Archive for the ‘The Official Meraki Blog’ Category

Peeling the VPN Onion

A virtual private network, or VPN, is a connection established between two peers such that each can behave as if they are on the same subnet. VPN is very commonly used to connect remote workers to a corporate network so they can access email, files, and network resources when away from headquarters where these resources typically reside.

Teleworker VPN

Figure 1: Teleworker VPN extends the corporate network to the branch or home office

Road warriors rely heavily on VPN and depend on its security and reliability. Luckily for them, they don’t have to deal with the complexity of configuring and managing VPN. Unfortunately, VPN deployment is no easy task for any IT administrator. Until now, that is. Meraki’s new Teleworker VPN makes configuration and deployment painless, and it even eliminates some previously required hardware components entirely.

1-2-3

This is how easy it is to get VPN up and running:
1) Download the VPN virtual concentrator from the dashboard and install it in a VMware virtual machine

Figure 2: download VM image for VPN concentrator

2) Click “Enable VPN” on the Network-wide settings page

Figure 3: tunnel AP traffic back to VPN concentrator with one click

3) That’s it! Any access point on this network will now have a VPN connection back to the corporate network, and it will be completely transparent to the user.

There is no client-side software to install, no VPN concentrator box to manage at headquarters, no messy provisioning on each client machine. The remote worker connects to the Meraki access point and sees all the network resources that are available when physically located at headquarters.

Meraki’s cloud-based architecture makes this all possible. Access points automatically traverse NAT and firewall settings using a technique called hole punching. This allows the APs to find and connect to the cloud controller for configuration and establish the secure link to the corporate network for VPN traffic. There is no AP provisioning needed from the IT administrator, and the APs receive and install the correct configuration for their network automatically.

Some background: IPsec

Let’s take a look at just a bit of what happens behind the scenes when using a VPN link via IPsec.

IPsec is a group of protocols that provides mutual authentication and encryption between trusted peers so that an end-to-end connection can be secured. It operates at the IP layer, meaning any application that uses IP can be protected by IPsec, and applications do not have to be redesigned or adapted to be secured.

VPN has many, many options and controls. Some of them handle authentication and identity functions, while others handle encryption and securing of data. Instead of exhaustively going over each, it’s best to first gain an understanding of a commonly implemented form of VPN. A simple way to understand what happens in VPN via IPsec is to look at the packets in encapsulating security payload (ESP), a common type of encryption and authentication. Tunnel mode of ESP is used when connecting a remote user to a network or when connecting two routers that link sites.

Peeling the onion: packets within packets

Consider first a normal, unsecured IP packet. The major structural parts of the packet are the header and the payload. The header has many components, but for this discussion, the most interesting one is the protocol field. This field describes the protocol of the information contained in the payload. Very often the payload contains a TCP datagram, so the IP header will indicate protocol 6, for TCP.

The IP payload then contains the TCP datagram: a TCP header and TCP payload. This is the same TCP/IP packet type that is so widely used over the Internet today.

Figure 4: original, unprotected packet

This method provides no security for the communicating parties. An eavesdropper could view packets on the wire and listen to the conversation between a source and destination. Clearly, this is not suitable for private communications where sensitive data needs to be exchanged. That’s where VPN comes in.

In a configuration providing a VPN over IPsec using ESP, IPsec takes an IP packet, secures it completely (including IP header and payload), and wraps it in a new payload format, called encapsulated security payload. It attaches a new IP header and modifies it to point to a payload (ESP), instead of the original unprotected IP protocol payload. The original IP packet, including header and payload, become the new payload data contents of the encapsulated security payload. ESP also includes a trailer, after the payload, that includes some padding and points to the payload type (in this case, TCP). Authentication is optional with ESP, but highly recommended. When using authentication, a few more bits of information are added to the ESP trailer.

Figure 5: IPsec encrypts and protects the original packet

That summarizes the packet structure when using IPsec with ESP. But one might wonder how, exactly, is the information actually protected? The data of interest, now part of the encapsulated security payload, is still inside the packet. How is it protected from prying eyes? To find out, we need to peel another layer of the VPN onion.

Security associations

Using encryption and authentication requires that each peer verify the identity of the other and have some way to de-encrypt the desired data. This means they must have knowledge of secret keys, algorithms used, and protocols used (for example, AH or ESP). Security associations are simply parameters that describe the algorithms, secrets, and keys used in a one-way connection. Naturally, most connections are two-way, so a pair of security associations is required in the case of IPsec with ESP. These parameters are stored in the security associations database (SADB). The SADB keeps track of a large number of parameters, including the ESP encryption secret key, the ESP encryption algorithm, and the ESP authentication enabled flag.

