Archive for August, 2013

Feel the heat with Presence

Update: Cisco Meraki Presence is now known as CMX (Connected Mobile Experiences), a comprehensive location analytics and engagement platform ideal for both cloud-managed or on-premise solutions. Click here to learn more.

Back in May, there was plenty of excitement when we announced Presence, our integrated location analytics. Suddenly it became far easier to establish site visitor behavior by measuring the frequency and duration of visits through WiFi-enabled devices. This has particularly resonated with retail customers, where this information is invaluable for determining the appeal and efficacy of store design.

To build on the success of Presence, our engineers put their heads together to imagine what other valuable information could be extracted from the data. If we could pinpoint the location of devices by triangulating via the APs, then we’d be able to see the popularity of a given area. Combine this data with the time of day, plot it onto a floorplan, and voilà!

Introducing Presence heatmaps: so intuitive, you need only watch this video for it all to make perfect sense:

The first time this was shown to the broader Cisco Meraki team there was a whoop of excitement around the room. It was clearly an immediate hit, and we hope you’ll feel the same. You can be sure we’re hard at work planning the next enhancement to Presence, an exciting technology with tangible benefits for our customers, so stay tuned.

The state of 802.11ac clients

802.11ac support in clients has been steadily increasing since the beginning of 2013, and it’s a great time to assess the state of 802.11ac support in clients.


Early in the year, HTC introduced their newest flagship phone, the HTC One, which became the first smartphone to feature 802.11ac support. True to form, AnandTech reviewed the phone in most thorough detail, including a section on its WiFi, 802.11ac, and cellular radios.


At nearly the same time, Samsung introduced the Galaxy S 4 and, later, the Mega, both with 802.11ac support.

It’s exciting to see smartphones beginning to support 802.11ac, but note that these devices only support single-stream 802.11ac, as they have only one transmit and receive chain (1×1).


Rumors of 802.11ac support in Apple and PC laptops started popping up early in the year, and USB adapters also started to appear, albeit with generally lower data rates than what’s expected with integrated 802.11ac support.

It wasn’t quite the first laptop to support 802.11ac, but perhaps the biggest kick came in market came in June, when Apple introduced their new Macbook Air with 802.11ac. AnandTech covers the Macbook Air’s WiFi features in depth, and note that the Macbook Air supports dual-stream MIMO (2×2), limiting its maximum data rate to 867 Mbps. While currently shipping Macbook Pro models don’t support 802.11ac, it wouldn’t be surprising to see it integrated the next time Apple refreshed the Macbook Pro lineup.
Macbook AirNew Apple Macbook Air

Upgrading to 802.11ac

Nearly all environments will run with a mixed-mode 802.11ac / 802.11n deployment for the foreseeable future, especially since 802.11ac doesn’t operate on the 2.4 GHz band. If you’re thinking about upgrading to 802.11ac, check out the new Cisco Meraki MR34, which supports the new standard on 5 GHz and legacy clients on both 2.4 GHz and 5 GHz bands.

Posted in Company Blog | Comments Off on The state of 802.11ac clients

Two birds, one stone: Dedicated security with the MR34

With great new products (like our new 802.11ac access point) comes great opportunity. It’s now even easier for customers to secure their wireless networks thanks to dedicated scanning with the MR34’s built-in third radio.

The MR34 has three radios, one for serving clients on 2.4 GHz, one for serving clients on 5GHz, and a dual band third radio that is used to keep the airwaves and your network safe. All Cisco Meraki wireless products come with Air Marshal out of the box, our wireless intrusion detection system (WIDS) and wireless intrusion prevention system (WIPS). This feature allows for detection of packet floods, malicious broadcasts, and even containment of rogue or spoofed SSIDs. You can put any Cisco Meraki access point in dedicated Air Marshal mode, and now with the MR34, you can serve clients 24/7 and keep a 24/7 focus on security, all with a single AP.

Scanning channels at 2.4 GHz and 5 GHz, the MR34 can identify rogue SSIDs and list all nearby SSIDs, giving comprehensive visibility of the wireless environment. Once rogue access points are identified, administrators have the ability to contain or whitelist SSIDs. When containing rogue SSIDs, the MR34 protects unsuspecting clients by disassociating them from malicious APs, effectively rendering the rogue AP useless.

