Archive for March, 2018

3 Steps to Start Your Smart City Journey

Becoming a “smart city” is something that towns, cities, states, and even countries are striving to achieve. But what does it actually mean to become a smart city? Where do you start? How do those initiatives benefit your community?

To find out, I spoke with Stephen Dawe, CTO at The City of Opelika, Alabama. Stephen is on a journey to make Opelika a digital city, and he takes a systematic and thoughtful approach in deciding which projects to take on and which ones to leave on the sidelines. The conversation highlighted three steps that state and local government IT teams can take today to launch their own smart city projects:

Step 1: Determine if the Project Supports Your City’s Mission

It is easy to get wrapped up in wanting to implement the latest shiny and flashy technologies. But will those technologies support the goals of your community? To get buy-in from the mayor, governor, or city manager, and to see the most success, focus on projects that will help you deliver on your city’s mission. Citizen demand can also be a good starting point: if citizens are asking for it, and it supports your city’s mission, the technology is worth exploring. Make a list of your top five projects, and move on to the next step!

The City of Opelika’s mission focuses on three things: to improve the quality of life for citizens, provide jobs through economic development, and be good stewards of citywide resources through sustainability. Stephen will only evaluate smart city projects that support one of these three areas, making his smart city strategies much more tailored to the city’s needs.

Step 2: Identify Technical Feasibility

Let’s say you want to implement sensors in every street to monitor and reroute cars because traffic is problematic in your community. But what if half of your streets are windy mountain roads, making it challenging to run end-to-end cabling? Does it still make sense to deploy sensors as well as a network to support them? When evaluating smart city projects, remember that the goal is to deliver outcomes that will deliver on your city’s mission, not necessarily to have the technology everywhere. Select the technologies that will be feasible to implement and will drive the biggest impact.

Stephen wants to work towards closing the digital divide in Opelika. But when he realized that covering the entire city with public Wi-Fi would be extremely difficult due to vast forested areas throughout the city, he determined this was not technically feasible. Instead, he is focused on rolling out public Wi-Fi in underserved areas, public libraries, and all government-owned buildings and areas, so that people can access the Internet when and where they need it. This will not only help bridge the digital divide, but will deliver on the city’s mission to improve quality of life and provide more economic opportunities for residents.

Step 3: Don’t Do it Alone: Find the Right Partners  

When exploring smart city projects, it is easy to quickly become overwhelmed. Even after narrowing down the projects you want to work on, and determining their technical feasibility, how do you actually get started? Find the right community and technology partners to help you on your journey; it is impossible to do it all alone. From your prioritized list, start thinking about who you can tap to help you plan out and execute your projects, from local universities to technology partners.

Stephen identified a handful of partners to work with to plan and launch his smart city initiatives. The short list includes various Cisco solutions, including Meraki, CIMCON lighting, and Auburn University, in addition to his collaboration with the Mayor and Government office heads. Each of these partners plays an important role in delivering on his smart city goals.

Now that you have a framework, what are you waiting for? Start planning and strategizing your smart city projects today. Still feeling a bit overwhelmed? Listen to this webinar recording to hear Stephen explain firsthand which smart city projects he chose to start with, how he plans to develop and install the technologies, and how he thinks the projects will benefit city residents. Or, attend an upcoming webinar to see a live demo of the Meraki dashboard in action and get your questions answered.

Auto RF

By Steve Harrison



This is the sixth in a series of blog posts that focus on wireless technology and security at Cisco Meraki.

The frequency spectrum that wireless networks operate in are shared frequency spectra; this is one of the reasons that Wi-Fi networks are so polite with one another. However, there are many more potential sources of interference, such as Bluetooth and microwave ovens in the 2.4GHz spectrum or medical scanners and radar in the 5GHz spectrum.  

These sources of interference can have a detrimental effect on the usability of wireless networks. Meraki Auto RF is a powerful and automated RF optimization solution that ensures that Meraki APs create the best possible environment for the clients served.  

Listen and Learn

Auto RF is able to do this because all Meraki APs have a dedicated security radio that also provides visual spectrum analysis. The Meraki APs also share this data with the Auto RF algorithm to determine the optimal channel plan and transmit power appropriately. In addition to this, Meraki network administrators can also get access to real-time channel utilization scans from the live tools section of each and every AP, as shown below:

This gives the administrator both instantaneous and historical data about interference sources seen by that particular AP. This listening radio can also be accessed to provide information in an industry-standard format too, which has traditionally only been available on dedicated spectrum analysis tools.