If data is protected using encryption and authentication, and if encryption/decryption is performed using secrets, it follows that knowledge of the secrets is a very critical requirement for ESP to function properly. The transfer of knowledge of the secrets must be done in a secure way so that unwanted parties do not learn it. There are several ways to do this, ranging from manual installation to key management protocols. Key management protocols allow for the secure exchange of keys (and other security association parameters) without the need for manual installation, making them suitable for large-scale deployment and configuration.

Choose your encryption algorithm

ESP itself does not specify the algorithm to use for encryption, but instead lists several from which to choose. A very commonly used algorithm is AES-CBC: advanced encryption standard with cipher block chaining (mode). AES was selected by the USA’s National Institute of Standards and Technology (NIST) as the government’s dedicated encryption cipher, with the expectation that it protects unclassified, sensitive information at least until the next century. AES is commonly used with 128-bit or 256-bit key sizes, making attacks extremely processing intensive and thus completely impractical. Another common algorithm is TripleDES, or 3DES, which is based on the data encryption standard (DES). DES was found to have weak keys, but TripleDES gets around this by processing each data bit block three times in a chained fashion.

Identity

Even if information is encrypted, it’s still necessary for each peer to establish and verify the identity of the other party. When using ESP with authentication, as is recommended, a commonly used authentication algorithm is HMAC-SHA1-96: hashed message authentication code with secure hash algorithm 1, using a 96 bit-long authenticator, and operating on 64-byte sized blocks of data. It ensures the packet authenticity and that it cannot be altered while in transit.

Peeling even more layers

There are many more details that are involved in making a VPN connection work properly and securely, but they are out of scope for this article. The key exchange methods and protocols, for example, can provide protection from attacks and can even protect future keys from being stolen by unauthorized parties holding a current key. Another topic ripe for illustration is how peers initiate communication in the first place – the discovery process.

This article discusses one type of VPN, remote access. Site-to-site VPN is another type of connection and is used to connect two fixed locations between gateway points, replacing leased-line WAN connections. Meraki’s MX router has integrated site-to-site VPN capability and is as easy to turn on as the Teleworker VPN shown here. More information is on our website at http://meraki.com/products_services/vpn/.

Introducing 3 new products

Amidst all the excitement around the release of our  MX series cloud managed  routers, we’ve been hard at work building new wireless technologies. Today, we are very excited to announce three new additions to our wireless product portfolio that provide greater capacity, increased security and broader reach for enterprise wireless LANs:

  • The Meraki MR24 ultra-high performance wireless access point, the first enterprise class AP to feature 3-stream,
    3×3 MIMO technology.
  • Meraki NAC, the  industry’s first network access control solution built in to a wireless LAN
  • Meraki Teleworker VPN, which provides secure remote access to the corporate network for wired and wireless clients like VoIP phones and iPads

Meraki MR24

The Meraki MR24 is the first enterprise class AP to feature 3-stream, 3×3 MIMO. This technology allows both of the MR24’s radios to use 3 data streams at once, for a total of 6 streams.

Independent testing of the MR24 by engineers at the Tolly Group saw speeds of over 240 Mbit/s – almost 2.5x the maximum speed of Fast Ethernet! Even at a range of 150 feet, testers recorded nearly 200 Mbit/s throughput.

We’re extremely excited to add this ultra-high performance access point to our wireless LAN family. We hope that it will be a valuable tool to our customers as they meet growing wireless capacity requirements.

The MR24 is available for immediate order at a list price of $1199.

Meraki NAC

Meraki NAC prevents clients without antivirus protection from accessing your network, reducing the threat of viruses and worms in increasingly open enterprise environments. Like our Traffic Shaper, Meraki NAC is a solution that previously would require the integration of a 3rd party NAC – with hardware, client software, VLAN configuration, AD integration etc.

Our NAC is the first NAC solution to be built directly into a wireless LAN. Configuration is done with just two clicks. Meraki NAC adds additional protection on top of existing features like our stateful policy firewall and guest isolation. Meraki NAC is included with our Enterprise Cloud Controller license, and will be rolled out to existing customers at no cost starting today. Enjoy!

