Meraki switching and security solutions are simple, powerful solutions on their own, but like all Meraki products, they work even better together. As a follow-up to our recent product and feature releases around these ‘wired’ product families, we are hosting two webinars in December to show off our intelligent switches and security appliances.
Don’t miss out on this opportunity to learn about both solutions at once! To make these presentations even more exciting, all eligible attendees will receive a free Meraki 8-port PoE switch.
Our wired webinars will occur on the following dates:
Tuesday, December 1st at 11:00 AM PT
Tuesday, December 8th at 11:00 AM PT
Get your spot while it’s hot, these seats will fill up quick!
Learn all about our new line of stackable switches…
Last week we introduced some exciting new hardware. A range of stackable switches for building fast, scalable and resilient networks, plus a new, more powerful security appliance for the branch.
Now it’s time to bring the focus back to features, today exploring a couple of changes for our switch customers, designed to make busy lives easier.
First up, port mirroring. While a packet capture can be useful for getting deep into the detail of how a client is behaving – or misbehaving – on the network, it’s primarily designed as a troubleshooting tool. Port mirroring takes things a step further by allowing network administrators to capture all traffic traversing one or multiple ports, via another. Port mirroring is useful wherever traffic flows need to be recorded, for example archiving VoIP calls for compliance or training purposes.
Meraki switches have had port mirroring capabilities since the early days, and configuration was tucked-away on the Switch Settings page. After considering feedback from our customers we’ve moved the configuration for mirroring to the Switch Ports page. With the benefit of hindsight this new home for the feature makes perfect sense, and is certainly a more intuitive approach. Here’s how it looks:
To mirror ports, simply select them and click the Mirror button and a prompt will ask for the destination port which will receive the mirrored traffic. They say simple ideas are the best and this example of that mantra will certainly save some head-scratching when looking for the feature.
The second feature we’ll cover today is upcoming for our Layer 2 switch customers. DHCP is fundamental to the operation of modern networks, with all clients using the protocol by default to get connected and online. Layer 2 switches have always been able to connect clients to a DHCP server on the same VLAN, but what happens if there’s a requirement to support multiple IP based VLANs, each with their own IP address range?
Until now, supporting multiple VLANs would have meant using a Layer 3 switch, capable of relaying DHCP requests to a server and then returning the correct IP address to the source VLAN. Now, thanks to a wave of the Meraki Magic wand, our brainiac engineers have added DHCP functionality for multiple VLANs to our Layer 2 switch line.
Configuration is easy, as our customers would expect. Simply provide an IP address in each VLAN where DHCP is required. This IP address will then be used in the DHCP request and the switch will process the returning offer, returning it to the appropriate VLAN. Anyone familiar with configuring DHCP relay will be right at home here as configuration is essentially the same.
This feature will be coming soon for all of our Layer 2 switch customers. In the meantime please reach out to our support team to take it for a spin.
Feature velocity is in our DNA here at Meraki. Every week our switch team is discussing new and upcoming capabilities which we know our customers will love. Today’s examples are humble but useful additions for the busy network engineer and we look forward to bringing many more features to our customers soon. In the meantime, please don’t forget to ‘make-a-wish’ on the dashboard to let us know where we should be focussing next.
Not long ago the configuration of a computer’s settings were the responsibility of the end user. This spawned numerous guides, created by beleaguered IT administrators, that tried to ease the number of repetitive helpdesk support calls on common topics.
What if you could do away with the multi page WiFi configuration guide, yet still allow users to connect securely? Systems Manager Sentry provides simple, automatic security that is context aware. Sentry WiFi settings automate the configuration of mobile device wireless connectivity. This simplifies the task of joining the network for both the user and IT administrator, eliminating one of those clunky step-by-step guides from your help portal. Watch the video below to see this feature in action.
Systems Manager can create WiFi configuration payloads which contain configuration settings for a wireless network. It can then deliver this to the client device so they know how to get connected without the user having to follow a guide. Sentry WiFi settings take advantage of the native cloud integration of Meraki’s networking stack with Systems Manager MDM.
