Archive for February, 2014

Three radios are better than one

Last year we introduced the Cisco Meraki MR34, the first ever cloud managed 802.11ac access point, and almost more exciting than the new speedy wireless standard (which was very exciting), was the dedicated security radio built into each access point. The additional radio provides automated RF optimization and enhanced security in parallel to the client serving radios. It was so beneficial that we brought the same functionality to the rest of the MR product line. We are excited to announce completely new 802.11n access points, the MR18 and MR26, each with an additional radio dedicated to wireless security and performance optimization for high density environments. In this post we take a look at the new hardware and some of the benefits of the additional radio.


The MR18 and MR26: A closer look

The MR18 and MR26 are dual concurrent 2×2 and 3×3 respectively, resembling the current 802.11n access points, the MR16 and MR24, in spec. They may appear quite similar on the surface, but the entire solution has been redesigned, tweaked, and overhauled, leaving no component un-optimized.

For the hardware nerds out there, we have looked into every detail:

  • Exceptional antenna isolation for all 7 antennas on the MR26 (5 on the MR18)

  • Meticulous component placement to maximize thermal dissipation

  • Top of the line processor and RAM, and high power radios to reach even the farthest clients

  • Super slim and sleek industrial design

But brilliant hardware design is not complete without the innovative feature set and ease of management expected from Meraki products. In addition to layer 7 application QoS, mesh routing, and enterprise access control already available with Meraki APs, we are announcing support for enhanced roaming capabilities such as 802.11r, 802.11k, and enhanced layer 3 roaming. Support for these standards will greatly enhance the end user experience in high density environments and those with mobile application requirements. A post in the coming weeks will dive into the details of these features and what they mean for the user.

Benefits of the dedicated security radio

The MR18 and MR26 have three radios. Two radios are just for serving clients, one for 2.4 GHz wireless channels, and one for 5 GHz. These radios are spending almost all of their time serving client devices, making sure files get downloaded, VoIP calls are made, and YouTube videos stream seamlessly. But with these radios busy, it leaves administrators blind to other events that might be happening in the RF environment: interference degrading RF performance or rogue SSIDs compromising unknown clients. The dedicated security radio plays a huge role in providing visibility in the RF environment, optimizing RF configuration, and mitigating wireless threats.

The dedicated security radio enables Meraki APs to power:

Auto RF– Self optimized radio settings such as channel and power level. Automatically adapts to interference sources in real time to determine the optimal radio settings.


Spectrum Analysis – Real time view of full 2.4 GHz and 5 GHz RF spectrum.

spectrum View

Air Marshal – Full time WIDS/WIPS. Detects and mitigates rogue SSIDs by sending containment packets.

Air Marshal

Deploying MR18 and MR26 into your Meraki environment

The great thing about the new access points is that they will fit seamlessly into your existing environment. If you already have Cisco Meraki APs in your network (802.11n or 802.11ac), simply add in MR18 and MR26 devices where needed and they will automatically pull down the existing configuration and start broadcasting SSIDs. Furthermore, the MR18 and MR26 are fully operational at 802.3af power, so there is no need to upgrade switches or power injectors to support PoE+.

We are thrilled about these additions to the product line, and most importantly we are happy to announce a complete 802.11n and 802.11ac product line, now with full time security and performance optimization. The MR18 and MR26 are orderable today at no cost over the MR16 and MR24, so with the new APs you get the additional security radio for free. A seamless firmware upgrade will be made available by spring which will take full advantage of the security radio hardware. Check the wireless page to compare specs for the MR18, MR26, and MR34 to see which might be the right fit for your environment.

Posted in Company Blog | Comments Off on Three radios are better than one

Switch Power-Up

Not a day goes by when our engineers aren’t looking for ways to enhance the Meraki dashboard experience for network administrators. It’s always a balancing act, adding just enough without adding too much. Some decisions about the UI design are easier than others, and today we’re covering a simple change which will help admins maintain their switches.

