Archive for October, 2010

All New Dashboard Radio Settings Page

Meraki’s AutoRF technology performs automatic cloud-based, system-wide network optimization to ensure peak network performance in any environment.  Each AP on a Meraki network continually monitors its environment for interference from other APs and feeds this information back to the Cloud Controller.  Last month we added Spectrum Analysis, mitigating interference from non-WiFi devices like microwave ovens and Bluetooth headsets.

AutoRF has always run quietly in the background.  But now, our new Radio Settings page gives you more visibility into what’s happening behind the scenes, and exposes new controls for advanced configuration.

The new Radio Power selector either allows the Cloud Controller to automatically dial back transmit power if it detects adjacent access points stepping on each others’ toes, or allows you to maintain full power for all APs.

The Channel Planning Report sheds light on how AutoRF is tuning your network, providing  visibility into the current channel and transmit power settings for each AP,  as well as the interference sources that were avoided.  If you click on the “Details” link next to each row in the table, you will find a detailed report for all of the APs in your network on a particular channel.

Regular users of the Cloud Controller will notice that some settings previously found under Network Wide Settings have moved to this page, where they fit naturally.

We hope that you find this Radio Settings page helps you better understand how the Cloud Controller is optimizing your network, and helps you to make more informed decisions about how to use the Cloud Controller’s RF controls.  Please let us know what you like, what you don’t, and what you’d like to see next!

What’s better than Traffic Visibility? Traffic Shaping!

Last month we announced our new Traffic Shaper feature and gave administrators unprecedented visibility into the wireless traffic on their network, providing the ability to see what might be bogging down their network, be it YouTube, BitTorrent or too many users uploading pictures to Facebook.  Now, with the new Traffic Shaper page in Dashboard, administrators finally have the tools to not only see what kinds of recreational applications are taking over their network but to do something about it!

Administrators can now create application-specific shaping policies for total control over their wireless bandwidth.  Let’s say your Sales team needs snappy access to Salesforce.com at all times, but most of Engineering is streaming World Series games and consuming all of your bandwidth.  With Traffic Shaper, shaping policies can be created that apply per user bandwidth limits for specific applications such as video streaming sites, as well as apply QoS priority levels at both Layer 2 and 3 to make sure your Salesforce traffic gets prioritized across the network.

To make setting up new shaping policies fast and simple, we have created pre-defined groups of applications that administrators most commonly want to shape:


Administrators can also create more specific policies for particular applications using HTTP hostnames (eg. salesforce.com), IP and port numbers.  Here is an example of a typical shaping policy that you would see in an office setting:

In this example, a rule has been created to apply a 1 Mbps bandwidth limit to all users on the Meraki-Corp SSID for Peer-to-Peer and streaming video and music applications.  A second rule has also been created to provide Layer 3 QoS prioritization to applications that are critical to this business, Salesforce.com and Dropbox.com, as well as to provide unlimited bandwidth to these applications.

Since Traffic Shaper can leverage the intelligence of over 16,000 customer networks through the Meraki Cloud Controller, Traffic Shaper’s database of application signatures is always updated.  As new P2P and social media applications appear on the scene, they will be quickly fingerprinted and added to the Cloud Controller database for our customer networks so that administrators are never caught unaware by the next BitTorrent.

Traffic Shaper can now be found under the Configure tab in Dashboard.  If you are interested in learning more about how Traffic Shaper works, we invite you to join us for a webinar that we’ll be conducting about Traffic Shaper on November 2nd.  Details can be found here:


Leave the bug spray to us

Cisco recently issued a security advisory about several serious vulnerabilities for its wireless LAN controllers, including DoS, privilege escalation, and ACL bypass vulnerabilities. These liabilities could allow attackers to modify your controller’s configuration or bypass your ACLs—so if it were my network, I’d certainly want a fix.

Cisco issued software updates, but they’re no quick-snap remedy. Here’s what I’d need to do before I could download the new release:

  1. Follow Cisco’s instructions on the command-line to determine which software version is running on my controller.
  2. Verify if my software version is an affected release. If it is, confirm which versions are “fixed” and note the “recommended release.”
  3. Download and install the patch.
Cisco Patch Compatibility

A few of the steps for determining patch compatibility from cisco.com

The real kicker is what I’m signing up for when I actually install the patches.  From Cisco’s advisory:

In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release…  Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

We don’t mean to pick on Cisco here, and we certainly aren’t implying that one vendor’s products are more secure than another’s.  With any complex system, bugs and security patches will happen.  But the customer experience of dealing with these patches for traditional, behind-the-firewall appliances like wireless controllers is a royal pain. At best, they result in headaches, downtime, and frustration.  At worst, administrators miss patches altogether, and their systems are vulnerable.  Fortunately, The Cloud points to a better way.

The Cloud Controller, like other cloud applications such as Gmail and Salesforce.com, is always up to date.  We push out new features, bug fixes, performance improvements, etc. several times a day.  This is completely invisible to the customer, save for new features appearing from time to time.  (How we do this, and maintain quality, is pretty interesting, but we’ll save that for another post.)

But what about the firmware running on our APs?  They aren’t in the cloud…  Are they resigned to the fate of traditional patch management?

Fortunately, an AP that can be managed from the cloud can also be upgraded from the cloud, seamlessly and automatically.  Our Cloud Controller knows with certainty that all of the Meraki access points deployed around the world are up to date, with the latest features, fixes, and yes, security patches.

Since we can install firmware seamlessly, over the web, we’ve been able to release new firmware every three months or so, continually delivering new features to our customers. We just did one, in fact – with firmware support for application-aware traffic shaping.

Here’s what our customers saw in their dashboard before the update:

Meraki Upgrade Notification

Firmware Upgrade Notification in the Meraki Dashboard

Customers can let the upgrade happen on its own, schedule it when they want it, or click “Upgrade Now” to get it right away. It’s worth noting that the upgrade process was engineered to be completely fault tolerant.  Say, for example, you lose power in the middle of a firmware update.  No problem, the AP will boot up with its previous firmware once power is restored.  This technology has let us do quarterly upgrades for four years straight and keep customers happy.

We’re excited about how this system has not only eliminated headaches for our customers, but has also enabled us to innovate much faster.  We hope to see this architecture spread to other types of infrastructure, so patch management nightmares some day become a thing of the past.