Meraki Teleworker VPN

Meraki Teleworker VPN allows users to securely access their corporate network, including file servers, VoIP phone systems, and internal applications, from any Internet-connected Meraki AP. This AP establishes a secure tunnel back to headquarters – using our Cloud Controller to handle complexities like NAT traversal, key negotiation, etc. Teleworker VPN lets you extend the full office experience to remote workers: plug in a VoIP phone and get a dial tone or wirelessly access your private cloud from an iPad. Our teleworker solution enforces security policies like 802.1x, traffic shaping, and our new NAC, right at the edge, so your corporate network is well protected. Teleworker VPN is available on all Meraki enterprise APs at no additional charge (no VPN license!). Rollout to existing customers begins today. Learn more about our VPN solution, including both our new Teleworker VPN and site to site VPN with our MX routers.

We’re very excited about all of these new products. We’ll be following up with detailed posts about each of them in the coming weeks. In the mean time if you have any feedback let us know!

Introducing 3 new products

Amidst all the excitement around the release of our  MX series cloud managed  routers, we’ve been hard at work building new wireless technologies. Today, we are very excited to announce three new additions to our wireless product portfolio that provide greater capacity, increased security and broader reach for enterprise wireless LANs:

  • The Meraki MR24 ultra-high performance wireless access point, the first enterprise class AP to feature 3-stream,
    3×3 MIMO technology.
  • Meraki NAC, the  industry’s first network access control solution built in to a wireless LAN
  • Meraki Teleworker VPN, which provides secure remote access to the corporate network for wired and wireless clients like VoIP phones and iPads

Meraki MR24

The Meraki MR24 is the first enterprise class AP to feature 3-stream, 3×3 MIMO. This technology allows both of the MR24’s radios to use 3 data streams at once, for a total of 6 streams.

Independent testing of the MR24 by engineers at the Tolly Group saw speeds of over 240 Mbit/s – almost 2.5x the maximum speed of Fast Ethernet! Even at a range of 150 feet, testers recorded nearly 200 Mbit/s throughput.

We’re extremely excited to add this ultra-high performance access point to our wireless LAN family. We hope that it will be a valuable tool to our customers as they meet growing wireless capacity requirements.

The MR24 is available for immediate order at a list price of $1199.

Meraki NAC

Meraki NAC prevents clients without antivirus protection from accessing your network, reducing the threat of viruses and worms in increasingly open enterprise environments. Like our Traffic Shaper, Meraki NAC is a solution that previously would require the integration of a 3rd party NAC – with hardware, client software, VLAN configuration, AD integration etc.

Our NAC is the first NAC solution to be built directly into a wireless LAN. Configuration is done with just two clicks. Meraki NAC adds additional protection on top of existing features like our stateful policy firewall and guest isolation. Meraki NAC is included with our Enterprise Cloud Controller license, and will be rolled out to existing customers at no cost starting today. Enjoy!

Meraki Teleworker VPN

Meraki Teleworker VPN allows users to securely access their corporate network, including file servers, VoIP phone systems, and internal applications, from any Internet-connected Meraki AP. This AP establishes a secure tunnel back to headquarters – using our Cloud Controller to handle complexities like NAT traversal, key negotiation, etc. Teleworker VPN lets you extend the full office experience to remote workers: plug in a VoIP phone and get a dial tone or wirelessly access your private cloud from an iPad. Our teleworker solution enforces security policies like 802.1x, traffic shaping, and our new NAC, right at the edge, so your corporate network is well protected. Teleworker VPN is available on all Meraki enterprise APs at no additional charge (no VPN license!). Rollout to existing customers begins today. Learn more about our VPN solution, including both our new Teleworker VPN and site to site VPN with our MX routers.

We’re very excited about all of these new products. We’ll be following up with detailed posts about each of them in the coming weeks. In the mean time if you have any feedback let us know!

Introducing 3 new products

Amidst all the excitement around the release of our  MX series cloud managed  routers, we’ve been hard at work building new wireless technologies. Today, we are very excited to announce three new additions to our wireless product portfolio that provide greater capacity, increased security and broader reach for enterprise wireless LANs:

  • The Meraki MR24 ultra-high performance wireless access point, the first enterprise class AP to feature 3-stream,
    3×3 MIMO technology.
  • Meraki NAC, the  industry’s first network access control solution built in to a wireless LAN
  • Meraki Teleworker VPN, which provides secure remote access to the corporate network for wired and wireless clients like VoIP phones and iPads

Meraki MR24

The Meraki MR24 is the first enterprise class AP to feature 3-stream, 3×3 MIMO. This technology allows both of the MR24’s radios to use 3 data streams at once, for a total of 6 streams.