Last Autumn, we announced a significant expansion of our switching portfolio to 14 models. Many of the new models include redundant power options, making them better suited to mission critical 24×7 environments where downtime simply isn’t an option.

The dashboard already provides the most useful information about switch status, including Spanning Tree root bridge, online ports, those serving power and how much of the switch’s power budget is being consumed, all in real time.

We’ve added status information for the power supplies on our MS220, 320 and 420 switch lines, providing at-a-glance visibility into issues and any failures which occur. First of all, in the ‘Switches’ list we’ve added a new column titled ‘Alerts’ which will show when a switch is unreachable or has an issue, such as a power supply failure. In this example we can see that a couple of switches are showing an alert for power:

Screen Shot 2014-02-26 at 13.36.51.png

Clicking on the switch will go to the usual switch status page, where we’ve now added further details to quickly pinpoint the problem. In this case, the 48 port MS320 switch has two power supplies installed and one is currently offline.

Screen Shot 2014-02-26 at 12.15.16.png

Small enhancements like this make all the difference to the workflow of the network engineer, particularly if there is no IT resource on a branch site. In this case the admin could simply blink the LEDs on the switch and then direct a local member of staff to the comms room to swap-out power supply number 1 on the switch with the blinking LEDs. Easy, quick.

We’re continually striving to improve the network management experience through incremental steps both big and small, so stay tuned for more goodies.

The Light Fantastic

CISCO_AP_cutout_highResFor several years, Meraki APs have been adorned with several LEDs, depicting the strength of connection to the LAN (be that via an Ethernet cable or mesh neighbor) plus a simple multi–function LED indicating cloud connection status, upgrading firmware or connection issues. For customers wishing to keep their APs as discrete as possible, there is an option to ‘Run Dark’, turning all LEDs off.

Today, the majority of our customers are using their APs in what we call ‘gateway mode’, i.e., connected to the LAN via an Ethernet cable. Where practical from a cabling perspective, this approach will always yield the best performance, as the radios in the AP can be dedicated to serving clients without having to additionally backhaul traffic to mesh neighbors.

Running in gateway mode, the AP’s signal strength LEDs all remain illuminated, and for those customers who require it the dashboard provides a detailed view of mesh signal strength to all neighbors. So for the design of our latest AP, the MR34, Meraki took the opportunity to clean up the design of the front of the AP by removing the 6 LEDs on earlier models and replacing them with a single multi–function LED on the underside.

The new single LED is capable of displaying multiple colors which are used to indicate various conditions, as follows:

Orange AP is booting
Blinking Blue AP is upgrading firmware
Green AP in Gateway mode with no clients associated
Blue AP in Gateway mode with clients associated
Blinking Orange AP can’t find an uplink


The steady state blue LED indicating associated clients is unobtrusive, but as with earlier models can be turned off in the dashboard if preferred.

Worthy of a special mention is the boot sequence, where the LED provides a rainbow light show as it runs through diagnostics and gets itself connected to the LAN. Here it is in action:

We believe aesthetics matter, even in the workplace, and indeed many of our customers tell us they love the design of our APs. Even small changes like the new LED and the levelling tool integrated into the MR34’s mounting plate make a contribution. We’d love to hear what you think of the new design through our social media channels.

Posted in Company Blog | Comments Off on The Light Fantastic

Solving Common K-12 Challenges with the Meraki MX

How many times have you wondered what sites your students are visiting? Or if private student information is finding its way to the Internet? Or why your connectivity is slow?

It is often difficult to keep tabs on various aspects of network usage when school buildings are distributed or when overall visibility requires plugging directly into the network devices. The good news is that the Cisco Meraki MX Security Appliances provides granular analytics, simple troubleshooting, and secure Internet access you need, all from an intuitive, browser-based dashboard.

Scenario #1

Ensure student privacy and security without spending excessive amounts of time making configuration changes and keeping content filtering databases up to date.

