802.11ac support in clients has been steadily increasing since the beginning of 2013, and it’s a great time to assess the state of 802.11ac support in clients.

Smartphones

Early in the year, HTC introduced their newest flagship phone, the HTC One, which became the first smartphone to feature 802.11ac support. True to form, AnandTech reviewed the phone in most thorough detail, including a section on its WiFi, 802.11ac, and cellular radios.

HTC One

At nearly the same time, Samsung introduced the Galaxy S 4 and, later, the Mega, both with 802.11ac support.

It’s exciting to see smartphones beginning to support 802.11ac, but note that these devices only support single-stream 802.11ac, as they have only one transmit and receive chain (1×1).

Laptops

Rumors of 802.11ac support in Apple and PC laptops started popping up early in the year, and USB adapters also started to appear, albeit with generally lower data rates than what’s expected with integrated 802.11ac support.

It wasn’t quite the first laptop to support 802.11ac, but perhaps the biggest kick came in market came in June, when Apple introduced their new Macbook Air with 802.11ac. AnandTech covers the Macbook Air’s WiFi features in depth, and note that the Macbook Air supports dual-stream MIMO (2×2), limiting its maximum data rate to 867 Mbps. While currently shipping Macbook Pro models don’t support 802.11ac, it wouldn’t be surprising to see it integrated the next time Apple refreshed the Macbook Pro lineup.
New Apple Macbook Air

Upgrading to 802.11ac

Nearly all environments will run with a mixed-mode 802.11ac / 802.11n deployment for the foreseeable future, especially since 802.11ac doesn’t operate on the 2.4 GHz band. If you’re thinking about upgrading to 802.11ac, check out the new Cisco Meraki MR34, which supports the new standard on 5 GHz and legacy clients on both 2.4 GHz and 5 GHz bands.

With great new products (like our new 802.11ac access point) comes great opportunity. It’s now even easier for customers to secure their wireless networks thanks to dedicated scanning with the MR34’s built-in third radio.

The MR34 has three radios, one for serving clients on 2.4 GHz, one for serving clients on 5GHz, and a dual band third radio that is used to keep the airwaves and your network safe. All Cisco Meraki wireless products come with Air Marshal out of the box, our wireless intrusion detection system (WIDS) and wireless intrusion prevention system (WIPS). This feature allows for detection of packet floods, malicious broadcasts, and even containment of rogue or spoofed SSIDs. You can put any Cisco Meraki access point in dedicated Air Marshal mode, and now with the MR34, you can serve clients 24/7 and keep a 24/7 focus on security, all with a single AP.

Scanning channels at 2.4 GHz and 5 GHz, the MR34 can identify rogue SSIDs and list all nearby SSIDs, giving comprehensive visibility of the wireless environment. Once rogue access points are identified, administrators have the ability to contain or whitelist SSIDs. When containing rogue SSIDs, the MR34 protects unsuspecting clients by disassociating them from malicious APs, effectively rendering the rogue AP useless.

Contain or whitelist rogue APs and view a historical log of malicious wireless activity to identify threats

Cisco Meraki APs estimate the position of rogue access points and pinpoint them on a map

New additions to the dashboard show the MR34s that have separate scanning radios; see the 7 APs in the screenshot below. These are the MR34s which have the luxury of scanning full-time and serving clients. Additionally, when containing rogue APs, MR34s and dedicated Air Marshal APs can shut down malicious activity without disrupting client traffic.

We are excited to bring you these new additions to Air Marshal, and if you would like to dig even deeper into the technology, stay tuned for our Air Marshal whitepaper detailing common security threats and how Air Marshal addresses them. Check out our new MR34 to get more info on the dedicated third radio.

Many organizations use voice over IP (VoIP) to drive down telephony infrastructure costs and to provide more dynamic multimedia experiences for end users. VoIP traffic is time-sensitive and often corralled in its own virtual LAN (VLAN) to isolate it from regular data traffic.

It’s easy to steer voice traffic to a separate voice VLAN using Cisco Meraki MS switches — even for organizations using Cisco VoIP phones that only support the Cisco Discovery Protocol (CDP).