For customers with older Meraki APs without dedicated listening radios, it is possible to configure the access radios so that they periodically stop serving clients and start listening to the RF.  

Automatic for the People

Meraki Auto RF is actually made up of two different elements, Auto Channel and Auto Tx Power.

Auto Channel

Auto channel is enabled by default on Meraki networks but can be turned off if desired. When enabled, the Meraki dashboard follows best practice for channel use, meaning that only the three non-overlapping channels in the 2.4GHz spectrum are available. In the 5GHz spectrum, the channels available to the AP depends on both the country and hence regulatory domain that the AP is installed in and the type of AP, i.e. indoor or outdoor. Additionally the network administrator can choose to exclude DFS channels, which will prevent the AP from having to roam away from a channel if a radar signal is detected. Finally, administrators can also select the default channel width for transmission in the 5GHz band, as 802.11n supports channel widths of 40 MHz and 802.11ac supports channel widths of 80 MHz and up to 160 MHz, although 160 MHz is not suitable for enterprise deployments or supported in the Meraki dashboard.

In order to tune the transmit channel, the APs track the following three things:

  • Usage Demand APs within the dashboard network are monitored for their usage demand, i.e. the number of clients and amount of traffic being served by the AP. These values are mathematically combined so that each AP has a weighted value. This value is then used to ensure that the cleanest channels are utilized in the most demanding areas.
  • Airtime Availability – Each access point listens to the contention and airtime availability, i.e. free time in the medium, for each channel and bandwidth combination. When this data is aggregated it can be used to maximize the available airtime for all APs in the network, also known as the Basic Service Set (BSS), and also minimizes contention and improves client roaming performance. All visible APs — even neighboring APs — are considered in this metric, with Meraki APs being weighted higher to optimize roaming and airtime usage distribution. As opposed to just being polite (i.e. presuming they have as high a priority to the airtime as the Meraki AP and they’re clients)  with respect to neighboring networks and APs, this metric ensures that the AP and its clients also have ample airtime availability.
  • Channel Utilization – This metric includes both 802.11 and non-802.11 (Bluetooth, microwave ovens, etc.) sources of spectrum utilization. These external sources of interference are detected and accounted for within this metric.

The dashboard uses this information to tell the APs to move to a different channel if, say, a new AP is added, a channel becomes jammed, or the network administrator clicks the “Update Auto Channels” button.  

Channel moves can also be triggered by the “Steady State” process, which runs every 15 minutes. The Steady State process will instruct the AP to move channels if a better channel, based on the above criteria exists. However, the Steady State process is aware when a channel is being used for point-to-point communications and it will not change the channels of APs acting as a gateway AP.  

Auto Tx Power

Auto Tx Power operates by sampling the signal-to-noise ratio of neighboring APs in the same network. These readings are compiled into neighbor reports that are sent to the dashboard for processing. All AP neighbor reports are then aggregated and the dashboard leverages that aggregated data to determine each AP’s direct neighbors — APs that clients being served by the AP are likely to roam to — and how much each AP should adjust its transmit power to optimize cell coverage. The dashboard completes this calculation and instructs the APs to adjust their respective transmit power once every 20 minutes.  

As with Auto Channel, Auto Tx Power is mesh-aware and the same Steady State process/algorithm prevents power adjustments for APs that are acting as a gateway for an active mesh repeater.


Meraki’s Auto RF technology auto-tunes the RF for all but the most particular RF environments, and it does so without any need for additional appliances, services or licenses, by leveraging the power of the power.


MX Marks the Spot — Singapore



It is your responsibility to read and understand the information provided on these pages before participating in the Program. These pages are frequently updated. Further, it is your responsibility to check these pages regularly to determine whether the provisions have been modified. If you do not agree to any such modification, you must immediately cease participation in this Program by contacting the Program Centre listed on the following website: (“Program Website”). By continuing to participate in the Program after such modification, you are hereby deemed to have agreed to such modification.

  1. The Program Description

(a) The Program will be available from 1 April 2018 and ends on 30 June 2018 or as otherwise specified in the Program Website (“Program Period”), or until terminated in accordance with these Terms and Conditions, and shall serve as an on-going or continuing Program for Participants until termination or expiration.

(b) The Program will run in Singapore (“Participating Country”), and Cisco has the absolute discretion to add or remove any the country(ies) at any time.

(c) By participating in the Program, Participants warrant that they are eligible to participate under their country’s relevant laws, including those governing prizes and rewards.

(d) Cisco reserves the right to disqualify any Participant or Participant Representative (each as defined below) and remove all Rewards if Cisco determines that Participant’s participation in the Program, receipt of a reward, or the Program itself violates any relevant laws and/or the Terms and Conditions, or if the Participant is ruled to be ineligible.