Meraki MX Security Appliances support CIPA-compliant content filtering, providing admins with the power to easily prevent students from accessing unwanted or inappropriate content. Get rid of the hassle of manually downloading updates and instead set custom rules using simple drop-down menus, updated hourly by Webroot’s Brightcloud database, an industry-leading, cloud-based content filtering service.

Screen Shot 2013-12-19 at 1.34.26 PM

Keeping malicious traffic off your network and protecting your students’ information is also possible without expending countless hours or resources. Set up a first line of defense by restricting who can access various parts of your network by integrating Active Directory with group or user-based policies. Then, using granular reporting, manage possible security threats and watch the impact these changes make to your network. With features like integrated Sourcefire SNORT intrusion detection and prevention (IDS/IPS) and anti-virus/anti-phishing scanning available, you’ll be able to breath easy knowing your network is secure from the inside and the outside.

Scenario #2

Teachers are complaining that the Internet is slow and they can’t access certain sites, like YouTube for Schools.

Simply login to the Meraki dashboard to see granular details on how your network is being used and by whom, regardless of how many locations you have. You can quickly identify which applications are hogging bandwidth or if a particular device is running multiple applications, exceeding appropriate usage.

Screen Shot 2013-12-19 at 4.39.19 PM

Quickly identify applications and behavior which could potentially impact overall network experience.

Now establish group or site-wide policies that set limits what users have access to and how much bandwidth they are allowed to consume. Or quickly change those rules on the fly so devices like teacher iPads can stream videos for their students or entire classrooms can view content for certain periods of time. Leave the stress of optimizing your network bandwidth behind.

Scenario #3

You need to provide access to shared resources, make network configuration changes at distributed buildings, or handle network access for BYOD, but you don’t have time to make on-site visits.

Three clicks in the Meraki dashboard have never been so satisfying when that’s all it takes for you to establish secure, site-to-site IPsec VPN, between all of your locations. In minutes you can interconnect your entire deployment for access to shared resources and more.

2014 02 13.MX for K12 Content Filter ss

Establishing site-to-site VPN configuration is just three clicks from the overview page, and local subnets are automatically populated and distributed to the rest of the network.

The Meraki dashboard enables configuration and troubleshooting from just about anywhere, as long as there is an internet connection. If you need to make quick network changes for a special event, for example, you can easily push configuration changes across multiple sites and even use configuration templates to help.

With BYOD and 1:1 initiatives becoming more common in K-12, you’ll need to keep an eye on clients and what they’re doing when they join your network. The group policies discussed above before will come in handy in determining what content can be accessed, as well as network access via wired splash pages. In just a few mouse clicks you can create solutions to these and other network challenges you face, all using Meraki Security Appliances.

Find out what else the Cisco Meraki MX Security Appliance can do in the K-12 environment by attending one of our upcoming webinars.

Posted in Company Blog | Comments Off on Solving Common K-12 Challenges with the Meraki MX

Recruiting Season

While we are always hiring, this is the time of year when we travel across the country to actively seek new talent. Check out our website to see what positions we have available, and read on to see if we’ll be coming to your area. We’d love to meet you!

                Working out of our scenic San Francisco office

Support Team

Do the terms DHCP, OSI model, and TCP mean something to you? Excellent. Our top-of-the-line Support team seeks talented Network Engineers to join us in our San Francisco office. Our campus recruiting efforts are steered toward bright and passionate problem-solvers, to help support our rapidly expanding customer base across all of our product lines. We welcome applicants from all backgrounds, offer co-ops, and recruit students who hold F-1 and H-1B visas.

New grads are granted immediate responsibility and are entrusted with handling real cases right away. We are looking for sharp individuals with a solid understanding of networking fundamentals, who are eager to be part of our dynamic and collaborative team. Our team has doubled in the past year, and we are looking to hire even more engineers in the coming months.

Upcoming Information Sessions and Career Fairs:

Rensselaer Polytechnic Institute, February 12

Purdue University, Feb 25

North Kentucky University, Feb 26

Rochester Institute of Technology, February 26

Wentworth Institute of Technology, March 27

Information sessions are generally hosted the day before the campus career fair, and offer students a chance to learn about Cisco Meraki products, ask questions, and network (hey hey) with members of the support team. Raffle winners at these events have also been rumored to score free access points and other Cisco Meraki gear.

