Technical data
116 Meru System Director Configuration Guide © 2012 Meru Networks, Inc.
Configure a Security Profile With the Web UI
—
On: The controller initiates 802.1X authentication by sending an EAP-REQUEST
packet to the client. By default, this feature is enabled.
— Off: The client sends an EAP-START packet to the controller to initiate 802.1X
authentication. If you select this option, the controller cannot initiate 802.1X
authentication.
13. 802.1x Termination: 802.1x-Termination is provided by IOSCLI and Controller GUI,
to perform configuration on per-security profile basis. Select one of the following
in the 802.1x Termination list:
— PEAP: PEAP (Protected Extensible Authentication Protocol) is a version of EAP,
the authentication protocol used in wireless networks and Point-to-Point
connections. It is designed to provide more secure authentication for 802.11
WLANs (wireless local area networks) that support 802.1X port access control.
It authenticates the server with a public key certificate and carries the
authentication in a secure Transport Layer Security (TLS)
— TTLS: TTLS (Tunneled Transport Layer Security) is a proposed wireless security
protocol.
14. If the Static WEP Key mode is used, in the Shared Key Authentication list, select
one of the following:
— On: Allows 802.1X shared key authentication.
— Off: Uses Open authentication. By default, this feature is off.
15. In the Pre-shared Key text box, enter the key if either WPA-PSK or WPA2-PSK was
selected in step 2 above. The key can be from 8 to 63 ASCII characters or 64 hex
characters (hex keys must use the prefix "0x" or the key will not work).
16. In the Group Keying Interval text box, enter the time in seconds for the interval
before a new group key is distributed.
17. In the Key Rotation drop-down list, select whether to enable or disable this
feature.
18. The timeout value for Backend Authentication Server Timeout can be 1-65535
seconds.
19. For Re-authentication, select one of the following:
— On: Causes the controller to honor and enforce the "Session-timeout" Radius
attribute that may be present in a Radius Access-Accept packet. A customer
would use this option if the Session-timeout attribute is used to require
stations to re-authenticate to the network (802.1X) at a specified period. If
"Session-timeout" is not used, there is no reason to enable re-authentication.
— Off: Disables re-authentication for this security profile.
Note:
Note that when 802.1x Termination is enabled, Meru’s default
certificate is used. In this case, the certificate must be “trusted” on the
wireless client end in order for authentication to be successful. Refer to
Security Certificates for details on how to import a certificate.
Note:
When PEAP/TTLS is configured on the Radius server, PEAP/TTLS
termination should be disabled.