(e) Likewise, Cisco reserves the right to disqualify and remove any Rewards of any Participant that (a) Cisco suspects of fraud or other unlawful conduct in claiming Points or (b) Cisco believes has purchased products in violation of Cisco’s Distribution Channel Policies or Cisco’s Direct Channel Policies (whichever is relevant). At a minimum, the Participant’s account will be frozen during the review period and no transaction/activity will be allowed.

2. Program Eligibility

(a) The Program is open to authorized Cisco Meraki Channel Partners in Singapore (“Participant”) and in particular to Participant’s Account Managers, Senior Account Managers, Account Executives, Inside Sales Account Executives or Sales Managers, as approved by the Participant (each a “Participant Representative”).

(b) Employees of Cisco and/or its Affiliates and their immediate families and anyone else professionally connected with the Program, shall not be eligible to participate in the Program. “Affiliate,” means any person, partnership, joint venture, corporation or other form of enterprise, domestic or foreign, which directly or indirectly control, are controlled by, or are under common control with Cisco.

(c) Each Participant must ensure that his/her participation in the Program is lawful and is in accordance with the applicable laws in the country where they are employed.

(d) Each Participant is responsible to ensure their eligibility to participate in and/or receive Rewards in this Program and similar programs and promotions, in compliance with all applicable rules, regulations and policies.

(e) The Participant acknowledges that Cisco may, at its sole discretion, restrict, suspend, withdraw or otherwise alter aspects of or the whole of the Program, with or without notice at any time to the Participant.

(f) Cisco may at its sole discretion, restrict, suspend or withdraw membership to the Program.

(g) Participant must provide sufficient particulars, including organization or company address, email, fax and phone numbers (hereinafter called the “Contact Particulars”) to ensure that all Program communications are being sent to the proper address. The Participant must notify the Program Service Centre through the Program Website immediately of any change to the Contact Particulars. If the Participant fails to do so then Cisco or any of its vendors will not be held responsible for any loss that results from the above.

  1. Earning Rewards

(a) Each Participant Representative, through their respective Participant, will be able to earn Rewards by booking sales and/or purchases of Meraki Products as listed in the table below and as further detailed in the Program Website (hereinafter “Eligible Products”), during the Program Period. Participant Representatives will be entitled to receive the applicable Reward (through their respective Participant) each time the Participant Representative meets the Reward Criteria in accordance with the table below subject to the maximum Reward amount in Section 3(e):

Eligible Products Reward Criteria Reward
 Any Qualifying Product A Participant Representative must close a Qualifying Meraki Deal worth at least $5,000 USD but less than $20,000 USD (the “Tier One Product Minimum”) with a single customer account during the Program Period. SG$200 gift voucher (“Tier One Gift
A Participant Representative must close a Qualifying Meraki Deal worth at least $20,000 USD (the “Tier Two Product Minimum”) with a single customer account during the Program Period. SG$500 gift voucher (“Tier Two Gift

(b) Meraki Products” means the line of Cisco Systems, Inc. (“Cisco”) products branded as the Cisco Meraki cloud-networking products, listed at

(c) “Qualifying Meraki Deal” means a deal, or multiple deals with the same account, that (i) include sales of Qualifying Products equal to or greater than the applicable Tier One or Tier Two Product Minimum (and not returned during the 30-day return window) to a single Meraki account, and (ii) are closed during the Promotion Period. No account can give rise to more than one Qualifying Meraki Deal, and only one Participant Representative can receive credit for each Qualifying Meraki Deal.

(d) “Qualifying Products” means Meraki Products with SKUs beginning with MX, Z1, or Z3.

(e) The maximum aggregate value of voucher Rewards that may be earned by any one Participant Representative will be $1,000 USD.

(f) Cisco reserves the right to change the basis on which Rewards are awarded at any time, without notice, at Cisco’s sole discretion, and without any liability or compensation to the Participant.

  1. Delivery of Rewards

(a) The Participant must submit all claim forms before 6 July 2018. Late claim submissions will not be processed. Participants must complete the claim form in its entirety and provide all required information, or your claim will be rejected. The claim form is available at the Program Website. Cisco reserves the right to request supporting documentation in order to validate a claim.

(b) Cisco will calculate Rewards after the completion of the Program Period and notify winning Participants of achieved Rewards.

(c) Delivery of Rewards will be done within 90 days of the Program Period completion.