On the day of the career fair, come visit the Cisco SF booth. Meet current employees, drop off your resume, and see if the position could be a good fit. After a first round of interviews, successful candidates are invited out to San Francisco for a final meeting. Spend a weekend in the Bay getting to know the area, all expenses on us.

What better place to code than by the giant chess set?

Software Engineering

Over the past two years, we have tripled the size of our engineering team and have another 17 new hires starting this summer. Our group is growing so quickly that we’re still hiring!

We are looking for bright, proactive engineers who are working on projects of their own, who are driven by passion to go beyond what is required by school and work. Have something you’ve built that you’re proud of? Show us! We are fascinated by robotics, game design, and any other projects with which you may be involved. Share your passion and get discovered.

Upcoming Information Sessions and Career Fairs:

Harvey Mudd College, February 21

Rochester Institute of Technology, February 26

Come visit our booth at your campus career fair to learn more about the life of a Cisco SF Software Engineer. New events get added to our calendar all the time, so make sure to keep an eye on the Cisco SF engineering site, and take a look at some past campus events.

After first round interviews, candidates are invited out to San Francisco for a recruiting weekend. This is a fantastic opportunity to meet current employees, tour San Francisco, and really get a feel for what it would be like to work at Cisco SF. Check out past recruiting weekends and see if our kind of fun is to your fancy.

Enjoying catered lunch on our outdoor patio

We encourage prospective applicants to become involved with the tech talks and Meetups we host in our office. We periodically invite engaging speakers to come speak about the latest developments in the tech startup world. It’s a great place to grab some dinner, meet new people, and learn about new trends in tech.

Still completing your degree? Learn about our internship program for college students. Our interns get the chance to work with and learn from employees in our SF office, and many finish the program with full-time offers. Internships are available for both Engineering and Support roles.

Finally, keep an eye out for our virtual career fairs, which will give candidates who are unable to make the dates on our recruiting tour the chance to interact with current employees. We look forward to meeting you!


Posted in Company Blog | Comments Off on Recruiting Season

Automatic MPLS to VPN failover now in every MX

Many organizations use MPLS to provide low-latency, private communications between sites. But MPLS networks can fail, and if yours does you need a secure solution — such as site-to-site VPN — to ensure traffic between locations remains secure.

By deploying Cisco Meraki MXs to connect sites across an MPLS network, you can specify static routes out to that MPLS network. Route weights ensure these pathways are attempted first unless the gateway IP or a host you specify within the destination subnet becomes unavailable. Assuming Meraki Auto VPN is also configured between these MXs, they will automatically fail over to VPN in the event your MPLS link goes down. In this case, traffic will continue to pass between sites over the encrypted VPN tunnel, avoiding downtime without sacrificing data security.

This functionality is available to existing – and future – MX customers through our upcoming MX firmware update, available by direct request if you want to enable this feature today.

MXs deployed at branch and HQ locations can fail over to VPN if the main route out to an MPLS network loses connectivity. Two MXs ensure VPN redundancy.


For extra redundancy in locations that use a separate firewall, a primary MX can be configured as a one-armed VPN concentrator. In this configuration a secondary MX can be connected to act as a warm failover spare, providing VPN redundancy in addition to automatic VPN failover.

Setting up site-to-site VPN between MXs is easy, literally taking 3 clicks in the Meraki dashboard. You can quickly specify what sort of VPN topology you’d like — mesh or hub-and-spoke — as well as additional firewall rules to filter traffic according to your network’s needs.

Once your VPN settings are configured, you will be able to set your MX up for automatic VPN failover. To do this, you will create static routes in the Meraki dashboard (Configure > Addressing & VLANs).

A summary view of an MX’s local VLANs and static routes will be found in the Configure > Addressing & VLANs dashboard page.

Static routes that relinquish their “active” status if connectivity is lost will fail over automatically to VPN.


