Manualshelf

Technical data

ManualsBrandsMeru Networks ManualsComputer equipmentOAP180
161162163164165166167168169170
140 Meru System Director Configuration Guide © 2012 Meru Networks, Inc.
Configure MAC Filtering
default(config-radius)# ip-address <IP of the RSA server>
default(config-radius)# key secure-secret
default(config-radius)# exit
Configure MAC Filtering
MAC filtering controls a user station’s access to the WLAN by permitting or denying
access based on specific MAC addresses. A MAC address is unique to each IEEE
802-compliant networking device. In 802.11 wireless networks, network access can
be controlled by permitting or denying a specific station MAC address, assigned to its
wireless NIC card, from attempting to access the WLAN.
The Meru Wireless LAN System provides MAC filtering using the following methods:
Locally on the Controller, through the administration of an Access Control List
(ACL) that permits or denies access for specific stations based on their unique MAC
addresses. Two ACLs are available for MAC filtering:
Permit ACL, which limits access to only those MAC addresses on the permit list
Deny ACL, which specifically disallows access to those addresses (clients) on
the deny list
Changes made to the local access/deny ACL are implemented in real time. For
example, if a user currently on the WLAN is removed from the permit list, they
are immediately dropped from the WLAN.
Remotely, in conjunction with the Radius Server, which is configured to authorize
access to a set of MAC addresses. The user authentication follows the procedure
shown in Radius Authentication, but a MAC address is used for user validation.
If the Controller Deny ACL is enabled, those addresses on the Deny list overrule
MAC addresses on the Radius Server. Changes made to the MAC addresses on the
Radius Server are not implemented in real time.
Per ESS, which allows MAC filtering to be enabled or disabled in the associated
Security Profile, overriding the MAC filtering setting on the controller, or on the
Radius server.
The state that is set for the MAC filtering option determines the type of access
control in use, with the precedence in the order of ESS Security Profile setting, local
MAC filtering list, and then the Radius Server state:
For Controller ACL administration, the valid states are:
disabled: (default) both the permit and deny ACLs are inactive, even if they
contain MAC addresses
permit: permit ACL is enabled and deny ACL (if it exists) is disabled
deny: deny ACL is enabled and permit ACL (if it exists) is disabled
For remote Radius Server administration, the valid states are:
enabled
disabled