Whether you’re working from home, or the office, the use of Wi-Fi continues to expand. Internet traffic is rising, with 50% increases seen in global regions, cities, as well as 228% growth of VoIP and video use, with much of that traffic going over Wi-Fi. Our connected world and economy is clearly relying heavily on Wi-Fi technology. Prior to the coronavirus pandemic, Wi-Fi was already becoming bogged-down with the increase of mobile devices, IoT, new applications like 4K video and VR/AR. Wi-Fi 6 was released to help satisfy the needs of the hungry Wi-Fi ecosystem, but the growth of wireless always continues to outpace whatever is capacity gains are invented.
Source: Cisco Annual Internet Report, 2018–2023
Thank you to the FCC
Today, on April 23rd, the FCC Commission voted to approve 1,200MHz of additional spectrum to Wi-Fi. The information superhighway is getting supercharged with a whole host of additional high-speed lanes. As Ajit Pai, Chairman of the FCC, mentions:
“[The 6GHz band] would effectively increase the amount of spectrum available for Wi-Fi almost by a factor of five”
With these new approvals, Cisco Meraki is excited to help build the internet of the future. In fact, when I was interviewing for the role that I currently hold, our SVP & GM Todd Nightingale asked me what got me excited about Wi-Fi. I told him: ‘6 Ghz’. This was back in Nov 2018 and Ajit Pai had just announced his commitment to 6GHz. Fast forward and here we are, it is real!
Wi-Fi 6’s growth into the 6 GHz spectrum is a game-changer for two reasons – the availability of the additional channels and the ability to finally use 160Mhz for high bandwidth applications like AR and VR. 6GHz provides enormous opportunities to build new applications and experiences for both consumers and businesses.
In addition to new applications, newly available channels will translate to less RF issues and simplicity of maintenance. At Meraki, we look forward to supporting networks as they see significant increases in IoT, wearables, industrial sensors, 4K/8K video, critical telehealth, and remote learning in the coming years.
For more information about our Wi-Fi CERTIFIED 6™ access points, read more here.
In adopting digital transformation, businesses increasingly rely on connecting cloud-specific services. The ongoing pandemic has necessitated, and in many cases, speed this adoption. By leveraging technology, businesses are likely to continue looking for ways to improve efficiency, and reduce costs, as they navigate these difficult times.
Cisco Meraki Cellular Gateway (MG) is built to address the growing demand for operational reliability and business continuity across industries. MG allows for better performance, quick provisioning, high availability, and redundancy in providing cellular wireless WAN connectivity to geographically dispersed networks.
As businesses are starting to take advantage of the advancements in cellular technology, we’re empowering them to be scalable. The shift towards the distributed application model, workforces, and software-defined technologies is leading to the increased need for API access to the network. The good news is that MG can be configured and managed using the Meraki Dashboard API!
What can the Meraki API do for your cellular WAN connectivity?
Through automation and integrations, the Meraki Dashboard API for MG enables scale, growth, and future-proofing.
IT teams can add new organizations, administrators, cellular networks, and MG devices across thousands of locations in minutes with an automation script. By automating network provisioning and bulk configurations, IT teams can minimize manual and routine tasks, freeing up time to work on more important things such as optimizing for better performance or developing modern apps. The Meraki Dashboard API also offers flexibility in cloning sites or developing templates to help you get MGs deployed easily.
Much of configuration-related set up such as DHCP, LAN, port forwarding rules, subnet pool, and uplink settings, entails repetitive tasks and is prone to human error. Network administrators spend a lot of time on these repetitive configuration and monitoring tasks that can be automated and made error-free using APIs. With MG, customers can do so via APIs to avoid manual error and service downtime—significantly reducing the management workload.
With the Meraki Dashboard API, one of our retail customers was able to rapidly automate deployment and provisioning at more than 2000 distributed locations nationwide. The resulting streamlined operations reduced overhead and costs for them.
Integration and future-proofing
The potential of the Meraki Dashboard API goes beyond faster, seamless, and cost-effective automation. Meraki API services are easy to use, easy to train staff to program with, and ripe for technology partners to continue to build native integrations on top of. For growing businesses, using these API services can significantly increase speed-to-market.
