AP Switch Port: This option uses port security on the AP to limit the number of MAC addresses that can access the switch port. It also uses 802.1X authentication on the AP switch port to further authenticate and authorize devices. This helps to prevent unauthorized access and communication on the network. However, it does not directly prevent guest users from communicating with each other.
Option D - MAC Filtering on the AP Radio Interface and Switch-Port Protected on the AP Switch Port: This option uses MAC filtering on the AP radio interface to limit the number of MAC addresses that can connect to the AP. It also protects the switch port on the AP to prevent unauthorized access. While this helps to secure the network, it does not directly prevent guest users from communicating with each other.
Option E - Public Secure Packet Forwarding on the AP and Configuring the Guest VLAN on the Switched Network as a Private VLAN: This option uses public secure packet forwarding on the AP to prevent client-to-client communication. It also configures the guest VLAN on the switched network as a private VLAN, which isolates each port on the VLAN from each other. This provides the most comprehensive solution for preventing guest users from communicating with each other.
In summary, option E is the best solution for preventing guest users from communicating with each other on an autonomous wireless guest network. It uses public secure packet forwarding on the AP along with configuring the guest VLAN on the switched network as a private VLAN. This provides the most comprehensive solution for preventing guest users from communicating with each other.