With Sentry, Systems Manager queries the Meraki WLAN network to understand what the security requirements are for a chosen SSID. Now instead of the IT administrator manually configuring the settings, the configuration fields are automatically populated with the correct information, eliminating possible errors and saving time.
The convenience of Sentry WiFi settings becomes exceptionally powerful when combined with the tagging engine available in Systems Manager. Tags are Systems Manager’s way of choosing what managed devices should get what settings. As tags can be automatically applied, this means client devices can receive WiFi settings based on dynamic events such as the time of day, device user, device type, location, or security posture.
If you would like to find out more about Systems Manager Sentry, then you can attend one of our specialist Sentry webinars, or alternatively contact your Meraki representative for more information. If you are an existing Meraki WLAN customer, Systems Manager offers an industry leading MDM capability with a unique level of network integration, that due to its simplicity can secure and automate your IT operation in minutes.
Earlier this week we announced some exciting new additions to the Cisco Meraki portfolio. While yesterday’s post extolled the virtues of Meraki switch stacking, today we look at the new MX84 cloud-managed security appliance and the Intelligent WAN (IWAN) capabilities that will be available in beta later this month.
Introducing the MX84
The MX84 follows in the footsteps of the MX64, which was released in February 2015. While the MX64 boasts higher overall performance than its predecessor and the option for 802.11ac wireless, the MX84 likewise offers a significant improvement in throughput over the the MX80, along with twice as many Ethernet ports and the addition of two SFP ports for fiber connectivity.
These improvements are aimed at allowing administrators to deploy the MX84 in a variety of network designs without worrying about encountering throughput bottlenecks or having to add extra infrastructure to connect everything they want to connect – all at the same price point as the MX80.
Make way for IWAN
Earlier this year we announced that a series of IWAN features would be coming to the MX product line, and since then the Cisco Meraki development team has been working hard to ensure we deliver those features with the same blend of powerful functionality and simple, intuitive configuration that Meraki is known for. Later this month these new IWAN capabilities will be made available to all MX customers through an open beta. However, we want to give you a sneak peek of what configuring IWAN on the MX will look like.
To do this, let’s imagine a few scenarios in which IWAN might be useful. First, we have a branch office with two broadband internet links where the administrator wants to make sure that VoIP traffic back to headquarters always uses VPN over the better-performing link. To accomplish this, the administrator creates a VPN uplink selection policy for traffic from their VoIP subnet, like so:
This straightforward policy will use preset metrics to determine what the best VPN path is for VoIP traffic. If the best link changes, traffic paths will be adjusted accordingly.
Now imagine that rather than two broadband links, the branch has one broadband link and an MPLS connection. The administrator wants to send VoIP traffic over the MPLS, since it is likely to have better performance. However, if MPLS performance begins to suffer from high latency it may be better to use the broadband link. That can be accomplished with a slightly different policy:
The administrator has specified a preferred uplink (WAN2), so that link will be used by default. Since performance failover is enabled, if the WAN2 link fails to meet the performance standards configured in the ‘Tons of latency’ category, VoIP traffic will be moved to the WAN1 link. Multiple performance categories can be created depending on the needs of the deployment.
These are only a few examples of how IWAN features can be used to improve network performance and resiliency. Stay tuned for the open beta later this month to see the full capabilities of Meraki IWAN.
Tell me more!
If you want to know more about the MX84, IWAN, or the MS350 switches, be sure to register for one of next week’s launch webinars using the links below.
The Meraki mission is to make IT simple. In addition to all the benefits a cloud-managed platform brings to our customers, this mission also means investing heavily in data protection, privacy and security, and being transparent with customers about their concerns. In light of the recent decision of the European Court of Justice that invalidated the US-EU Safe Harbor Framework, Meraki is taking additional steps to address customers’ questions and concerns about the processing of personal data by Meraki on their behalf.
