Secure Enterprise Wireless LAN (WLAN) Infrastructure

Wireless Communication Specialization Project

This project involved implementing a production-grade, secure, segmented wireless LAN infrastructure. The core network was containerized and virtualized inside a Proxmox VE environment, bridged to a physical managed switch and a hardware Cisco Catalyst Access Point.

I deployed a virtual Cisco Catalyst 9800-CL Wireless Controller (WLC) to coordinate AP radios. The infrastructure hosts three separate SSIDs (Corporate, Guest, IoT) mapped to different VLANs. Security measures include WPA3-Enterprise (802.1X EAP-PEAP) authentication against a custom FreeRADIUS server, a localized Web Captive Portal (LWA) for guest visitors, and strict inter-VLAN firewall rules inside an OPNsense router.

Interactive Wireless Topology Explorer

Explore the integration between virtual hypervisors and physical network hardware. Click on the devices or filter by layer to inspect configurations.

Wireless Infrastructure Topology

Click on any component in the topology map above to inspect its interface parameters, subnets, and active configurations.

Key Implementation Details

Cisco Catalyst WLC (9800-CL)
Configured profile policies, RF tags, and AP join profiles using DHCP Option 43 overrides for CAPWAP discovery.
FreeRADIUS (802.1X)
Deployed FreeRADIUS inside a Linux LXC container, configuring clients and authentication profiles for EAP security protocols.
Firewall & Gateways
Managed inter-VLAN blocking policies in OPNsense to prevent IoT or Guest clients from pinging or reaching management networks.
Physical VLAN trunking
Configured Cisco Switch interfaces with trunk encapsulation, matching native VLAN commands on uplink interfaces.