The last decade has seen a drastic increase in the number of network-connected devices. Because of this, it has become more and more difficult for administrators to manage access, security, and traffic policies for all of the clients in their networks. As with a lot of other IT challenges, the key to solving this problem lies in automation – removing as much of the manual work as possible by creating ways to dynamically and intelligently assign policies to clients. One of the most effective ways to accomplish this is through a technology known as Change of Authorization (CoA).
At the most basic level, CoA is just a mechanism for changing the policy of an already-connected client. While that might sound pretty simple, there are actually a variety of ways that CoA can be used to solve complex problems in a wireless network. For example, you might want clients to have different levels of network access based on the current security status of the device, often referred to as its “security posture”. A device’s posture includes things like whether it has up-to-date antivirus and anti-spyware software installed, whether the latest operating system security patches are installed, or even whether a certain application is installed on the device. Using CoA, you can send information from Cisco’s Identity Services Engine (ISE) or similar solutions to a Cisco Meraki AP informing it of any changes to a device’s posture. The AP can then apply the appropriate policy to that client, even if it is already connected. You can also leverage ISE to perform Central Web Authentication (CWA) in order to implement automatic authentication and policy application for guest users.
Like all Cisco Meraki features, we took care to ensure that CoA is simple to implement. For administrators who wish to use Cisco ISE as their RADIUS and CoA server, it’s as easy as navigating to the Wireless>Access Control page and selecting ‘WPA2-Enterprise with my RADIUS server’ in the Association requirements section, and ‘Cisco Identity Services Engine (ISE) Authentication’ in the Splash page section.
Add your ISE server information under RADIUS servers, and you’re good to go! Your APs will now redirect users to the ISE web portal for authentication when they connect, and will respond to CoA messages sent by the ISE server.
For other popular solutions like PacketFence, the process is just as easy. Instead of selecting ISE Authentication from the Splash page options, set RADIUS CoA support to ‘RADIUS CoA enabled’ in the RADIUS server options on the same page.
The AP will now respond to CoA messages sent by the RADIUS server.
These features are currently in open beta. If you want to try them out, you can reach out to our Support team or to your Cisco Meraki Systems Engineer to join the beta. For more information on configuring CoA on Cisco Meraki MR access points or to learn more about this feature, check out our documentation.
With customers hailing from every corner of the globe, we wanted to find out how Meraki products were being put to use abroad. This week, we’re turning our attention to Switzerland, highlighting three very different use cases. From rugged mountain terrain to rehabilitation centers to product development and manufacturing, let’s take a look at how these Swiss companies are benefitting from the Meraki solution:
High in the Swiss Alps, Zermatt Bergbahnen provides visitors with breathtaking vistas and provides skiers access to 200km of pistas. The largest cable car and lift company in Switzerland, Zermatt Bergbahnen has placed its customers’ interests, and their desire for WiFi access, at the top of the priority list.
The company installed a mixture of Bluetooth-enabled 802.11ac MR32 indoor APs and MR72 outdoor APs throughout its resort and transport facilities. These APs withstand temperatures between -30℃ to -35℃, more than 4,000m above sea level, and provide free WiFi to guests and company-issued employee devices. Not only is the IT team benefitting from their newfound network visibility and Layer 7 application control in the Meraki dashboard, but they’ve also installed the Meraki MDM solution so employees have access to the Skidata system on their corporate devices.
Moving our focus to the Zurich highlands, Zürcher Höhenklinik is a rehabilitation centre seeing over 5,000 patients annually with both in-patient and out-patient services. The needs of this centre encompass more than traditional guest and corporate usage. The IT team has 6-8 wireless SSIDs configured at any time to provide access to patients, mobile workers, medical staff, and guests.
What makes the usage for this customer interesting are the WiFi-enabled medical treatment machines. By deploying Meraki wireless APs, the IT team can remotely customise the needs of each user group, providing additional bandwidth for mission critical uses, employing Layer 7 application limits for fair guest use, and isolating the LAN to ensure security of sensitive client information. The centres were able to create custom rules for each use without having to deploy additional devices or solutions.