Independent testing of the MR24 by engineers at the Tolly Group saw speeds of over 240 Mbit/s – almost 2.5x the maximum speed of Fast Ethernet! Even at a range of 150 feet, testers recorded nearly 200 Mbit/s throughput.

We’re extremely excited to add this ultra-high performance access point to our wireless LAN family. We hope that it will be a valuable tool to our customers as they meet growing wireless capacity requirements.

The MR24 is available for immediate order at a list price of $1199.

Meraki NAC

Meraki NAC prevents clients without antivirus protection from accessing your network, reducing the threat of viruses and worms in increasingly open enterprise environments. Like our Traffic Shaper, Meraki NAC is a solution that previously would require the integration of a 3rd party NAC – with hardware, client software, VLAN configuration, AD integration etc.

Our NAC is the first NAC solution to be built directly into a wireless LAN. Configuration is done with just two clicks. Meraki NAC adds additional protection on top of existing features like our stateful policy firewall and guest isolation. Meraki NAC is included with our Enterprise Cloud Controller license, and will be rolled out to existing customers at no cost starting today. Enjoy!

Meraki Teleworker VPN

Meraki Teleworker VPN allows users to securely access their corporate network, including file servers, VoIP phone systems, and internal applications, from any Internet-connected Meraki AP. This AP establishes a secure tunnel back to headquarters – using our Cloud Controller to handle complexities like NAT traversal, key negotiation, etc. Teleworker VPN lets you extend the full office experience to remote workers: plug in a VoIP phone and get a dial tone or wirelessly access your private cloud from an iPad. Our teleworker solution enforces security policies like 802.1x, traffic shaping, and our new NAC, right at the edge, so your corporate network is well protected. Teleworker VPN is available on all Meraki enterprise APs at no additional charge (no VPN license!). Rollout to existing customers begins today. Learn more about our VPN solution, including both our new Teleworker VPN and site to site VPN with our MX routers.

We’re very excited about all of these new products. We’ll be following up with detailed posts about each of them in the coming weeks. In the mean time if you have any feedback let us know!

Introducing 3 new products

Amidst all the excitement around the release of our  MX series cloud managed  routers, we’ve been hard at work building new wireless technologies. Today, we are very excited to announce three new additions to our wireless product portfolio that provide greater capacity, increased security and broader reach for enterprise wireless LANs:

  • The Meraki MR24 ultra-high performance wireless access point, the first enterprise class AP to feature 3-stream,
    3×3 MIMO technology.
  • Meraki NAC, the  industry’s first network access control solution built in to a wireless LAN
  • Meraki Teleworker VPN, which provides secure remote access to the corporate network for wired and wireless clients like VoIP phones and iPads

Meraki MR24

The Meraki MR24 is the first enterprise class AP to feature 3-stream, 3×3 MIMO. This technology allows both of the MR24’s radios to use 3 data streams at once, for a total of 6 streams.

Independent testing of the MR24 by engineers at the Tolly Group saw speeds of over 240 Mbit/s – almost 2.5x the maximum speed of Fast Ethernet! Even at a range of 150 feet, testers recorded nearly 200 Mbit/s throughput.

We’re extremely excited to add this ultra-high performance access point to our wireless LAN family. We hope that it will be a valuable tool to our customers as they meet growing wireless capacity requirements.

The MR24 is available for immediate order at a list price of $1199.

Meraki NAC

Meraki NAC prevents clients without antivirus protection from accessing your network, reducing the threat of viruses and worms in increasingly open enterprise environments. Like our Traffic Shaper, Meraki NAC is a solution that previously would require the integration of a 3rd party NAC – with hardware, client software, VLAN configuration, AD integration etc.

Our NAC is the first NAC solution to be built directly into a wireless LAN. Configuration is done with just two clicks. Meraki NAC adds additional protection on top of existing features like our stateful policy firewall and guest isolation. Meraki NAC is included with our Enterprise Cloud Controller license, and will be rolled out to existing customers at no cost starting today. Enjoy!

