The upcoming IEEE 802.11s standard enables easy establishment and maintenance of wireless mesh networks in residential and enterprise scenarios. They, however, need special attention with respect to security. Due to multi-hop communication and routing on layer 2 in mesh networks, attacks on the routing, selective forwarding, and eavesdropping on confidential data become relatively easy. To avoid such attacks, we introduce differentiated security which is based on protection levels associated with nodes in the network. Participation in the MAC layer routing is facilitated according to the respective protection level of a node. Using additional cryptographic protection our approach can also avoid unintentional disclosure of confidential data.