Simply navigate in the Cisco Meraki dashboard to the switch port connected to the IP phone, and specify the desired voice VLAN. You can also specify a separate data VLAN for any IP devices connected directly to the phone itself, splitting voice and data traffic (check out our VoIP deployment solution guide for step-by-step instructions).

MS switches now use CDP to advertise the appropriate voice and data VLANs to any directly connected Cisco IP phones. To illustrate this functionality, you can run a packet capture on an individual switch port from within the dashboard (exporting the capture to CloudShark); here are example results:

This MS switch is advertising voice VLAN 200 to a connected CDP-enabled IP phone.

Meraki MS switches also support LLDP, so it’s possible to specify a voice VLAN for IP phones that do not use CDP — the configuration is the same, in fact. So regardless of which vendor an organization chooses for its IP phones, Meraki MS switches allow for distinct VLANs for voice and data to be configured for ports connected to those phones.

Meraki switches offer additional features to optimize VoIP traffic and facilitate deployment of IP phones, including PoE models supporting PoE/PoE+ across all ports and QoS (using DSCP) to prioritize voice traffic. For more details, check out our blog post here.

Our latest video showcases Presence, our cloud-based location analytics and engagement solution, which uses data collected by APs to provide useful stats on customer engagement and loyalty, especially for retailers.

Update: Cisco Meraki Presence is now known as CMX (Connected Mobile Experiences), a comprehensive location analytics and engagement platform ideal for both cloud-managed or on-premise solutions. Click here to learn more.

Hear from Cisco Meraki product managers, product specialists, and one of the engineering brains behind the Presence features you love!

Ever since we introduced Cisco Meraki’s features for MSPs back in June, we’ve been  innovating upon them. Now we’re granting a popular feature wish: tagged admin management.

Organizational administrators had to visit two separate pages in Meraki’s dashboard to control access: Network-wide > alerts & administration (for network admins) or Organization > settings (for organizational admins).  This split can pose problems for service providers or large organizations overseeing several networks to efficiently allocate dashboard access.

Now, with tagged admin management enabled, all admin accounts are consolidated in a single dashboard page: Organization > administrators.  From this view, organizational admins can assign privileges to other accounts at the organizational, network, or tagged level. Tags can be brand customer names, locations, or any other useful moniker.

For example, if an MSP is managing a slew of networks, some for a retailer with many locations and others for a gas station chain, the MSP can tag these networks with descriptors like “ABC store 001,”  “Gas-station,” “Gas-station WestCoast,” or “High-Priority.” Next, dashboard privileges (Full, Read-only, Guest Ambassador) can be assigned to administrators based on those tags.

Global view of different admins with varying levels of dashboard access, including tag-based.

Assigning read-only access to the “Amit Inc – ABC Store 0032” network, and varying levels of access to other networks tagged “Urban,” and “HiPriority.”

Organization-wide, network-wide, and tagged permissions can be set for an admin account.

Tagged admin management is efficient and scalable.  Control dashboard access for multiple network admins (across many networks) from a single page, and flexibly allocate permission based on tags.  If you add a new network and tag it, all admins with permissions for that tag will automatically be granted appropriate access.  Conversely, if you change an individual admin’s access for a given tag, that access will propagate to all current and future networks using the tag.

For more information, please check out our documentation on managing administrative roles and our MSP white paper.

The joys of summer: swimming pools, ice cream cones, hot sun, and — for many — renting a U-Haul and moving to a new pad. While we loved the cozy, art-spattered, yurt-filled je ne sais quoi aesthetic of our old office and spillover space, we rapidly outgrew them.

So, we moved to the Mission Bay neighborhood of San Francisco.

We’ve got two sprawling floors in a beautifully renovated waterfront location, with breathtaking views of the Bay Bridge and surrounding docks.

A scene from our Mission Bay office; AT&T park and downtown San Francisco are nearby.