As a contractual matter, Meraki is now making available to its European customers a Data Processing Addendum (DPA) that governs all processing of personal data. Any personal data that is processed outside the EEA will be governed by the European Commission’s Standard Contractual Clauses (also known as the EU Model Clauses), which are attached to the DPA. The EU Commission has recently affirmed that this contractual method is a valid basis on which to transfer personal data outside the EEA. So our European customers can continue to confidently deploy scalable, secure networks that comply with applicable regulations across the EEA.
Perhaps more importantly, the Meraki cloud-based architecture is built from the ground up with data protection, privacy, and security in mind. Foremost among these features is ourOut-of-band Control Plane, which dramatically limits the amount of personal data that is transferred from any customer device to the Meraki cloud.
In 2014, in response to growing doubts about the future of the US-EU Safe Harbor Framework, Meraki built theEU Cloud, enabling customers to ensure that their data is stored only in data centers located in in the EEA. And by taking a few additional steps described in ourEU Cloud Configuration Guide, customers can prevent the transfer of any personal data outside the EEA.
Back in early 2012 the world of switching was disrupted by a bold newcomer. For the first time the benefits of centralizing management in the cloud were applied to the switch network, and the life of the network admin became significantly easier.
Suddenly switches could be prepared for deployment without even removing them from their boxes. Units could simply be shipped directly to sites and while in transit have their config pre-staged, so that the recipient merely needed to power them on and connect them to the Internet.
Suddenly it was easy to see how the wired network was being used, with the same level of detail as Meraki wireless customers had already been enjoying for years. While possible with other switches, Layer 7 visibility had never been so simple, and accessible.
Suddenly the network engineer at HQ could easily troubleshoot switches deployed all over the state, the country, the world, to a level of detail previously unobtainable. Never before had it been possible to run an ad-hoc, full-blown packet capture on a network port thousands of miles away.
Taken together, these developments quickly reduced the operational expense of running a switch network, particularly a geographically disperse one. One other new feature significantly eased the burden of multi-site management: virtual stacking.
Virtual stacking was, and remains, transformational, eliminating the physical constraints of a switch stack – most commonly 4 or 8 co-located switches – and allowing multiple ports to be simultaneously configured based on a common variable. For example, all ports tagged ‘VoIP’, potentially running into thousands, can be simultaneously edited so they can be placed into the appropriate Voice VLAN. A newly created network access policy can be applied to every port facing network users across every company location.
Virtual stacking was a groundbreaker and has helped thousands of Meraki customers improve management efficiency. The good news is that this week’s announcement of new physically stackable switches changes nothing for those customers happily using virtual stacking today. The feature remains a clear differentiator across the Meraki switch family.
The new MS350 line of physically stackable switches was developed to address a couple of specific challenges our customers fed back to us. Firstly, bandwidth. It is now possible to create aggregated links between adjacent stacks of switches (or to a core/aggregation switch) comprising up to 8 x 10Gb/s links, with all of these forwarding traffic.
Secondly, dedicated stacking connectors open up new connectivity and bandwidth possibilities. Connecting adjacent switches no longer requires the use of a regular SFP+ port, meaning these can be used for uplinks, or connections to high-performance servers. Also, the new stacking connections provide exceptionally fast throughput between switches in a stack; 80Gb/s full duplex from each stack connection on the switch. And because this is Meraki, you get a ½ meter stacking cable in the box with every MS350, with longer cables on the accessories list.
To maximize stack bandwidth, a technology known as spatial reuse is employed. Packets destined for a device connected elsewhere in the stack travel via the dedicated stacking links on what we call a stack ring, from switch to switch. When the packet’s destination switch is reached it is removed from the stack ring, thereby freeing-up bandwidth on the ring for other stack switches to use. With spatial reuse, Meraki MS350 switches can provide up to 160Gb/s of aggregate stack bandwidth, ample for today’s high-performance network.
If you’re wondering how the introduction of physical stacking impacts our much-loved virtual stacking feature, we have good news – nothing changes! The ability to configure thousands of ports simultaneously works identically across ports on both standalone and physically stacked switches. In other words, with Meraki stacking, you really can have your cake and eat it!