This small, family-run business has exploded onto the market as one of the most important developers and manufacturers of shakers, bioreactors, and bioprocess software in the world. INFORS HT has a global footprint and was looking to refresh its network infrastructure to reflect and ultimately increase the innovation, collaboration, and ingenuity that had brought the company such success.
Over the course of just a couple days, the IT team installed Meraki wireless, switching, and security appliances in its Swiss headquarters and all of the distributed world-wide locations. Whether using personal or company-issued devices, employees can instantly access resources after inputting their security credentials and can communicate with the different sites seamlessly via the site-to-site Auto VPN functionality. Not only has the IT team made it a breeze for users to carry out their day-to-day activities, but they themselves are also benefitting from the ease of use in establishing custom settings and per-port configurations.
Here in Northern California, two names that are known in every household are Brookstone and Orchard Supply Hardware (OSH). What may be less widely known is the networking solution that helps power these organizations – you guessed it, these are both Meraki customers. Read below for a glimpse behind the scenes of these networking stories, or check out the full case studies here.
Specializing in innovative and useful consumer goods, the Brookstone team is dedicated to consistently improving the shopping experience for their customers. They are able to focus their efforts on this high-level mission with the reliable, no-nonsense network that Meraki cloud managed wireless and switching solutions provide.
Rock-solid WiFi coverage became increasingly important to the Brookstone store experience, where associates and customers required access to detailed information about the company’s thousands of products. Brookstone’s former WiFi network proved unable keep up with this increased need for reliability and traffic capacity. The team did a proof of concept with the Meraki cloud managed solution, and “fell in love with the Meraki technology, especially the ease of use, accessibility, and how simple it was to set up,” shared Doug Reczko, Operational VP of IT at Brookstone.
In each Brookstone store, there is now one MS 8-port Switch with a MR32 802.11ac Access Point wired into it. From there, depending on the size of the store, several other MR32 APs connect via wireless mesh to provide fast and seamless connectivity for all business users, without having to cable the entire store.
With nearly 225 stores across the United States, the simple, scalable mass-management inherent to the Meraki platform is a necessity for Brookstone. The team is able to log into their Meraki management dashboard and instantly see all of their locations, learn which sites are running smoothly and which need attention, and drill down into specific devices for further insight and troubleshooting.
“My goal as an executive is to bring our services to a higher level and do it better, faster, and for less; the Meraki tools allow us to do that,” said Doug.
OSH is a successful home improvement retailer with over 70 stores throughout California and Oregon. With a lean IT team managing the network for all locations, Meraki cloud managed access points and switches enable the retailer to focus on its customers and high priority projects, rather than routine network maintenance.
Challenged by limited IT resources and tired of traditional on-premise controller models, Moon Son, Senior Director of IT Infrastructure at OSH, initiated a proof of concept with Meraki wireless access points. OSH needed a reliable wireless network for inventory scanning, price look-up, and other critical retail functions. Moon and the team soon developed a close relationship with their Meraki sales team as they worked together to figure out the best setup for their unique environment and business initiatives. “Meraki was very attentive to our needs and provided great customer service, setting them apart from other vendors we were looking at back then,” Moon said.
Today, all OSH locations still boast the same MR16 802.11n APs that they purchased following that initial meeting. “The investment is still working for us, and I’m happy to say that all the features we have wished for have also been developed over the years,” Moon expanded.
The visibility and ease of management inherent to Meraki hardware and the cloud based management dashboard have been valuable assets for the OSH IT team. “Being able to schedule firmware and feature updates and not having to plan maintenance activities has been a huge benefit for my team, and a big cost saver in terms of resource allocation and time,” Moon shared.
However, Meraki proved most useful this past summer when the team set out to construct a new IP schema across their entire network for a new point of sale initiative, while also integrating new switches. “We touched every single network device, every single endpoint, put in new switches, re-did our routers to recognize the new IP scheme, everything,” Moon said. “This was a monstrous effort, and Meraki was a huge, huge help.”
Get more details on the ins and outs of this giant project in the full case study here.
We hope you enjoyed learning about these featured customers! Check out our Meraki for Retail guide to see how we can help businesses of any size leverage their networks in a scalable and flexible manner.
We’ll also be hosting a live webinar where a Meraki product specialist will give a tour of our cloud managed dashboard and tailor the capabilities of Meraki specifically to retail. Sign up for the webinar here.
We’ve just wrapped another hugely successful Meraki Quarterly, recapping everything we’ve been doing over the past 3 months. Since its inception last year, the Quarterly has grown to become the perfect vehicle for comprehensively reviewing what’s new and recent within each of the four product groups here at Meraki HQ. Assembling the team together in the same room at the same time is never easy – akin to herding cats – but when it happens the results never disappoint.
Here’s a quick recap of what we covered this time around:
Raviv shared information about our new integration of Advanced Malware Protection (AMP) on our security appliances. AMP provides real time protection against malicious files destined for a network user by checking them against a huge and growing database. AMP is currently in beta and will be a free feature upgrade for MX Advanced Security customers.
Tony provided a recap on our new stackable 1GbE fiber aggregation switch line, the MS410 and also took the opportunity to run through switch templates, a very exciting and powerful new management feature which we covered on the blog recently.
Enterprise Mobility Management
Systems Manager continues to see new features being added at a breakneck pace, truly exemplifying the high feature velocity for which Meraki became renowned. Paul ran us through the recent announcements which have extended feature support on iOS, Mac OS X, Android and Windows.
Matt took the opportunity to remind attendees of our exciting new developers portal. There are some extremely smart people out there, developing innovative solutions which leverage Meraki infrastructure and our range of APIs. There was also our new flagship MU-MIMO 802.11ac AP to shout about, the MR42. Finally, he generously put up a pair of limited edition Meraki socks as a prize in a selfie contest, because why not? There’s still a couple of days to submit photos.
We don’t want anyone to miss out on the Quarterly, so we’ve put a recording online. If you missed the session, or even a part of it, we hope you’ll find this useful.
We’ll be back in July with what promises to be an exceptionally exciting session. Look out for invitations nearer the time.
We offer a variety of live and recorded webinars hosted by Product Specialists focused specifically on K-12 environments and deployments. We were recently joined by Scott D. Miller, Director of Technology at Wayne Highlands School District, who shared his story on managing Meraki APs, switches, security appliances, and MDM. This webinar even features Scott adding a Meraki AP to their network on air!
Last minute E-Rate questions?
Check out our handy customer FAQ to answer your most pressing E-Rate questions. From the basics of the E-Rate program to how Meraki and E-Rate interplay, this will cover it all!
Who doesn’t love a deal?
E-Rate eligible schools and libraries can take advantage of the Meraki K-12 promo*, which offers a steep discount on 5 year licenses associated with new hardware purchases. Reach out to your Meraki rep to learn more about the promotion.
Interested in learning more about K-12 for Meraki in general?
Our K-12 solution guide and customer stories are great places to start! The solution guide provides you with a quick overview of what Meraki can offer K-12 environments, while our customer stories give insight on how current customers are using Meraki and why it’s their solution of choice.
Good luck finishing off the FY16 E-Rate season. Remember, summer break is just a few months away!
*All Meraki hardware and licenses are 100% E-Rate eligible with the exception of MX Advanced Security license (50% eligible) and Systems Manager licenses (not eligible) per the Funding Year 2016 eligible services list. Meraki K-12 Promo running through July 1, 2017.
Cisco colleagues and partners! What will you be doing at 9:00am Pacific Time this Thursday, the 7th of April? We hope you consider tossing your date book, setting your emails aside, and joining us for the second Meraki Quarterly Update of 2016.
During this live, one-hour session, Product Specialists from our Wireless, Switching, Security, and MDM solutions file into our webinar room and take turns delivering the latest news about their respective products. These are the technical evangelists who shape the direction of our products, and they are looking forward to sharing news with you and hearing any questions you have in return.
Whether you are just curious about what Meraki’s been up to, or would like to learn how your existing Meraki network has improved over the past couple of months, this webinar is valuable for anyone familiar with the Meraki cloud managed offering.
Partners: Sign up here (Listed under the ‘Training’ tab in the Partner Portal)
The fun doesn’t stop there! We want to share this event with our customers as well, and will be hosting a live viewing session on Tuesday, April 12th at 10:00am Pacific Time. We will play back the Quarterly from the week before, and will have Product Specialists on the webinar answering incoming questions live.