Meraki’s built-in security functions are designed to provide the best practices in enterprise wireless security to administrators without requiring complex or error-prone configuration.
Summary
• Implement security best practices without error-prone, complex configuration
• Virtual wireless networks with distinct security policies and VLAN tagging
• Support for WPA2 Enterprise (802.1x authentication)
Enterprise-Grade Security and Traffic Isolation
Modern enterprise wireless networks are responsible for serving several hundreds or thousands of user devices, ranging from employee and guest laptops, to mobile voice handsets to standalone equipment such as IP surveillance cameras. Meraki’s Virtual Network Isolation technology enables administrators to create multiple virtual networks for each type or class of traffic on one physical network, eliminating the need to deploy multiple sets of wireless access points.
With Virtual Network Isolation, administrators can define several distinct virtual wireless networks, each with its own security policies. Traffic from each virtual network can be assigned a separate, configurable VLAN tag, for integration into existing wired infrastructure which provides isolation or traffic prioritization. Administrators can also define settings such as whether clients can communicate with each other or only connect to the Internet, whether they need to login prior to gaining network access, or if their traffic should be classified as priority voice traffic or bulk data.
For example, a single network can offer the following four forms of network access:
|
|
|
|
Users |
Employees |
Guests |
Phones |
SSID |
Corp |
Guest Access |
Corp - VoIP |
Network Access |
LAN & Internet |
Internet Only |
LAN & Internet |
Client Bandwidth |
Unlimited |
5 Mbit/s
|
Unlimited |
Quality of Service |
Normal |
Normal |
High |
Authentication |
802.1x / LDAP |
Open |
WPA2-PSK |
Service Parameter
All of these configuration settings are available to administrators through an intuitive interface, which any IT professional can configure without special training.
Strong Network Authentication
Each virtual network can be configured with a range of access security methods, ranging from fully open for guest access to WPA Enterprise / 802.1x. The Meraki system is designed to integrate seamlessly with on-site directory services such as Microsoft Active Directory or RADIUS.
For enterprises that would like to use directory-based authentication, but would prefer to not operate additional servers, Meraki also offers a built-in directory service. Meraki’s built-in RADIUS servers are pre-configured to provide certificate-based EAP authentication and compatibility with the vast majority of client access devices out of the box, while offering the strongest form of wireless network security. |