Air Marshal - Rogue APs

Contain or whitelist rogue APs and view a historical log of malicious wireless activity to identify threats

Air Marshal - map

Cisco Meraki APs estimate the position of rogue access points and pinpoint them on a map

New additions to the dashboard show the MR34s that have separate scanning radios; see the 7 APs in the screenshot below. These are the MR34s which have the luxury of scanning full-time and serving clients. Additionally, when containing rogue APs, MR34s and dedicated Air Marshal APs can shut down malicious activity without disrupting client traffic.

AIr Marshal - Configuration

We are excited to bring you these new additions to Air Marshal, and if you would like to dig even deeper into the technology, stay tuned for our Air Marshal whitepaper detailing common security threats and how Air Marshal addresses them. Check out our new MR34 to get more info on the dedicated third radio.


Posted in Company Blog | Comments Off on Two birds, one stone: Dedicated security with the MR34

New Webinars on the Calendar

The Cisco Meraki team has put together fresh webinar content for both new and existing customers to learn about the latest in Cisco Meraki technology. This material is great for folks who already have a Cisco Meraki deployment as well as those looking to get started with cloud management.

Sign up for one or all of the below at


Getting Started with 802.11ac is a newly added recurring session in which customers can find out what makes the new 802.11ac technology an exciting addition to a network, including innovations that improve security, management, and performance.

Mission: Impossible – One Hour WiFi will show a live 60-minute demo of how to set up an enterprise-grade wireless network with Layer 7 traffic shaping, Active Directory, Facebook login, among other features. Due to high demand, we have opened registration for 2 additional sessions in September.

Government | California Department of Fish and Wildlife

Tomorrow Erik Davis, Network Projects Consultant with the California Department of Fish and Wildlife, will share his experiences deploying Cisco Meraki APs, switches, security appliances, and mobile device management across a variety of sites throughout California, from urban areas to office settings to remote wilderness sites.

Healthcare | Kindred Healthcare

Todd Crawford, Network and Voice Services Director at Kindred Healthcare, will share how Kindred takes advantage of Cisco Meraki multi-site remote cloud management, auto VPN, WAN optimization, smart link bonding, and HIPAA-compliance to improve performance across Kindred’s distributed healthcare network.

Retail | Lettuce Entertain You

Hugo Hernandez, Support Engineer at Lettuce Entertain You, deployed Cisco Meraki APs to over 90 restaurants for guest access and Auto VPN for corporate resources, using remote management, Layer 7 application visibility, and built-in PCI-compliance to allow for easier and better control of the network.

Noteworthy webinars below:

  • Tue, August 27th at 11am PDT: Creating a Scalable Network with the CA Dept of Fish & Wildlife
  • Tue, September 3rd at 8am PDT: Mission: Impossible – One Hour WiFi
  • Thu, September 5th at 9am PDT: Mission: Impossible – One Hour WiFi
  • Thu, September 12th at 9am PDT: Cloud Managed Security at Kindred Healthcare
  • Thu, September 17th at 11am PDT: PCI-compliant WiFi at Lettuce Entertain You
  • Wed, September 18th at 10am PDT: Reliable and Seamless Network Access at Falcon School District
  • Wed, September 18th at 11am PDT: Getting Started with 802.11ac
  • Thu, September 26 at 10am PDT: LHC Group: Providing Cloud Managed Wireless to Hospice Homes
  • Thu, September 26 at 11am PDT: Creating a City-Wide Network Infrastructure in Rowan County, NC

We’re adding additional webinars to the calendar every week, so hurry over to to sign up for one or all of the sessions!

Check out the MS switches’ CDP support for voice VLANs

Many organizations use voice over IP (VoIP) to drive down telephony infrastructure costs and to provide more dynamic multimedia experiences for end users. VoIP traffic is time-sensitive and often corralled in its own virtual LAN (VLAN) to isolate it from regular data traffic.

