Archive for March, 2011

New MX Router Features and Expanded Availability

In January, Meraki introduced the industry’s first cloud-managed routers, the MX series. We’ve been selling the MX50 and MX70 directly to end customers, and the feedback we’ve received has been quite positive and enthusiastic. We shared some of that feedback in the blog post about the new router webinar.

Now available through your favorite reseller

Today we’re happy to announce that the MX50 and MX70 cloud-managed routers are available through our channel and for sale through your favorite reseller, starting April 1. We now have over 700 resellers, and this means you can purchase the MX routers through the same trusted partners that also carry our wireless access points. The MX50 Cloud Manager Router lists starting at $995.

New 1:1 NAT and DMZ

That’s not all. Our team continues to work hard on enhancing the MX and integrating even more useful tools. We’re now adding 1:1 network address translation (NAT) and demilitarized zone (DMZ) capabilities.

1:1 NAT is a form of NAT that assigns one public IP address to one private IP address. 1:1 NAT/DMZ is useful when exposing a group of internal servers to the outside world while still protecting the corporate network. For example, web servers need to be exposed to the outside world so that users can establish inbound connections, but this should not compromise the security of the internal corporate network. Using 1:1 NAT, the web server can be placed in a DMZ such that external users can access it (and only the web server), internal users can access it, but external users cannot access the internal network.

Configuration in dashboard is very easy. Simply enter the external and internal IP addresses as shown in the example below.

Figure 1: 1:1 NAT configuration in dashboard

The MX routers can also connect two sites over a secure site-to-site VPN connection. Suppose a user at one location is assigned an internal IP address. The routers automatically discover and configure the appropriate routing entries that establish the link between sites, traversing NAT and firewalls as necessary. Figure 2 shows an example configuration between several sites in northern and southern California.

Figure 2: Site-to-site VPN configuration in dashboard

Punching through

When deploying the MX routers for site-to-site VPN, you don’t need to worry about the link between each site. The MX automatically punches through to the other side to establish a secure and persistent link. The VPN connection is established using IPsec with 128-bit AES for encryption, a secure standard commonly used for VPN. This also means you can deploy the MX router behind an existing 3rd-party firewall or router. The whole process is zero-config. You don’t need to manually provision the MX or supply entries to a routing table – the MX works through the cloud to discover the correct routes and automatically establish the secure layer 3 site-to-site VPN.

We’re not stopping here, either. Keep an eye out for more router enhancements coming soon. If you want to get your hands on an MX router, you can sign up for a free trial online, or call us at 1-888-490-0918 (outside the US: +1 415 632 5800).

If you’re a reseller and are interested in learning more about how the MX can help your customers, we’re running a training webinar exclusively for resellers on Thursday, April 14, at 11:00 AM Pacific time.


What is an Organizational Admin? Good Question!

Certain Dashboard administrators will now notice a new tab in Dashboard, Organization, that has appeared between the Configure and Help tabs.

All networks in Dashboard actually reside in an “organization”, or collection of networks.  Typically our customers create a network for each unique physical site or building, depending on how they have structured their wired network.  There is now a new level of administrative privilege: the organization administrator.  So what is important about organizations and organization administrators to Meraki customers?  There are a few important points:

1.  Licenses are applied across organizations.

When adding APs to a network, a license is purchased with each AP.  An organization must contain valid licenses covering all of the devices in the entire organization.  For example, if an organization contains a network with a license that is valid for ten devices but only five APs have been added, and a second network is created to which five additional APs are added, no other license would be required, since a license covering all ten APs already exists in the organization.

2.  Organization administrators have visibility into all networks within the organization.

Organization administrators can “see” all the networks in an organization.  There are two levels of organization admin: read/write, or full, and read-only.  Read/write admins can add other organization admins, and have read/write access to all networks in the organization.

The administrator that creates the first network in an organization will automatically be designated as an organization admin, and can then add others if necessary.  For a typical distributed organization with a central IT group at HQ and local IT presence at each remote office, a typical configuration would be for the IT managers at HQ to have organization administrative privileges, and for the IT folks at the remote sites to be designated as network administrators for their individual site networks.  For administrators that only have network-level privileges, the Organization tab will not be visible.

Organization administrators provide the ability to customize the administrative accounts to match the organizational structure of the IT team, with just the right level of control and visibility for each administrator.  We will continue to add more functionality to the Organization tab in the future!





When 24×7 Isn’t a Good Thing: New SSID Schedules!

Easy Internet access for guests makes WiFi a very attractive amenity for many retailers and restaurants, where it can be a differentiator in a crowded market of competitors.  Libraries and schools are now expected to offer ubiquitous wireless access across their campuses and often want to offer free WiFi to the local community.  The ease of deployment and trouble-free management of Meraki WiFi networks make it simple to deploy guest access across all of these types of organizations and more.

However, sometimes administrators don’t want to offer free wireless access around the clock.  An open WiFi network can mean that folks hang around in the parking lot long after business hours, causing complaints from residential or business neighbors.  With Meraki’s new Scheduled SSID feature for Enterprise networks, administrators can automatically turn an SSID off outside of a set schedule without the need to even log into Dashboard.  Standard templates are available for typical business hours, or a custom schedule can be created for each individual day.

This feature can be found on the new SSID Availability page.  We’ve also moved the controls for hiding an SSID to this page as well from the Access Control page to make it easy to find all SSID broadcast-related controls.

