some of you may have seen my last blog post about the preparation of the Troopers network. Today I want to give you a little teaser on what to expect for the talk I will present during the IPv6 Security Summit. As the title implies, it’s not only about building a secure IPv6 WiFi, but also a reliable one. One might think that there aren’t many differences in comparison to IPv4, but the heavy reliance on multicast of IPv6 does have implications for Wi-Fi networks in general.
We will start with the problem statement making sure everyone understands the issues one will face when deploying IPv6 in WiFi networks and, of course, we’ll cover how to tackle those. Besides the general aspects I will show you how we setup our WiFi network (including detailed configs of all relevant devices). For the first time we will have the main SSID of Troopers IPv6-only with a NAT64 gateway (providing connectivity to legacy-only resources) and in addition a “legacy” one with a common dual-stack implementation.
My main goal for the network is to get rid of IPv4 as much as possible. This also includes the management of the devices, syslog, SNMP, netflow (transport) etc. and I am pretty excited to see how far I will get. The results will of course be shown during the presentation. The last part covers the security aspects of IPv6 in Wi-Fi. As you can see in my workshop on the first day, there are some attacks technique which can have quite a huge impact on the network when not dealt with properly. I will cover what IPv6 security features are currently available on our WLC and how one should configure those (namely in guest WLANs).
I hope to see you during my presentation. It’s not too late to sign up and we would love to welcome you at the IPv6 Security Summit!
Have a nice week everybody!