Technical data
Configure a Security Profile With the Web UI
© 2012 Meru Networks, Inc. Configuring Security 117
20. In the MAC Filtering list, select one of the following:
— On: Enables MAC Filtering for this security profile.
— Off: Disables MAC Filtering for this security profile.
21. In the Firewall Capability drop-down list, select one of the following:
— Configured: The controller defines the policy through configuration of the
Firewall filter-id.
— Radius-configured: The Radius server provides the policy after successful
802.1X authentication of the user. This option requires the Radius server have
the filter-id configured. If this is not configured, the firewall capability is not
guaranteed.
— None: Disables the Firewall Capability for this security profile.
22. In the Firewall Filter ID text box, enter the firewall filter-id that is used for this
security profile. The filter-id is an alphanumeric value that defines the firewall
policy to be used on the controller, when the firewall capability is set to
configured. For example, 1.
23. In the Security Logging drop-down list, select one of the following:
— On: Enables logging of security-related messages for this security profile.
— Off: Disables logging of security-related messages for this security profile
24. In the Passthrough Firewall Filter ID text box, enter a firewall filter ID that was
created using Configuration > QoS > System Settings > QoS and Firewall Rules
> Add. The filter ID is an alphanumeric value that defines the firewall policy to
be used on the controller for a Captive Portal-enabled client that has no
authentication.
25. Click OK.
Wi-Fi Protected Access (WPA and WPA2)
Meru Meru Wireless LAN System supports both WPA2 and WPA protocols that have
been presented by the Wi-Fi Alliance as interim security standards that improve upon
the known vulnerabilities of WEP until the release of the 802.11i standard.
In WPA2, the WPA Message Integrity Code (MIC) algorithm is replaced by a message
authentication code, CCMP, that is considered fully secure and the RC4 cipher is
replaced by the Advanced Encryption Standard (AES), as described in CCMP-AES.
WPA includes the encryption protocol TKIP (see TKIP) and leverages existing 802.1X
authentication (see 802.1X Authentication), including the dynamic key management
facility.
If 802.1X authentication is not available (in a SOHO, for example), WPA2-Personal or
WPA-Personal can be implemented as alternatives and provide for manual key distri-
bution between APs and clients.
To achieve a truly secure WPA/WPA2 implementation, the installation must be
“pure,” that is, all APs and client devices are running either WPA-Enterprise or
WPA2-Enterprise. Implement this for Meru Wireless LAN System with an ESS that uses