Give us feedback via the Make a Wish box in Dashboard!  Enjoy!

It’s Here: Triple-Stream 802.11n MIMO

Meraki MR24

Figure 1: Meraki MR24

Everyone at Meraki is extremely excited about the newest member of our enterprise 802.11n access points: the top-of-the-line Meraki MR24, available now. The MR24 is our fastest and most powerful AP yet, bringing unmatched throughput and capacity with its triple-stream 802.11n MIMO in dual-concurrent radios, and still keeping the incredibly sleek profile Meraki’s access points are known for, all without breaking the bank.

The jump from 802.11a/b/g to 802.11n has been instrumental in increasing Wi-Fi throughput for users. A large chunk of the throughput gains comes from implementing MIMO. The 802.11n standard allows for two-, three-, and four-stream MIMO, but so far only two-stream MIMO access points and clients have been available, leaving a lot of capacity on the table, and leaving networks strained as they attempt to serve a higher density of clients. We’re changing that with the new Meraki MR24 access point.

A look at today’s access points

802.11n MIMO is most commonly offered today as a dual-stream implementation, usually in 2×2 mode. As discussed in a previous blog post on MIMO, this means the system has two transmit antennas and two receive antennas. Nearly every major wireless enterprise and consumer-grade access point vendor offers 802.11n products with 2×2 MIMO. This allows manufacturers to specify maximum throughput rates of up to 300 Mbps (per radio).

Wait – aren’t there some 3×3 access points already available?

A few vendors offer enterprise-class access points labeled as having 3×3 MIMO radios. This is technically correct, but often misleading. While yes, those access points do have a 3×3 configuration with three transmit antennas and three receive antennas, nearly all 3×3 access points only support two streams even with three transmit antennas. A quick peek at the data sheet almost always reveals that, in fact, only two streams are supported. The reason to have a third antenna, even when having only two streams, is to increase the diversity of the signal. This means the reliability and range can be moderately improved. But the third antenna does not add an additional, parallel, full-rate spatial multiplexing data stream. So it’s important to check the maximum supported data rate of the access point.

Check the speedometer

A triple-stream 3×3 MIMO radio will support up to 450 Mbps. If the maximum data rate listed is only 300 Mbps, this almost certainly means that only two MIMO spatial streams are implemented. Note: this is the per radio data rate. Many access points have two radios. If each has a maximum capacity of 300 Mbps, the aggregate access point capacity is 600 Mbps – but this does not mean it is superior to a triple-stream implementation. Any single client, even a 3×3 client, will only ever experience the maximum data rate of the single radio, since it cannot tune to and receive two channels simultaneously. There are several advantages of having dual- and triple-radio access points, but increased single-client data rates is not one of them.

Table 1 shows the maximum supported data rates of 802.11n MIMO and the aggregate rates possible with dual radio access points.

802.11n MIMO data rates

Table 1: 802.11n MIMO data rates

Meraki MR24: clocking in at a total of 900 Mbps

The Meraki MR24 marks another milestone in the evolution of Wi-Fi – the arrival of triple-stream 802.11n MIMO access points. The 300 Mbps supported by 2×2 MIMO may sound pretty speedy, but many networks and users are still hungry for even more. The Meraki MR24 supports triple-stream 3×3 MIMO and has a maximum data rate of 450 Mbps per radio. It has two of these radios inside, which means the aggregate throughput of the access point is 900 Mbps. That’s right – approaching Gigabit rates over the air. This also means a higher number of clients, up to 50% more compared to 2×2 MIMO, can be simultaneously supported by the access point, thus alleviating the strain of access points struggling to support dozens and hundreds of clients in a wireless network.

What’s in the secret sauce?

It’s no secret our engineering teams are incredibly sharp. It’s not enough to take a radio chipset and solder it onto a board. The radio has to be optimized, the antennas must be designed to have the right electrical characteristics to support three Tx and three Rx chains simultaneously and fit into the hardware enclosure, and the entire access point has to be beefed up to support the higher data rate of 450 Mbps. The Meraki MR24 is a dual-radio access point, so this all has to be done to support two radios and the 900 Mbps aggregate data rate.

Meraki MR24

Figure 3: Meraki MR24

All of this still fits into the tight power budget of 802.3af, even when running the dual-concurrent radios with triple-stream MIMO. And though there are six antennas inside (yep – that’s the antenna in the cut-away image), the AP still has an incredibly sleek profile – only 1.5 inches (38 mm) thick.

And that’s not all. The MR24 supports Meraki’s complete feature set and award winning cloud-based management. The MR24 provides:

  • Advanced wireless security with an integrated policy firewall, NAC, Teleworker VPN, and guest access
  • Layer 7 application traffic shaping and analysis
  • AutoRF cloud-based optimization with spectrum analysis
  • Built-in client location services
  • High-performance, self-optimizing mesh networking
  • Automatic provisioning, management, and monitoring from the cloud

Wireless networks have never been as fast as they are now with the new Meraki MR24. Triple-stream 802.11n MIMO and dual-concurrent radios now let wireless networks approach Gigabit speeds. At a price of $1199, it doesn’t have to cost a gigabuck, either. You can find more details about the Meraki MR24 on our website. If you’d like to try out a few MR24 APs, we’d love for you to give us a call.