The Cisco Meraki Dashboard API is a RESTful API that uses HTTPS requests to a URL and JSON as a human-readable format. So, what does this mean for our customers? This higher software programmability using structured network data makes it easier to integrate with business logic systems. When building APIs, they can choose from a larger pool of skilled resources. Businesses can build their dashboard for store managers or specific use cases, allowing them to quickly add new services.
Lack of end-to-end visibility is problematic when troubleshooting network issues such as high latency and jitter. By monitoring the cellular connectivity and signal strength of MG devices through APIs, IT teams can save hours of troubleshooting. Meraki APIs make our platform extensible and allow you to be agile in responding to quickly changing business needs. Meraki offers a comprehensive platform that complements out-of-the-box management and analytics for Wireless WAN deployments with the integrations and solutions powered by Meraki APIs.
Wi-Fi 6 is designed to support a modern world of hyper-connectivity. While exciting, this digital world will also see more challenges such as high client density, IoT everywhere, and more high-bandwidth requirements. This leads to increasing demands on the network, and organizations relying on connectivity more than ever before. One of the most important challenges a network faces is maintaining the relationship between the clients and the wireless network.
Many will agree that a great relationship is built on a strong foundation. For the wireless network, this foundation might be careful capacity planning and a proper site survey. But, even with a strong foundation, relationships between wireless clients and the network can hit rough patches. Without knowing the root-cause of the problem, it can be hard to improve that relationship.
Many wireless network engineers today spend at least a day every week troubleshooting Wi-Fi. This can be due to lack of visibility, increased network complexity, and human error. Time spent troubleshooting is a missed opportunity, as those countless hours could have been spent transitioning IT to meet modern organizational needs.
Visibility beyond wireless
This week, we are adding new capabilities and visibility to the Meraki dashboard to help simplify troubleshooting. Users can now pinpoint issues more quickly, and ensure excellent connectivity for clients. These updates are designed to not only provide insights about the health of Wi-Fi clients, but also to provide end-to-end visibility. Enhanced visibility will now allow for immediate identification of whether wireless is problematic, or if, for example, an upstream device is misconfigured.
Cisco research reveals that 63% of users blame the wireless network for problems, while the issue could be elsewhere. Now, network admins can gain insight and focus precious time on the actual root cause.
Once problematic clients or access points are identified, new snapshots are available to help quickly remedy the root cause. Users can now view wireless health metrics as they navigate through their dashboard. From an individual client’s page, a user can immediately assess the health of that specific client.
Below is an example of how to troubleshoot a troublesome wireless client with Meraki:
The end-to-end visibility snapshot, health snapshots for individual access points and clients, as well as updated event logs are all available today for Meraki Wireless users. These new metrics and capabilities, along with the centralized Wireless Health engine make the process of optimizing connectivity simple.
Organizations across industries are eager to build their Wireless WAN infrastructure on the Meraki platform and some of them already have a head start with our new product line – MG Cellular Gateway. MG provides a solution for optimal cellular signal strength. It gives our customers the flexibility of pairing MG with any Meraki or Cisco ISR/vEdge router or 3rd party router to provide another uplink for SD-WAN, or as a failover or primary link.
MG was only launched a couple of months ago and we’re already releasing new features. There is no better way to see these features in action than to try it out for yourself.
Quick network diagnosis
We’re always seeking to provide capabilities that truly add value to our customer’s business. For cellular troubleshooting, customers have frequently told us how challenging it can get without any visibility into the signal characteristics at their site. This lack of control leads to them taking a hit on business functions that rely on cellular signals.
MG users can now take advantage of this data within the Meraki platform to quickly diagnose what’s affecting cellular connectivity, or what led to performance degradation, through historical stats— signal strength, latency, and loss—that are visual and easy to interpret. By knowing how cellular connectivity is at certain sites at any given time, it’s simple to get to the root cause of network issues. Easy monitoring of live data along with the signal level, signal quality, and connectivity data could potentially save hours of troubleshooting.
It gets even better with an API-driven architecture. MG can be managed completely through APIs, giving customers the flexibility of custom reporting and integrations that they need. Stay tuned for more updates!
How to access
From your Meraki dashboard, go to Monitor->Cellular gateways; select the MG for which you’d like to get the health data, and then go to Uplink from the menu bar. Scroll below to view the historical and connectivity data as far as 30 days in the past.
