Manualshelf

Technical data

ManualsBrandsMeru Networks ManualsComputer equipmentOAP180
141142143144145146147148149150
128 Meru System Director Configuration Guide © 2012 Meru Networks, Inc.
Configure a Security Profile With the CLI
Configure WPA2 With the CLI
The controller supports the WPA2 standard that includes CCMP encryption which is
considered extremely secure. Implementing WPA2 provides the highest level of secu-
rity that the Meru Meru Wireless LAN System offers.
Additionally, if 802.1X is implemented at the site, automatic key exchange is
provided by the Radius server. Existing primary and secondary Radius Server Profiles
can be assigned from within the Security Profile to leverage the existing 802.1X
authentication. Otherwise, the WPA2-PSK configuration can be implemented.
Example WPA2 Configuration
To configure WPA security with the Web UI, click Configuration > Security > Profile.
Click Help for option details. Note that you can configure MIXED WPA and WPA2 in
release 3.6 and later.
The following CLI example creates the profile named wpa2-ccmp that enables WPA2
for Layer 2, sets the encryption mode to CCMP-AES, and names the Radius server in
the main-auth profile as the primary Radius authentication server.
default(config)# security-profile wpa2-ccmp
default(config-security)# allowed-l2-modes wpa2
default(config-security)# encryption-modes ccmp
default(config-security)# radius-server primary main-auth
default(config-security)# exit
default(config)# exit
radius-server secondary
profile
Optional. In Security Profile configuration, specifies the Radius
profile containing the configuration parameters for the
secondary Radius server.
rekey multicast-enable
Optional. In Security Profile configuration, enable the multicast
key broadcast.
[no] 8021x-network-initiation
In Security Profile configuration, determines 802.1X initiation
method. When enabled (default), the AP sends the first EAP
packet (an EAP ID request) to the wireless station to start
802.1X after the wireless station completes 802.11
authentication and association to an 802.1X-enabled ESSID.
With the command no 8021x-network-initiation, the wireless
station sends an EAPOL Start packet to the AP to start the
802.1X exchange.
Table 6: Commands Used to Create Security Profiles