It’s easy to steer voice traffic to a separate voice VLAN using Cisco Meraki MS switches — even for organizations using Cisco VoIP phones that only support the Cisco Discovery Protocol (CDP).

Simply navigate in the Cisco Meraki dashboard to the switch port connected to the IP phone, and specify the desired voice VLAN. You can also specify a separate data VLAN for any IP devices connected directly to the phone itself, splitting voice and data traffic (check out our VoIP deployment solution guide for step-by-step instructions).

MS switches now use CDP to advertise the appropriate voice and data VLANs to any directly connected Cisco IP phones. To illustrate this functionality, you can run a packet capture on an individual switch port from within the dashboard (exporting the capture to CloudShark); here are example results:

This MS switch is advertising voice VLAN 200 to a connected CDP-enabled IP phone.


Meraki MS switches also support LLDP, so it’s possible to specify a voice VLAN for IP phones that do not use CDP — the configuration is the same, in fact. So regardless of which vendor an organization chooses for its IP phones, Meraki MS switches allow for distinct VLANs for voice and data to be configured for ports connected to those phones.

Meraki switches offer additional features to optimize VoIP traffic and facilitate deployment of IP phones, including PoE models supporting PoE/PoE+ across all ports and QoS (using DSCP) to prioritize voice traffic. For more details, check out our blog post here.

Posted in Company Blog | Comments Off on Check out the MS switches’ CDP support for voice VLANs

New Video: Introducing Presence Analytics

Our latest video showcases Presence, our cloud-based location analytics and engagement solution, which uses data collected by APs to provide useful stats on customer engagement and loyalty, especially for retailers.

Update: Cisco Meraki Presence is now known as CMX (Connected Mobile Experiences), a comprehensive location analytics and engagement platform ideal for both cloud-managed or on-premise solutions. Click here to learn more.

Hear from Cisco Meraki product managers, product specialists, and one of the engineering brains behind the Presence features you love!

Tag that!

Ever since we introduced Cisco Meraki’s features for MSPs back in June, we’ve been  innovating upon them. Now we’re granting a popular feature wish: tagged admin management.

Organizational administrators had to visit two separate pages in Meraki’s dashboard to control access: Network-wide > alerts & administration (for network admins) or Organization > settings (for organizational admins).  This split can pose problems for service providers or large organizations overseeing several networks to efficiently allocate dashboard access.

Now, with tagged admin management enabled, all admin accounts are consolidated in a single dashboard page: Organization > administrators.  From this view, organizational admins can assign privileges to other accounts at the organizational, network, or tagged level. Tags can be brand customer names, locations, or any other useful moniker.

For example, if an MSP is managing a slew of networks, some for a retailer with many locations and others for a gas station chain, the MSP can tag these networks with descriptors like “ABC store 001,”  “Gas-station,” “Gas-station WestCoast,” or “High-Priority.” Next, dashboard privileges (Full, Read-only, Guest Ambassador) can be assigned to administrators based on those tags.

Revised v2 MSP

Global view of different admins with varying levels of dashboard access, including tag-based.

Assigning read-only access to the “Amit Inc – ABC Store 0032” network, and varying levels of access to other networks tagged “Urban,” and “HiPriority.”

Organization-wide, network-wide, and tagged permissions can be set for an admin account.

Tagged admin management is efficient and scalable.  Control dashboard access for multiple network admins (across many networks) from a single page, and flexibly allocate permission based on tags.  If you add a new network and tag it, all admins with permissions for that tag will automatically be granted appropriate access.  Conversely, if you change an individual admin’s access for a given tag, that access will propagate to all current and future networks using the tag.

For more information, please check out our documentation on managing administrative roles and our MSP white paper.


There’s no place like home

The joys of summer: swimming pools, ice cream cones, hot sun, and — for many — renting a U-Haul and moving to a new pad. While we loved the cozy, art-spattered, yurt-filled je ne sais quoi aesthetic of our old office and spillover space, we rapidly outgrew them.

So, we moved to the Mission Bay neighborhood of San Francisco.