(d) Cisco may, at its sole determination, withdraw the Rewards in the event: (i) Rewards are suspected to be fraudulently recorded or earned by the Participant; (ii) Rewards are recorded in error; or (iii) Rewards relate to a transaction which has been cancelled.

The following Sections contain General Terms and Conditions.

  1. Changes in the Program

(a) Cisco reserves the right to audit, terminate, suspend, amend, modify, revoke or cancel the Program, including (without limitation) the value of the Rewards, the earning or claiming of Rewards or eligibility criteria, in whole or in part, for any reason at any time without prior notice. Cisco will act reasonably in communicating with Participants through email and the Program Website in the event of any changes to the Program. Without limiting the foregoing, in addition, if for any reason the Program is not capable of running as planned, including due to fraud, foul-play, infection by computer virus, bugs, tampering, technical failures, human error or any other causes beyond the control of Cisco that corrupt or affect the administration, security, fairness, or integrity of the Program, Cisco reserves the right in its sole discretion, to cancel, terminate, modify or suspend the Program. In such event, Cisco reserves the right if feasible to judge and award Rewards as provided herein from among the eligible entries or transactions received or closed up to the time of the impairment.

(b) Cisco may at any time or times without notice to a Participant cancel Rewards (without liability to the affected Participant) or set off any Participant’s liability under or relating to these Terms and Conditions and the Program to Cisco against any liability of Cisco to the Participant (in either case howsoever arising whether in contract, tort (including negligence), breach of statutory duty or otherwise, and whether any such liability is present or future, liquidated or unliquidated). Any exercise by Cisco of its rights under this clause shall be without prejudice to any other rights or remedies available to Cisco.

(c) Cisco reserves the right to suspend or exclude a Participant from participating or continuing to participate in the Program if in its reasonable opinion:

(i) the Participant materially breaches these Terms and Conditions;

(ii) the Participant’s conduct is inconsistent with the object and intent of the Program and/or the Terms and Conditions.

(d) Cisco may in its reasonable discretion cancel all Rewards that have accrued to the Participant if the right to participate in the Program is suspended or excluded.

(e) Rewards are not refundable, replaceable, or transferable for cash, credit, or other rewards under any circumstances. Lost, stolen or mutilated vouchers/stored value cards will not be replaced. Rewards earned under the Program may not be re-sold, bartered or exchanged for other goods or services except as stated on the Reward. All Rewards are subject to availability.

  1. Participant Responsibilities

(a) Participants shall keep full, true, and accurate records and accounts, in accordance with generally-accepted accounting principles, of each Product and Service purchased and deployed or distributed, by serial number, including information regarding Software usage and export or transfer.

(b) Participant shall provide reasonable assistance to enable Cisco to audit the deployment of Cisco Products or Services.

(c) If required by the Program, in order to claim the Program Reward, Participant must submit Participant’s claim form together with the following supporting documents to Cisco, within the timeframes specified in the Program Terms and Conditions or, if no deadline is specified, no later than thirty (30) days from the date of Participant’s submission of the Point of Sale (POS) Information to Cisco:

i. Serial numbers of the relevant Cisco Products;

ii. Program deal tracking number allocated by Cisco must be provided in the POS report and the claim form.

iii. Such other supporting documents or information as may be required by Cisco from time to time.

(d) Any attempt by any Participant and/or Participant’s personnel to deliberately undermine the legitimate operation of the Program may be a violation of criminal and civil law, and, should such an incident occur, Cisco reserves the right to seek damages from any such Participant and/or Participant’s personnel to the fullest extent permitted by law.

(e) Cisco shall not be liable to any Participant or any other person for failure to supply the Reward or any part thereof, by reason of the Reward becoming unavailable or impracticable to award, or for any force majeure event, technical or equipment failure, terrorist acts, labor dispute, or act/omission of any kind (whether legal or illegal), transportation interruption, civil disturbance, or any other cause similar or dissimilar beyond Cisco’s control. Neither Cisco, nor its employees, officers, directors, agents, contractors, representatives, affiliates, shall assume any responsibility whatsoever for failed, partial or garbled computer transmissions; technical failures of any kind, including, but not limited to electronic malfunctioning of any network, hardware, or software or electronic; the incorrect or inaccurate capture of entry or other information; the failure to capture any such information; or human error, theft, loss, destruction or damage to entries, or other factors beyond its reasonable control.