Meraki Teleworker VPN

Meraki Teleworker VPN allows users to securely access their corporate network, including file servers, VoIP phone systems, and internal applications, from any Internet-connected Meraki AP. This AP establishes a secure tunnel back to headquarters – using our Cloud Controller to handle complexities like NAT traversal, key negotiation, etc. Teleworker VPN lets you extend the full office experience to remote workers: plug in a VoIP phone and get a dial tone or wirelessly access your private cloud from an iPad. Our teleworker solution enforces security policies like 802.1x, traffic shaping, and our new NAC, right at the edge, so your corporate network is well protected. Teleworker VPN is available on all Meraki enterprise APs at no additional charge (no VPN license!). Rollout to existing customers begins today. Learn more about our VPN solution, including both our new Teleworker VPN and site to site VPN with our MX routers.

We’re very excited about all of these new products. We’ll be following up with detailed posts about each of them in the coming weeks. In the mean time if you have any feedback let us know!

Introducing 3 new products

Amidst all the excitement around the release of our  MX series cloud managed  routers, we’ve been hard at work building new wireless technologies. Today, we are very excited to announce three new additions to our wireless product portfolio that provide greater capacity, increased security and broader reach for enterprise wireless LANs:

  • The Meraki MR24 ultra-high performance wireless access point, the first enterprise class AP to feature 3-stream,
    3×3 MIMO technology.
  • Meraki NAC, the  industry’s first network access control solution built in to a wireless LAN
  • Meraki Teleworker VPN, which provides secure remote access to the corporate network for wired and wireless clients like VoIP phones and iPads

Meraki MR24

The Meraki MR24 is the first enterprise class AP to feature 3-stream, 3×3 MIMO. This technology allows both of the MR24’s radios to use 3 data streams at once, for a total of 6 streams.

Independent testing of the MR24 by engineers at the Tolly Group saw speeds of over 240 Mbit/s – almost 2.5x the maximum speed of Fast Ethernet! Even at a range of 150 feet, testers recorded nearly 200 Mbit/s throughput.

We’re extremely excited to add this ultra-high performance access point to our wireless LAN family. We hope that it will be a valuable tool to our customers as they meet growing wireless capacity requirements.

The MR24 is available for immediate order at a list price of $1199.

Meraki NAC

Meraki NAC prevents clients without antivirus protection from accessing your network, reducing the threat of viruses and worms in increasingly open enterprise environments. Like our Traffic Shaper, Meraki NAC is a solution that previously would require the integration of a 3rd party NAC – with hardware, client software, VLAN configuration, AD integration etc.

Our NAC is the first NAC solution to be built directly into a wireless LAN. Configuration is done with just two clicks. Meraki NAC adds additional protection on top of existing features like our stateful policy firewall and guest isolation. Meraki NAC is included with our Enterprise Cloud Controller license, and will be rolled out to existing customers at no cost starting today. Enjoy!

Meraki Teleworker VPN

Meraki Teleworker VPN allows users to securely access their corporate network, including file servers, VoIP phone systems, and internal applications, from any Internet-connected Meraki AP. This AP establishes a secure tunnel back to headquarters – using our Cloud Controller to handle complexities like NAT traversal, key negotiation, etc. Teleworker VPN lets you extend the full office experience to remote workers: plug in a VoIP phone and get a dial tone or wirelessly access your private cloud from an iPad. Our teleworker solution enforces security policies like 802.1x, traffic shaping, and our new NAC, right at the edge, so your corporate network is well protected. Teleworker VPN is available on all Meraki enterprise APs at no additional charge (no VPN license!). Rollout to existing customers begins today. Learn more about our VPN solution, including both our new Teleworker VPN and site to site VPN with our MX routers.

We’re very excited about all of these new products. We’ll be following up with detailed posts about each of them in the coming weeks. In the mean time if you have any feedback let us know!

Introducing 3 new products

Amidst all the excitement around the release of our  MX series cloud managed  routers, we’ve been hard at work building new wireless technologies. Today, we are very excited to announce three new additions to our wireless product portfolio that provide greater capacity, increased security and broader reach for enterprise wireless LANs:

  • The Meraki MR24 ultra-high performance wireless access point, the first enterprise class AP to feature 3-stream,
    3×3 MIMO technology.
  • Meraki NAC, the  industry’s first network access control solution built in to a wireless LAN
  • Meraki Teleworker VPN, which provides secure remote access to the corporate network for wired and wireless clients like VoIP phones and iPads

Meraki MR24

The Meraki MR24 is the first enterprise class AP to feature 3-stream, 3×3 MIMO. This technology allows both of the MR24’s radios to use 3 data streams at once, for a total of 6 streams.