When creating static routes, specify how you want them to behave if either the gateway IP or a host within the destination subnet can no longer be contacted (the end-to-end connection is validated when a host responds to a ping). Static routes that relinquish their active status in these scenarios will automatically failover to VPN.

 The Meraki MX provides distributed enterprises with automatic data security in the event MPLS becomes unreachable. Combined with intuitive, easy-to-configure VPN — along with the option of implementing a warm VPN spare — the Meraki MX offers a simple yet powerful solution for IT administrators who want to ensure both the reliability and security of their distributed network.


Posted in Company Blog | Comments Off on Automatic MPLS to VPN failover now in every MX

Cisco Meraki Knowledge Base: Greatest Hits

One of our most popular tools is our online Knowledge Base. Filled to the brim with articles written by the network engineers of our very own Support team, you can find guides to Cisco Meraki products and helpful troubleshooting techniques for common user issues. Here is a list of some of the most useful Knowledge Base articles to date:


1. Troubleshooting Client VPN

While Cisco Meraki makes configuring a VPN connection in Dashboard easy, getting everything to run smoothly on the client side can be a bit tricky at times. Not to fear! ‘Client VPN connection’ happens to be the most commonly searched term in the Cisco Meraki Knowledge Base. Follow the above link to read through common troubleshooting methods and stabilize your connection in no time.

We offer solutions for common user tangles, like in this case, where the shared secret simply needs to be configured on the client machine


2. Installing the Meraki SM Management Profile Using Apple Configurator

Yearning to manage all of your organization’s iOS devices in Systems Manager, yet hesitant to enroll each device one at a time? Using Apple Configurator, a free utility available in the Mac App Store, Systems Manager allows administrators to mass enroll devices while they are physically synced via USB to a Mac computer. This page offers a detailed explanation and visual walk through of this efficient mass enrollment process. Our whitepaper on ‘Deploying Apply iOS in Education’ is also a great complement to this article, we highly recommend it!

Pointing out important steps while using Apple Configurator

3. Layer 3 versus Layer 2 Switch for VLANs

Coming in at number three, this useful article delineates the difference between Layer 2 and Layer 3 switches. It offers recommendations for when each should be used, and many customers appreciate the user-friendly overview of this networking concept.

An example of a Layer 3 switch routing between VLANs through its two VLAN interfaces


4. Small Remote or Home Office VPN options

Our products offer VPN solutions for many different environments, including small office and/or remote deployments. This page provides a brief overview and configuration guide to single client VPN, wireless client VPN, and wired/wireless client VPN. No matter where you are or how big your office may be, this article will ensure that you find the most fitting VPN option for you.


5. Allowing Connections to the Cisco Meraki Cloud

A customer favorite, this page reveals exactly which ports and IP addresses must be allowed through upstream connections in order for Cisco Meraki devices to function as they should. It’s all here! We even explain the purpose for individual ports, providing a transparent guide to help make the most of your Cisco Meraki experience.


6. Deploying an Enterprise iOS App to Managed iOS Devices

Systems Manager allows administrators to push in-house apps out to managed iOS clients. In this post, we delve into the two methods of Enterprise iOS app deployment, list the necessary requirements for apps to be deployed through Systems Manager, and provide some helpful troubleshooting tips along the way.

An easy and useful way to deploy important applications to your devices


7. How to Use Systems Manager to Remotely Install Software on Managed Clients

Last in our countdown, but certainly not least, is a how-to guide for installing software on managed clients in Systems Manager. Rather than going to each individual client in your network and performing a local installation, you can deploy software straight from the cloud to your devices.

Our Knowledge Base is frequently updated with new content, so be sure to check back to see what crops up! Users can also easily search for  information at any time by utilizing the site’s built-in search engine. Can’t find what you’re looking for? Feel free to submit a request for Knowledge Base articles you would like to see by “Making a Wish” in Dashboard.


Posted in Company Blog | Comments Off on Cisco Meraki Knowledge Base: Greatest Hits