Our new space is, well, spacious. We’re in the process of installing all the quirky decorative touches — from furniture to toys to desk accessories — that have always been part of our culture. We even upgraded our yurts:

One of several wooden yurts dotting our new home.

Plenty of space to stretch your legs and mind.

Hardware engineers doing their thing.

Software engineers doing their thing.

And we didn’t forget about our polite, four-legged friends during our move; they love to roam about, curl up at our feet, wag their tails, and generally make everyone super happy at work.

Respectful dogs are always welcome.

We love puppies!

And last, but certainly not least, we didn’t leave our toys — most of which have wheels of some kind or another — behind, either.

Relaxing with some foosball in the game room. The pinball machines are also addicting.

Work-life balance is key…

Scooter races abound!

Our laser cutter: perfect for carving wooden robots, etching glass, and making cool stuff.

Desktops are treasure troves.

We’ve got a sweet new server room for all our Cisco Meraki gear…

… and lots of space for all our switch cables.

Our balcony makes for a scenic lunch.

They say home is where the heart is, and we couldn’t agree more. We’re thrilled with our new pad, which is an easy hop from downtown San Francisco, public transportation, and all that the city has to offer!

Along with the introduction of the Cisco Meraki cloud-managed 802.11ac access point, the MR34, there’s a lot of buzz in the industry around 802.11ac. After all, it’s the next generation WiFi standard, and brings significant speed improvements to WiFi networks. To help you better understand the technology, here are four key points you should know about 802.11ac.

Speed increases significantly for new clients that support 802.11ac

802.11ac increases the maximum data rate for a single client quite a bit compared to 802.11n. Most of the first 802.11ac access points use triple-stream MIMO, similar to today’s top-end 802.11n access points, but will have a maximum data rate of up to 1.3 Gbps. The increase comes from using 80 MHz channels and a new modulation scheme (256 QAM). As the technology matures, the maximum data rate will further increase by taking advantage of even more MIMO streams, but that won’t come for some time.

Figure 1: 802.11 maximum data rates

Note that the above figure compares 802.11ac 80 MHz channels with 802.11n 40 MHz channels.

802.11ac only works on 5 GHz

Yes, 802.11ac will only work on the 5 GHz band. Nearly every wireless client supports the 2.4 GHz band, but unfortunately the band suffers from high interference levels and is quite crowded. In nearly all environments, the 5 GHz band doesn’t suffer from as much interference or crowding as the 2.4 GHz band, and 5 GHz has more spectrum available for WiFi channels. 802.11ac channels will be 80 MHz wide (compared to the 20 MHz or 40 MHz channels of 802.11n), with the option to spread out to 160 MHz channels in the future, although at double the channel bandwidth compared to 80 MHz, there will only be half as many channels.

The figure below compares channels of 20 MHz through 160 MHz bandwidth in the lower half of the 5 GHz band.

Figure 2: 5 GHz channel bandwidth comparison

802.11ac is backwards compatible with 802.11n

802.11ac falls back to 802.11n to serve clients that don’t support 802.11ac. This works very similarly to how 802.11n falls back to serve 802.11b/g and 802.11a clients today. Dual-band APs like the MR34 will seamlessly serve 802.11ac and 802.11a/n clients in the 5 GHz band, and 802.11b/g/n in the 2.4 GHz band. Backwards compatibility is a key point since nearly all deployments will be dual-band and therefore will need to support 802.11n for years to come.

802.11n will be around for a long time

Over the course of this year we’ve seen 802.11ac clients and APs come to market, but it will be some time before 802.11ac becomes most new laptops and some smartphones support it. Due to the backwards compatibility of 802.11ac with 802.11n, and because 802.11ac is limited to 5 GHz only, 802.11n will still be around for years to come. Already today, 802.11n is widely used to support rich services such as voice, video conferencing, and video streaming.

There are other exciting developments in 802.11ac, such as multi-user MIMO (MU-MIMO) and closed-loop beamforming, but they will take more time to become widely adopted by access points and clients. In the meantime, we’ll keep you up to date on important news as 802.11ac moves forward.