  1. Compliance with the Laws

(a) Participants shall be responsible for compliance with any and all laws, rules, regulations, employment, contractual limitations, and employer’s policies regarding Participant’s and its respective Participant Representatives’ eligibility to participate and/or receive Reward(s) in this Program. If any Participant or Participant Representative is participating in violation of the Participant’s policies, that Participant or Participant Representative may be disqualified from this Program and/or from receiving the Rewards. Cisco disclaims any and all liability or responsibility for disputes in law, or arising between any Participant and Participant’s personnel, including Participant Representatives, related to this matter.

(b) Cisco reserves the right to disqualify any Participant or Participant Representative from participation in the current Program and/or any future reward program campaign or program, and cancel (without any liability to the affected Participant) all associated rewards if Cisco determines, at its sole discretion, that the Participant’s or Participant Representative’s participation in the Program, or receipt of a reward, is in violation of the Program Terms, or if the Participant or Participant Representative is ruled to be ineligible or the receipt of a reward or the Program itself violates the governing law of the Agreement and/or the laws of the country in which the Participant normally resides and works or operates as well as the laws of the country in which the Participant is incorporated and operates.

(c) Likewise, Cisco reserves the right (i) to disqualify and cancel (without any liability to the affected Participant) all associated rewards of any Participant Cisco suspects of fraud or other unlawful conduct in implementing the Program or (ii) to disqualify and cancel (without liability to the affected participant) all associated rewards of any participant who Cisco believes has purchased products in violation of its Cisco’s channel partner Agreement. At a minimum, that Participant’s account will be frozen during the review period and no activity will be allowed to transact against it.

  1. Tax Provisions

(a) The awarding of Rewards is granted exclusively to the Participants and not to Participant Representatives or any other individual irrespective of whether the criteria is met by Participant Representatives or any other individual. The Participant acknowledges that these Rewards may be treated as taxable income and may be considered direct compensation for the purposes of taxation, national insurance or social security contributions (or equivalent taxes or social charges applicable under local law). Participants are solely responsible for any federal, state, provincial taxes, social security, national insurance contributions, social charge or other taxes that may be imposed as a result of receiving Rewards under the Program and the Participants will indemnify Cisco for any taxes (whether direct or indirect or otherwise) that Cisco becomes liable for as a result of the Participant being provided with Rewards pursuant to this Program. All tax and legal obligations on Participant Representatives related to the Rewards are the sole responsibility of the Participant.

(b) Participants acknowledge and agree that Cisco may be obliged under applicable local laws to report to the Participant’s local tax authorities (or analogous authority), information relating to the Participant’s participation in the Program, including without limitation, the Rewards accumulated. Liability to such taxation or social charges is the sole responsibility of the Participant, and Cisco gives no warranty and accepts no responsibility as to the taxation treatment of the Program, including without limitation, the accumulation of gifts.

  1. Copyright Provisions

(a) Copyright © 2018 Cisco Systems, Inc. All rights reserved. Cisco, Cisco Systems, and the Cisco Systems logo, are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word ‘partner’ or ‘channel partner’ does not imply a partnership relationship between Cisco and Participant and/or any other company.

(b) The design and content of the Program, the Program Website, any related materials, services and software (including but not limited to text, sound, photographs, graphics or other material contained in the Program communications, advertisements or messages, whether by Cisco or Cisco’s advertisers or channel partners) are protected by copyrights, trademarks, service marks, patents and/or other intellectual property rights and laws, and their use is permitted only as expressly authorized by Cisco or as required by law.

  1. Limitation of Liability


  1. Additional Clauses

(a) References to years and quarter are based on Cisco’s financial year and corresponding quarters.

(b) Cisco’s calculation and/or evaluation of discount/rebate/reward eligibility are final and determined in Cisco’s absolute discretion and will be based on information available to and in possession of Cisco at the relevant time.

(c) Cisco reserves the right and you agree to allow Cisco to audit all Participant claims and request supporting documentation.

(d) These Terms and Conditions contain all the terms agreed between the parties regarding its subject matter and supersedes any prior agreement, understanding or arrangement between the parties, whether oral or in writing. No representation, undertaking or promise has been given nor shall be taken to have been given or be implied from anything said or written in negotiations between the parties prior to accepting these terms. Neither party has relied on any prior representations, undertakings or promises and the parties hereby waive any right, claim or remedy which they might otherwise have had in relation to them.

(e) The submission of false, incomplete, or misleading claims in connection with the Program may constitute fraud.

(f) Nothing under this Program and the present Terms and Conditions shall be construed as setting minimum purchase requirements.

(g) With respect to Participant, the choice of law and jurisdiction provisions incorporated in the channel partner agreement shall apply to these terms and to the Program.