Typically, when we write these MV-related blog posts, we love to highlight the challenges that a particular feature will help you overcome, or the frustration that a new solution will help ease. Other times, we want to be a little bit more flashy. This is one of those times.
With the recent launch of Cisco Meraki’s second generation of MV cameras, customers can now take advantage of three zooming features on both their indoor and outdoor cameras: optical zoom (available on MV22 and MV72 only), sensor crop, and digital zoom. While each is powerful in isolation, when combined, these three features allow you to achieve truly dramatic levels of magnification on your video feed while maintaining extremely high video quality.
Just how dramatic is the zoom? Let’s take a look below.
What you can accomplish today with MV
The following images show the progression of an image when each zoom option is applied. The first photo shows the video feed from an MV72 outdoor camera with no zoom applied. You can see something is on the table in the far corner of the patio, but not much else.
Screenshot from MV72 video feed with no zooming applied
The next image shows a maxed out optical zoom, focused on the table area. We can start to see something take shape, and that shape looks suspiciously like a gnome.
Screenshot from MV72 with optical zoom applied
In the next image, we use sensor crop to focus in on an even smaller area. Sensor crop, like optical zoom, is lossless zoom, meaning there is no loss of detail or stretching of pixels. Things are starting to look a little clearer, and we can definitely tell this is one of those mischievous Meraki gnomes.
Screenshot from MV72 with optical zoom and sensor crop
For an extra bit of fun, let’s see what happens when we use digital zoom. Maybe we’ll be able to identify which Meraki gnome it is. Can you guess?
In-dashboard digital zoom of the MV Gnome
With digital zoom, now you can see that this gnome is sitting on what looks like a security camera. It’s the MV gnome! (Did you expect any different?)
Digital zoom can be used on live and historical footage. Keep in mind, though, that that sensor crop and optical zoom only apply to footage that was recorded after you applied the settings to the camera. You cannot apply sensor crop and optical zoom on historical footage. So, the dramatic level of zoom illustrated above is only possible if optical zoom and sensor crop were already applied before using digital zoom.
If configured properly, your MV cameras can truly can give you (gnome) portraits from pixels.
Early in 2012, a startup company beginning to make waves in the networking industry introduced a new feature for their line of access points. This startup was called Meraki, and the feature launched was Air Marshal. At the time, the functionality satisfied the security requirements of a typical wireless network: automatic containment of rogue APs seen on the LAN, keyword containment of SSIDs, scheduled Air Marshal scanning, and the ability to configure additional APs as Air Marshal sensors for round-the-clock protection.
With the introduction of the MR34 in 2013, Cisco Meraki introduced the dedicated scanning radio and this took the Wi-Fi industry by storm! No longer would admins have to choose between performance or security. With the dedicated scanning radio, the MR was now capable of servicing clients while simultaneously listening to the entire RF spectrum, protecting clients from malicious rogue APs.
The constant surveillance of wireless networks continues to be important, but recent trends in cybersecurity and the growth of Internet of Things (IoT) requires added flexibility when it comes to securing wireless networks.
No, James Spader won’t be lending his hand to protect your wireless network. But, much like his character on the popular TV show, Air Marshal will work to eliminate (or contain) all SSIDs found on “the list.” TV shows aside, Air Marshal traditionally made it simple to automate containment of rogue SSIDs that are seen on the LAN, or contain SSIDs that matched a keyword.
However, some environments may have a network comprised of multiple vendors, or may be a part of a collaboration workspace where numerous companies may feature their own WLANs, connecting to the same wired network infrastructure. In this instance, automatic containment of rogues seen on LAN won’t work, as the non-Meraki APs would cease to function for their clients.
But administrators no longer have to forfeit their security capabilities. With Air Marshal’s new SSID Blacklist table, rogue SSIDs won’t be automatically contained, but security rules can be configured to match on a variety of conditions allowing for an accessible network to be locked down with finely tuned security controls.
