Technical data

Chapter 8

Configuring Security

System Director provides industry-standard security options that can be implemented

according to the requirements of the ESSID (and VLAN, if so configured) to protect

the site’s wireless and, as a result, wired LAN infrastructure.

 Configuring Wireless LAN Security

 Configure a Security Profile With the Web UI

 Encryption Support

 Configure GRE Tunnels

 Configure a Security Profile With the CLI

 Policy Enforcement Module

 Proactive Spectrum Manager

 RSA SecurID Authentication

 Configure MAC Filtering

 Security Certificates

Also see the security-related chapters Authentication, Captive Portals for Temporary

Users, and Rogue AP Detection and Mitigation.

Configuring Wireless LAN Security

In Meru Wireless LAN System, Layer 2 and Layer 3 security options are enforced by

creating Security Profiles that are assigned to an ESSID. As such, they can be tailored

to the services and the structure (virtual LAN, Virtual Cell, etc.) offered by the ESSID

and propagated to the associated APs. Security profiles for a controller can also be

configured from E(z)RF Network Manager. You can tell where a profile was configured

by checking the read-only field Owner. The Owner is either E(z)RF or controller. The

general security configuration tasks are as follows:

1. Create VLANs to keep the client traffic in each SSID secure and separate from

clients in other SSIDs. See the chapter Configuring VLANs for directions.