(h) If any provision of these terms is found to be illegal, invalid or unenforceable under any applicable law, such provision shall, insofar as it is severable from the remaining terms, be deemed omitted from these terms and shall in no way affect the legality, validity or enforceability of the remaining terms.

[1] The Cisco entity offering this Program is: for promotions in Japan, Cisco Systems G.K.; for India and South Korea, Cisco Systems International B.V.; and for all other countries in APAC, Cisco International Limited.

Program Contact:

Posted in Hidden | Comments Off on MX Marks the Spot — Singapore

Air Marshal, Reimagined

Out With the Old

Early in 2012, a startup company beginning to make waves in the networking industry introduced a new feature for their line of access points. This startup was called Meraki, and the feature launched was Air Marshal. At the time, the functionality satisfied the security requirements of a typical wireless network: automatic containment of rogue APs seen on the LAN, keyword containment of SSIDs, scheduled Air Marshal scanning, and the ability to configure additional APs as Air Marshal sensors for round-the-clock protection.

With the introduction of the MR34 in 2013, Cisco Meraki introduced the dedicated scanning radio and this took the Wi-Fi industry by storm! No longer would admins have to choose between performance or security. With the dedicated scanning radio, the MR was now capable of servicing clients while simultaneously listening to the entire RF spectrum, protecting clients from malicious rogue APs.

The constant surveillance of wireless networks continues to be important, but recent trends in cybersecurity and the growth of Internet of Things (IoT) requires added flexibility when it comes to securing wireless networks.

The Blacklist

No, James Spader won’t be lending his hand to protect your wireless network. But, much like his character on the popular TV show, Air Marshal will work to eliminate (or contain) all SSIDs found on “the list.” TV shows aside, Air Marshal traditionally made it simple to automate containment of rogue SSIDs that are seen on the LAN, or contain SSIDs that matched a keyword.

However, some environments may have a network comprised of multiple vendors, or may be a part of a collaboration workspace where numerous companies may feature their own WLANs, connecting to the same wired network infrastructure. In this instance, automatic containment of rogues seen on LAN won’t work, as the non-Meraki APs would cease to function for their clients.

But administrators no longer have to forfeit their security capabilities. With Air Marshal’s new SSID Blacklist table, rogue SSIDs won’t be automatically contained, but security rules can be configured to match on a variety of conditions allowing for an accessible network to be locked down with finely tuned security controls.

Security rules may match on four different conditions: exact matches, MAC address matches, keyword matches, and wildcard matches. The rules defined in the SSID blacklist table will match against SSIDs that are seen on LAN, as well as Other SSIDs that are “heard” by the Meraki APs but are not found on the LAN. Any matches will result in the MRs within the vicinity of the rogue or other SSID to actively contain the SSID, rendering the offending SSID useless for clients who wish to connect. Exact matches will match on the SSID seen (whether the SSID is seen on the LAN or not), while keyword rules will ignore surrounding characters and match on just the keyword specified. BSSIDs (MAC addresses used to identify a Wi-Fi network) can be matched against if specific radios (2.4 GHz or 5 GHz, for example) that are broadcasting need to be contained.

The wildcard match provides the greatest amount of flexibility. Wildcards can be used to substitute a string of characters with a single *, or a single character with a single ?. For example, an SSID Blacklist wildcard rule may match the following text: ‘*12345’. If the MR detects an SSID broadcasting ‘Guest-12345’, then that SSID will be contained. If the rule is configured to match on ‘Guest-12?45’ and the MR detects an SSID broadcasting ‘Guest-12345’ or ‘Guest-12Z45’, then that SSID will also be contained.

Merely containing the SSID isn’t enough, though. Administrators often want to be cognizant of the rogue SSIDs that are being detected and secured by their MR access points. As such, if the administrator has configured email alerts or syslog in their Meraki Dashboard, they’ll stay apprised of their security rules in action.

Good News, You’re on the (White)List

Seemingly every other day, a new company is featured in the media as being the latest victim of a cybersecurity attack. Wireless networks are often considered the edge of the network infrastructure, the first line of defense in many cases. As a result, many administrators and security teams alike want to automatically contain rogue SSIDs seen on the LAN. While this grants the highest level of security enforcement, interoperability issues may arise when factoring in how often wireless display adapters and IoT devices connect to the network.