Security rules may match on four different conditions: exact matches, MAC address matches, keyword matches, and wildcard matches. The rules defined in the SSID blacklist table will match against SSIDs that are seen on LAN, as well as Other SSIDs that are “heard” by the Meraki APs but are not found on the LAN. Any matches will result in the MRs within the vicinity of the rogue or other SSID to actively contain the SSID, rendering the offending SSID useless for clients who wish to connect. Exact matches will match on the SSID seen (whether the SSID is seen on the LAN or not), while keyword rules will ignore surrounding characters and match on just the keyword specified. BSSIDs (MAC addresses used to identify a Wi-Fi network) can be matched against if specific radios (2.4 GHz or 5 GHz, for example) that are broadcasting need to be contained.
The wildcard match provides the greatest amount of flexibility. Wildcards can be used to substitute a string of characters with a single *, or a single character with a single ?. For example, an SSID Blacklist wildcard rule may match the following text: ‘*12345’. If the MR detects an SSID broadcasting ‘Guest-12345’, then that SSID will be contained. If the rule is configured to match on ‘Guest-12?45’ and the MR detects an SSID broadcasting ‘Guest-12345’ or ‘Guest-12Z45’, then that SSID will also be contained.
Merely containing the SSID isn’t enough, though. Administrators often want to be cognizant of the rogue SSIDs that are being detected and secured by their MR access points. As such, if the administrator has configured email alerts or syslog in their Meraki Dashboard, they’ll stay apprised of their security rules in action.
Good News, You’re on the (White)List
Seemingly every other day, a new company is featured in the media as being the latest victim of a cybersecurity attack. Wireless networks are often considered the edge of the network infrastructure, the first line of defense in many cases. As a result, many administrators and security teams alike want to automatically contain rogue SSIDs seen on the LAN. While this grants the highest level of security enforcement, interoperability issues may arise when factoring in how often wireless display adapters and IoT devices connect to the network.
In the modern enterprise, HDMI cables are being replaced with Wi-Fi Direct adapters to make screen sharing and video streaming simple and intuitive. In the majority of instances, these Wi-Fi Direct devices (an adapter and client device, such as a PC, printer or remote) will often communicate on their own, freshly created wireless network. Sounds easy enough… except for one slight issue. This isn’t an SSID that’s broadcast by your MR access points, and in no time at all, deauthentication frames are being sent over the air in an effort to protect your devices from the suspected intruder. While the security team is rejoicing, the network administrator is still working to find a way to whitelist these devices so that security can be maintained with just enough flexibility for day-to-day employee operations. Enter the SSID Whitelist table:
The newly familiar faces are all here when it comes to the way that SSIDs can be matched to whitelist from containment. Exact matches, keyword, MAC, and wildcard can all be used. However, unlike the SSID Blacklist table, the whitelist table will not send email alerts or syslog messages when SSIDs are matched.
Alert, but Don’t Touch
There may be instances where administrators wish to be alerted when certain SSIDs are “seen” on the LAN or “heard” in the air, without taking any specific blacklist or whitelist actions. Using the same match conditions available for the SSID Blacklist and SSID Whitelist tables, alerting security rules may also be configured. These alerts will be sent via email and syslog alerts, if configured.
In With the New
Security has been at the forefront of Meraki since the introduction of Air Marshal in 2012. With the latest enhancements made to Air Marshal, new security rules can be configured to match on a variety of conditions, enabling administrators to implement granular security policies that are flexible for the modern workplace. These new Air Marshal features encompass the rapid innovation made possible by the Meraki dashboard. The new Air Marshal enhancements are available free of charge for existing MR customers as part of a seamless Dashboard update. For the SSID whitelist and SSID alerting functionality, the MR network must be set to MR25.9 firmware or higher. Visit our documentation for more information on configuring Air Marshal.
Chris Gasaway, Director of Technology at Rockwall ISD, joined us on January 29th to share his experiences creating a secure network to support the growing trend of BYOD with students and faculty/staff. Rockwall ISD is an expanding school district just outside of Dallas, Texas with 2 high schools, 3 middle schools, and 12 elementary schools.
The district is comprised of families who are extremely mobile device friendly and expect the best in technology for their children. While the district has over 6,000 computers and over 4,000 iPads available for use in the schools, Chris wanted an environment where students could bring their own personal devices and connect to the school’s network.
Taking advantage of the numerous SSIDs, Chris created custom experiences depending on user type, shaping traffic and setting firewall rules as needed. In a few short mouse clicks, not only was the network secure and CIPA-compliant, but he can also make changes as needed based on new requirements or challenges. Chris now has deep, granular visibility into the devices, users, and applications on his network, with the ability to troubleshoot on the fly.