We’re excited to be bringing these stackable switches to the market, furthering our push into enterprise grade networks. A new stacking whitepaper has been added to our documentation library, and don’t forget an evaluation is just a phone call away. Lastly, we regularly run switch-specific webinars where we demonstrate what it’s like to be a network engineer enjoying all the aforementioned capabilities and more.
Today is an exciting day at Meraki HQ. Following months of hard work by our hardware and software engineering teams, we’re delighted to announce new additions to our switch and security appliance lines which will help our customers build larger, faster and more robust networks.
Meraki has revolutionized the world of network management, reducing cost and complexity for tens of thousands of customers. With so many organizations operating distributed networks, Meraki provides an elegant solution that scales beautifully, with no loss of performance, lightening the administrative load and delivering exceptional operational savings.
Two factors prompted us to create new hardware. First, internet connections are becoming faster by the day, demanding ever-increasing performance from the networks that connect to them. Secondly, building larger networks introduces fresh challenges around network topology, cabling capacity, and performance. In 2015, all networks can be seen as mission critical, but inevitably this applies particularly to larger networks containing more equipment and supporting more activity. The network absolutely must be built to work around failure scenarios and deliver fast, seamless connectivity.
To address these challenges, Meraki is introducing a powerful security appliance for the branch, and the world’s first cloud-managed range of stackable switches. Say hello to the new MX84 security appliance and the MS350 switch family.
The MX84 packs a real punch, with double the performance and capacity of its predecessor. Port counts are up on the new model, with two dedicated WAN ports for active-active Ethernet/VPN WAN links. LAN connections have increased too, with 8 Ethernet ports (up from 4 on the previous model) and the addition of 2 brand new SFP fiber ports.
Since the MX84 (and the other MX models) support dual WAN connections, it’s important to ensure that both connections can be used to their fullest potential. To that end, Meraki is announcing support for dual-active VPN connectivity and Intelligent WAN (IWAN) features. With Meraki IWAN, customers will be able to configure their security appliances to support automatic policy-based and performance-based routing decisions, ensuring more demanding applications get the bandwidth they require, and seamless failover in the event a VPN connection is dropped for any reason. Joe, our MX product marketing manager, will be back in a couple of days with a more detailed blog post covering these new capabilities for the product line.
The MS350 line of physically stackable switches sets a new standard for combining power with simplicity. Delivering best-in-class performance and enabling resilient, full-bandwidth connections to the aggregation layer, the MS350 is ready for today’s demanding network clients, providing fast lane access to the server and cloud-based applications we increasingly rely on to do our work.
Let’s take a look at the hardware. Under the hood the MS350 line boasts a more powerful CPU and more memory, helping the 350 support larger client device counts with the performance they require. From the front, the MS350 switches look almost identical to our existing line of Layer 3 switches, although those with a keen eye will notice a couple of design tweaks. Flipping the switch around, we immediately see just how much has changed at the back.
The MS350 has a new, dedicated management port which provides access to the switch’s local management interface, so that this no longer takes up one of the ports on the front of the switch. MS350 switches feature two built-in stacking interfaces, enabling up to 8 switches to operate as a single physical switch with up to 160 Gbps of stacking bandwidth. The new switch family introduces another enhancement for the access layer; hot-swappable fans in addition to the power supplies.
Tomorrow we’ll be back with another blog post in which we’ll take a more detailed look at the stacking capabilities of the MS350 line, and how physical stacking works together with virtual stacking, a feature which we pioneered back in 2012, and which is a defining feature across the Meraki switch line.
Taken together, these new products and the announcement of our support for Intelligent WAN features enhance Meraki’s value as a complete enterprise networking solution, all managed with the intuitive, simple interface for which we’ve become renowned. These exciting products will be shipping soon. To try them in your network, please reach out to your Meraki contact to arrange an evaluation. In the meantime, stay tuned for more details about today’s exciting announcement, including webinars in your region:
