New MS Features for Large-scale Networks

A collection of new MS switch features designed to help secure the network and enhance performance for large-scale networks

Let’s face it – we tend to love acronyms in the networking world. HTTP, DHCP, ACK, NAC and NIC. Are we speaking your language yet? Great! Because our team has been busy adding new capabilities designed for large-scale networks, and they’re packed full of acronyms. Let’s take a deeper look!

 

Multi-domain Authentication (MDA)

Secure networks often have port security features enabled on wired ports, such as 802.1X with RADIUS authentication. Multidomain authentication (MDA) allows both a data device and voice device, such as an IP phone, to authenticate on the same switch port. In the examples below, see how enabling Multi-Domain mode affects the authentication scenario:

no MDA graphic

In Single-host mode, only one device is required to authenticate

MDA graphic

In Multi-Domain mode, both devices are required to authenticate

Without MDA enabled, authenticated IP phones containing a built-in Ethernet switch will allow any devices that subsequently connect downstream on the LAN, without requiring additional authentication. MDA adds enhanced security and control by enforcing per-client authentication for both the IP phone and anything connecting in downstream, such as a workstation. See our online documentation to learn more about this feature and how to enable it.

 

Change of Authorization (CoA) with URL Redirect

We recently announced support for Network Access Control (NAC) solutions, including Cisco’s own Identity Services Engine (ISE). For any network that relies on URL redirects – a central web authentication process that lets you redirect any device that plugs into the network to an authentication server – Meraki MS switches now support URL redirect requests as part of our Change of Authorization (CoA) features. Additionally, Meraki switches allow you to optionally configure a walled garden, letting you add IP ranges that users are permitted to access prior to authentication. This feature is currently available on the MS225, MS250, MS350 and MS400 series. For further information please visit documentation.meraki.com.

 

Protocol Independent Multicast (PIM) Routing and IGMP Querier

Multicast has become an increasingly more prevalent method of transmitting media, particularly for media-rich solutions such as overhead paging and IP video. With many networks now relying on switches to handle routing of IP traffic, support for IGMP querying and multicast routing has become critical, particularly in larger networks.

We are excited to announce new features that make handling of multicast traffic a breeze:

  • Multicast routing support is now available on the MS350 and MS400 series, enabling larger scale networks to handle routing of multicast traffic via PIM sparse mode.
  • IGMP Querier support can now be configured on all MS switches.

See our online documentation on these features to learn more!

 

These features are rolling out over the next few weeks and will be available on the latest software update for MS switches. For questions or support, please email [email protected]