In the modern enterprise, HDMI cables are being replaced with Wi-Fi Direct adapters to make screen sharing and video streaming simple and intuitive. In the majority of instances, these Wi-Fi Direct devices (an adapter and client device, such as a PC, printer or remote) will often communicate on their own, freshly created wireless network. Sounds easy enough… except for one slight issue. This isn’t an SSID that’s broadcast by your MR access points, and in no time at all, deauthentication frames are being sent over the air in an effort to protect your devices from the suspected intruder. While the security team is rejoicing, the network administrator is still working to find a way to whitelist these devices so that security can be maintained with just enough flexibility for day-to-day employee operations. Enter the SSID Whitelist table:

The newly familiar faces are all here when it comes to the way that SSIDs can be matched to whitelist from containment. Exact matches, keyword, MAC, and wildcard can all be used. However, unlike the SSID Blacklist table, the whitelist table will not send email alerts or syslog messages when SSIDs are matched.

Alert, but Don’t Touch

There may be instances where administrators wish to be alerted when certain SSIDs are “seen” on the LAN or “heard” in the air, without taking any specific blacklist or whitelist actions. Using the same match conditions available for the SSID Blacklist and SSID Whitelist tables, alerting security rules may also be configured. These alerts will be sent via email and syslog alerts, if configured.

In With the New

Security has been at the forefront of Meraki since the introduction of Air Marshal in 2012. With the latest enhancements made to Air Marshal, new security rules can be configured to match on a variety of conditions, enabling administrators to implement granular security policies that are flexible for the modern workplace. These new Air Marshal features encompass the rapid innovation made possible by the Meraki dashboard. The new Air Marshal enhancements are available free of charge for existing MR customers as part of a seamless Dashboard update. For the SSID whitelist and SSID alerting functionality, the MR network must be set to MR25.9 firmware or higher. Visit our documentation for more information on configuring Air Marshal.

Systems Manager: Chrome OS Management for Enterprise Users!

As a leader in both the cloud and the end-device space, Google recognizes the critical role that all endpoints play in cloud security. Endpoint management is essential to an organization’s cloud, network, and data security initiatives, but managing endpoints can be burdensome on IT teams, especially when teams are forced into multiple solutions for managing different types of endpoints (Chrome OS, iOS, macOS, Android, and Windows).  

To help customers streamline the management of all devices in a single solution, the Meraki Systems Manager team has worked closely with Google to integrate native Chrome Enterprise management tools into Systems Manager.

The Meraki team is excited to announce a suite of new management features for Chrome Enterprise users. These new Chrome Enterprise management capabilities enable quick and easy provisioning, efficient fleet management, uninterrupted workflow/adjustments, and ongoing updates.

Capabilities include:

  • Lock, disable, control devices
  • Set and manage user and device-based settings
  • Whitelist users to sign in on approved devices
  • Enable auto updates
  • Enable Kiosk mode for Chrome apps
  • Configure Wi-Fi and VPN settings
  • Enable safe browsing on any network
  • Set idle settings
  • Preload bookmarks and open tabs
  • Push custom, Chrome, and Android apps
  • Remote reboot devices
  • Read disk usage info
  • Manage policy extensions

With this integration, customers can now leverage Meraki System Manager’s intuitive interface, tags management, and differentiated settings to manage Chrome OS devices right alongside other platforms.

The screenshot below shows some of what’s available in SM’s configuration settings, including settings for Wi-Fi, VPN, App Settings, Security, Startup, Content, and User experience.


Register for our upcoming webinar to learn more about these features and cross-device updates on Systems Manager, or take a look at our Chrome OS documentation guides. For a free trial, please reach out to your Meraki rep to get started!

Please note: management features are available for Chrome Enterprise users only at launch. To learn more about Chrome OS endpoint security initiatives, please refer to Google’s Connected Workspaces site.

Wi-Fi standards on the move again!

In the past few years wireless has replaced wired as the primary mode of access. Whether it’s enterprises deploying all-wireless offices, retail stores depending on scanners for mission-critical inventory tracking, hospitals deploying Voice-over-Wi-Fi calling or schools administering exams over Wi-Fi, wireless has never been more mission-critical. With this, the need for increased security and optimized high-density scenarios has become more important. This blog post aims to educate and provide guidance to customers about the future of two emerging Wi-Fi standards: WPA3 and 802.11ax.

WPA3: At the beginning of 2018, the Wi-Fi Alliance® announced new security enhancements for Wi-Fi Protected Access. The follow-on to WPA2, WPA3 promises multiple enhancements:

  1. Device Provisioning Protocol (DPP) – An exciting development for provisioning Internet of Things (IOT) devices.
  2. Opportunistic Wireless Encryption (OWE) – Encryption for open wireless networks that prevents eavesdropping attacks
  3. Suite-B – WPA3 adopts stronger cryptographic algorithms defined by the US Government. While mainly government and banking deployments are most interested in this feature, once available, all wireless deployments will benefit from these capabilities.
  4. Simultaneous Authentication of Equals (SAE) – For customers that use insecure passwords, SAE adds another tenet of security that mitigates dictionary attacks by introducing a secure handshake.