Check out the video from the webinar – see how Chris created a BYOD revolution at Rockwall ISD, encouraging the explosion of personal devices within the school system, while still maintaining control and network security.
We’re excited to announce that Cisco has announced its intent to acquire Meraki. After close, we’ll become Cisco’s new Cloud Networking Group. Our HQ will stay here in San Francisco, and the Meraki team will continue to focus on customer experience.
Apple announced during its recent unveiling of the iPad mini that almost every single Fortune 500 company had deployed the iPad in a business application or is testing iPads at the moment — that is nothing short of amazing for a device that was launched less than three years ago!
Apple’s much anticipated iOS 6 release packs a number of API enhancements for mobile device management to support the growing number of businesses that are deploying iPads, iPhones, and iPods for various applications.
We’ve integrated many of the new MDM features in iOS 6 into Systems Manager, our free solution for mobile device management. Systems Manager users have access to these new features without having to install any new software or make any changes — it’s all right there in the Systems Manager dashboard!
Our new iOS 6 MDM features include:
Single App mode under Guided Access
Ability to disable iMessage
Passbook, Game Center, iBookstore, and shared Photo Stream blocking
Single App mode, also referred to as “kiosk” mode, locks the iOS device to a single app and disables the home button. A few scenarios include:
Retailers: Enhance the customer experience by creating a mobile point of sale (mPOS) terminal, without worrying about the iPad being used for any other purposes.
Hospitality: Enter the digital concierge! Hotels are setting up iPads in their lobbies and guest rooms, allowing guests to check in and out, order room service, and have various services literally at their fingertips. All that’s needed is an iPad — or iPad mini — set up in kiosk mode.
Education: Schools are already using iPads for various learning initiatives, and they can now be locked to a single app so students aren’t distracted.
With iOS 6, disabling iMessage is a welcome addition to the security and compliance groups in highly regulated industries that need to concern themselves with archiving all communication and information exchanges for e-discovery.
Note that for some of these features, Apple requires the device to be placed in supervised mode by Apple Configurator — but not to worry, Meraki Systems Manager also integrates with Apple Configurator, allowing supervised devices to be managed via the Meraki dashboard.
If you haven’t given Meraki’s Systems Manager a try yet, go ahead and give it a try – lots of awesomeness awaits you!
At Meraki, we love getting our gear into people’s hands. We think we make a pretty awesome product and once people get a taste of how easy to use Meraki is, they become our biggest fans.
Our latest greatest idea is to get our gear into the offices of the hottest, most promising startups through our Meraki Startup Kit – a complete standalone set of networking hardware: two of our highest performance wireless access points, a high-throughput security appliance, and a 24 port switch with Power-over-Ethernet. With a value of over $15,000 – we have a limited number of Meraki Startup Kits, but they are entirely free and include 5 year licenses for qualifying startups.
The Meraki Startup Kit is intended to give small companies a helping hand with their network infrastructure and a way for us to share our success with the next generation of disruptive startups.
As part of our beta release, two startups have already received their Meraki Startup Kits and are enjoying the ease of use with Meraki’s dashboard management.
San Francisco-based Copious – “a social marketplace to buy and sell the things you love” – was the first company to receive a Meraki Startup Kit. With 17 employees and a recent round of Series A funding, Copious was outgrowing its existing networking setup, so getting the opportunity to implement a Meraki network for free was perfectly timed.
For vline, a cloud video conferencing platform for developers, the Meraki Startup Kit will provide a solid office network foundation as the company develops its tools and platform for a wider public release. Ben Strong, vline’s CEO, commented that “Meraki access points are great for video conferencing. Much better than all the other ones we’ve tried.” As vline grows into its Palo Alto office, the Meraki network is an ideal networking solution to support the team.
Today we’re excited to open up the applications to the greater startup community. Meraki hardware is high quality, easy to set up, and low maintenance – the perfect infrastructure for startups relying on rock-solid Internet connections to develop, converse, and deploy in the cloud.
To see if your company would be a good fit for our program, take a look at the requirements and fill out the application here: www.meraki.com/startupkit.