We’ve got two sprawling floors in a beautifully renovated waterfront location, with breathtaking views of the Bay Bridge and surrounding docks.

A scene from our Mission Bay office; AT&T park and downtown San Francisco are nearby.


Our new space is, well, spacious. We’re in the process of installing all the quirky decorative touches — from furniture to toys to desk accessories — that have always been part of our culture. We even upgraded our yurts:

One of several wooden yurts dotting our new home.


Plenty of space to stretch your legs and mind.


Hardware engineers doing their thing.


Software engineers doing their thing.


And we didn’t forget about our polite, four-legged friends during our move; they love to roam about, curl up at our feet, wag their tails, and generally make everyone super happy at work.


Respectful dogs are always welcome.


We love puppies!

And last, but certainly not least, we didn’t leave our toys — most of which have wheels of some kind or another — behind, either.

Relaxing with some foosball in the game room. The pinball machines are also addicting.


Work-life balance is key…


Scooter races abound!


Our laser cutter: perfect for carving wooden robots, etching glass, and making cool stuff.


Desktops are treasure troves.


We’ve got a sweet new server room for all our Cisco Meraki gear…


… and lots of space for all our switch cables.

Our balcony makes for a scenic lunch.


They say home is where the heart is, and we couldn’t agree more. We’re thrilled with our new pad, which is an easy hop from downtown San Francisco, public transportation, and all that the city has to offer!

Posted in Company Blog | Comments Off on There’s no place like home

4 Things You Need to Know About 802.11ac

Along with the introduction of the Cisco Meraki cloud-managed 802.11ac access point, the MR34, there’s a lot of buzz in the industry around 802.11ac. After all, it’s the next generation WiFi standard, and brings significant speed improvements to WiFi networks. To help you better understand the technology, here are four key points you should know about 802.11ac.

Speed increases significantly for new clients that support 802.11ac

802.11ac increases the maximum data rate for a single client quite a bit compared to 802.11n. Most of the first 802.11ac access points use triple-stream MIMO, similar to today’s top-end 802.11n access points, but will have a maximum data rate of up to 1.3 Gbps. The increase comes from using 80 MHz channels and a new modulation scheme (256 QAM). As the technology matures, the maximum data rate will further increase by taking advantage of even more MIMO streams, but that won’t come for some time.

Figure 1: 802.11 maximum data rates

Note that the above figure compares 802.11ac 80 MHz channels with 802.11n 40 MHz channels.


802.11ac only works on 5 GHz

Yes, 802.11ac will only work on the 5 GHz band. Nearly every wireless client supports the 2.4 GHz band, but unfortunately the band suffers from high interference levels and is quite crowded. In nearly all environments, the 5 GHz band doesn’t suffer from as much interference or crowding as the 2.4 GHz band, and 5 GHz has more spectrum available for WiFi channels. 802.11ac channels will be 80 MHz wide (compared to the 20 MHz or 40 MHz channels of 802.11n), with the option to spread out to 160 MHz channels in the future, although at double the channel bandwidth compared to 80 MHz, there will only be half as many channels.

The figure below compares channels of 20 MHz through 160 MHz bandwidth in the lower half of the 5 GHz band.


Figure 2: 5 GHz channel bandwidth comparison


802.11ac is backwards compatible with 802.11n

802.11ac falls back to 802.11n to serve clients that don’t support 802.11ac. This works very similarly to how 802.11n falls back to serve 802.11b/g and 802.11a clients today. Dual-band APs like the MR34 will seamlessly serve 802.11ac and 802.11a/n clients in the 5 GHz band, and 802.11b/g/n in the 2.4 GHz band. Backwards compatibility is a key point since nearly all deployments will be dual-band and therefore will need to support 802.11n for years to come.


802.11n will be around for a long time

Over the course of this year we’ve seen 802.11ac clients and APs come to market, but it will be some time before 802.11ac becomes most new laptops and some smartphones support it. Due to the backwards compatibility of 802.11ac with 802.11n, and because 802.11ac is limited to 5 GHz only, 802.11n will still be around for years to come. Already today, 802.11n is widely used to support rich services such as voice, video conferencing, and video streaming.