Independent testing of the MR24 by engineers at the Tolly Group saw speeds of over 240 Mbit/s – almost 2.5x the maximum speed of Fast Ethernet! Even at a range of 150 feet, testers recorded nearly 200 Mbit/s throughput.

We’re extremely excited to add this ultra-high performance access point to our wireless LAN family. We hope that it will be a valuable tool to our customers as they meet growing wireless capacity requirements.

The MR24 is available for immediate order at a list price of $1199.

Meraki NAC

Meraki NAC prevents clients without antivirus protection from accessing your network, reducing the threat of viruses and worms in increasingly open enterprise environments. Like our Traffic Shaper, Meraki NAC is a solution that previously would require the integration of a 3rd party NAC – with hardware, client software, VLAN configuration, AD integration etc.

Our NAC is the first NAC solution to be built directly into a wireless LAN. Configuration is done with just two clicks. Meraki NAC adds additional protection on top of existing features like our stateful policy firewall and guest isolation. Meraki NAC is included with our Enterprise Cloud Controller license, and will be rolled out to existing customers at no cost starting today. Enjoy!

Meraki Teleworker VPN

Meraki Teleworker VPN allows users to securely access their corporate network, including file servers, VoIP phone systems, and internal applications, from any Internet-connected Meraki AP. This AP establishes a secure tunnel back to headquarters – using our Cloud Controller to handle complexities like NAT traversal, key negotiation, etc. Teleworker VPN lets you extend the full office experience to remote workers: plug in a VoIP phone and get a dial tone or wirelessly access your private cloud from an iPad. Our teleworker solution enforces security policies like 802.1x, traffic shaping, and our new NAC, right at the edge, so your corporate network is well protected. Teleworker VPN is available on all Meraki enterprise APs at no additional charge (no VPN license!). Rollout to existing customers begins today. Learn more about our VPN solution, including both our new Teleworker VPN and site to site VPN with our MX routers.

We’re very excited about all of these new products. We’ll be following up with detailed posts about each of them in the coming weeks. In the mean time if you have any feedback let us know!

Where In the World Are Your Clients? Now You Know!

When you get a call from a wireless user complaining about connectivity problems, what is one of the first questions you might ask?  “Where are you exactly?”  Knowing precisely where a user is located can be immensely helpful in diagnosing and troubleshooting issues.  What AP are they associated to?  Are they behind a pillar that could be blocking their wireless signal?  Are they in an area of a new building where the network is currently being expanded and might still have some coverage weak spots?  This knowledge can often provide an administrator with a good idea of where they should dig in to properly troubleshoot the issue.

Starting today, administrators of Meraki Enterprise networks won’t have to ask where a client is because they’ll know: introducing Meraki Location-Based Services.  On each client details page you’ll notice a new map where the current location of the client is clearly indicated on either a Google map or building floorplan (see below screen shot).

In addition to troubleshooting client issues, there are many other situations where being able to pin down a client device’s location can be very useful to administrators, such as tracking down a lost laptop or monitoring a nurse’s progress doing rounds in a hospital with the medicine cart.  Typically these capabilities might require additional appliances and third-party software costing $10,000’s, but with Meraki they are provided with all Enterprise networks at no additional cost and without the need to deploy additional gear.

When combined with other Dashboard features like “remote hands” tools and detailed reporting with Traffic Shaper’s application-level visibility, Location-Based Services provides administrators with powerful tools to understand exactly how their network is being used and to quickly troubleshoot client issues remotely.  Please let us know what you think of this new feature using the Make a Wish box!

You asked, we listened: introducing Network Cloning

Cloud-based networking is ideally suited to managing multiple sites under a single dashboard – networks like Remington College’s 20 campuses or Epic Management’s 20 clinics are perfect example.  Recently, customers suggested a great feature to us that would make multi-site management even easier: Network Cloning.  We’re excited to announce that this wish is now a reality, and all Meraki users can try it out today!

Network Cloning is simple; when you create a new network, you now have the option to copy your configuration from an existing network with a single click.  This can save lots of time recreating similar configurations when you have multiple sites with corporate standard network configurations, such as in retail chains or corporate offices with multiple satellite branches.

Network Cloning complements other features – cloud-based provisioning, automatic RF optimization, and seamless firmware updates, to name a few – that make deploying branches a breeze.  As always, please let us know what you think about this new feature using the Make a Wish box in Dashboard.  We welcome your feedback!