Meraki customers are Future-Proof

WPA3 will continue to evolve over the next few months as device vendors determine which of the above capabilities to adopt. All of our 802.11ac Wave 2 Access Point customers will receive the latest WPA3 functionality via a seamless cloud update.

So what about 802.11ax?

Widely touted as the successor to 802.11ac, the emerging 802.11ax standard provides benefits in capacity for high-density scenarios via multiple improvements in the MAC and PHY layers:

  1. Enhanced Network Efficiency enables multi-user operation efficiency over-the- air:
    1. Orthogonal Frequency-Division Multiple Access (OFDMA): 802.11ac uses OFDM for encoding digital data within multiple subcarriers, each of which can be separately modulated. By multiplexing users using the wireless sub-carriers, OFDMA increases the efficiency of communication thereby offering 4x higher median throughput over Wave-2 802.11ac in high density deployments.
    2. Multi-User Multiple Input Multiple Output(MU-MIMO): 802.11n and 802.11ac introduced the benefits of MIMO with the multiple antennas for Multiple Inputs and Outputs. 802.11ax built on top of this via Multi-User MIMO whereby A single multi-spatial stream Access Point can simultaneously transmit to multiple clients with fewer spatial streams.
  2. Enhanced Link Efficiency – Primarily through the use of 1024 Quadrature Amplitude Modulation QAM (raised from 256 QAM available in 802.11ac). QAM means packing a lot more information during transmissions and therefore the improving the data throughput by phase and amplitude modulation of data to increase the amount of information transmitted simultaneously.
  3. Improved robustness in outdoor usage through the various MAC and PHY updates
  4. Improved spectrum reuse through spatial reuse

What does this mean to me as a Meraki customer?

The actual standard is expected to be ratified by IEEE in late 2019, meaning that the Wi-Fi alliance may support interoperability testing for the same within the same timeframe. Wireless client devices with 802.11ax standards are expected to be introduced in the market in late CY19 with mainstream adoption expected in Calendar Year 2020, and we will be working with device manufacturers to ensure compatibility. The current 802.11ac Wave 2 technology is capable of future-proofing customers planning to deploy wireless in high-performance or high-reliability environments, providing enough performance to satisfy mission-critical applications.

As always, we love hearing from you. Please reach out to us on our Meraki Community or via social media, and check out our latest wireless webinars to get a free AP!

Ensuring Student Safety at Reading School District

Students from kindergarten to high school spend an average of 1,000 hours a year in the classroom. School can become their second home, from having teachers they look up to as heroes, to friends who are always there for them, to faculty that works to provide the best experience for them every day. To enable this, schools across the country are striving to provide safe and secure learning environments that allow for creative thinking, knowledge sharing, and open ideas for all students and teachers.

Like most schools in the US, Reading School District takes student safety very seriously and is always looking for new ways to improve student experiences. After dealing with countless issues from their legacy security camera systems, like bad video quality, poor coverage, and countless DVR outages, the district knew they had to make a change, especially after their ability to reliably identify safety incidents started being impacted. But what security camera system could provide the safety features they were looking for, while being deployed in a timely manner?

Incoming: Meraki MV! The only cloud-based security camera solution that provides exceptional video quality with no DVRs, no complicated hardware, and no convoluted software. All of the video footage is stored on the camera, not in the cloud, and yet you can watch the video footage on any device with a web browser. Plus, with the Motion Search feature, you can find important events in minutes with just a couple of clicks, rather than searching through hours of endless video footage.

Reading School District started by deploying Meraki MV in their two admin buildings and an elementary school, and have plans to completely cover the high school over the summer. They have already begun to see the value in their new security camera system — the team can now easily find security incidents in minutes, even viewing video footage from their phones, rather than being tied to a security camera monitoring room. And, since Reading School District was already using Meraki for their network, they can now manage their security cameras from the same dashboard where they manage the rest of their network. Reading School District is confident that their camera deployment will help them provide increased safety to students and teachers by deterring events before they happen and quickly being able to find the cause of a problem when it arises.

To learn more about Reading School District’s Meraki MV deployment, watch the webinar recording. CR Hiestand, Network and Systems Administrator at Reading School District, joined us to discuss his Meraki MV deployment and walked us through a demo of his Meraki dashboard!