There are other exciting developments in 802.11ac, such as multi-user MIMO (MU-MIMO) and closed-loop beamforming, but they will take more time to become widely adopted by access points and clients. In the meantime, we’ll keep you up to date on important news as 802.11ac moves forward.

Posted in Company Blog | Comments Off on 4 Things You Need to Know About 802.11ac

Setting the standard for wireless: The MR34 with 802.11ac

Yes, it’s finally here! We are excited to announce our blazing fast 802.11ac access point, the Cisco Meraki MR34. Here is a first glance at the hardware and a snapshot of features we have already developed. But first, a quick look at what makes the MR34 so much faster than its 802.11n relatives.


802.11ac: lightning fast

The MR34 takes advantage of the latest and greatest WiFi standard, 802.11ac. We have jumped from 802.11n speeds of 450 Mbps to almost 3 times faster with 802.11ac, topping out at 1.3Gbps. Keep in mind, 802.11ac only applies to 5 GHz, so the MR34 uses a combination of 802.11ac and 802.11n on 5 GHz bands and 802.11n on 2.4 GHz bands for a combined data rate of 1.75 Gbps. So, what makes 802.11ac so fast? There are a couple major things contributing to this speed boost.

The first is wider channels. Instead of the 40 MHz channels used by 11n, 802.11ac takes advantage of 80 MHz channels. The 5 GHz frequency band didn’t get any bigger, 11ac is just using a bigger chunk of the available bandwidth in order to boost throughput. 802.11ac even takes into account existing 802.11a and n clients by allowing them to transmit on 20 or 40 MHz segments of the same 80 MHz blocks used for 802.11ac traffic, enabling seamless backward compatibility.

Another element contributing to the performance improvement is an enhanced modulation technique, called 256 QAM. Think of modulation as the amount of data pushed through a pipe at a given time. 256 QAM allows for a greater density of information to be transmitted than was possible with 802.11n (64 QAM). We can now transmit more information in the same amount of time and through the same pipe, providing more efficient transmission.

The MR34: not just a pretty face

Beyond the 802.11ac speed enhancements, there is another major differentiator for the MR34. In addition to the 2.4 GHz and 5 GHz client serving radios, the MR34 packs a 3rd radio to make it the most secure AP on the market. The dual band 3rd radio operates in full-time scanning mode, powering Auto RF which optimizes the RF environment as well as securing the air waves with the built in Cisco Meraki Air Marshal technology. We can even use the 3rd radio to provide real-time granular view of the 2.4 and 5 GHz spectrum giving administrators a comprehensive understanding of the RF environment.

spectrum analysis2

 Real-time RF spectrum tools now built into the Cisco Meraki dashboard

As with the entire MR family, the MR34 comes with network visibility tools, as well as layer 7 firewall and traffic shaping functionality built right into the AP. The MR34 enforces traffic shaping policies at line rate, even at faster 11ac speeds for complete network control. Stay tuned for more blog posts that go into the details of these enhanced features and more.

Integrating with existing wireless networks

Cisco Meraki makes it easy for customers to take advantage of this new technology. All Meraki products use the centralized cloud dashboard for configuration, management, and monitoring, and the MR34 is no different. The MR34 includes the fully integrated, out-of-the-box feature set which is common to all the MR access points, with secure guest access, BYOD support, traffic shaping, Presence location analytics, and more. The MR34 integrates seamlessly into your existing wireless network and is completely backward compatible with 802.11 a/b/g/n.

We have even gone further to think about your switch infrastructure. For wireless networks that use PoE switches to power APs, the MR34 can operate in low power mode at standard PoE (802.3af) or crank it up to PoE+ (802.3at) to take advantage of the enhanced 3rd radio functionality.

Get the full scoop

The MR34 will be hitting the streets late this summer to early fall at the list price of $1,399, but you can get a first look into the hardware and feature set at the MR34 webinar next Tuesday. Also, check out our 11ac page for more info about the MR34 and how it fits into your wireless network.

Posted in Company Blog | Comments Off on Setting the standard for wireless: The MR34 with 802.11ac