This past May, Meraki hit a major milestone: 1 million networks. One of the most gratifying parts of this growth has been seeing the emergence of a passionate group of Meraki users. We see you at conferences, in training sessions, on webinars, and on social media. Until now, though, there hasn’t been a great place for you all to connect with each other.
That’s why we’re excited to announce the Meraki Community, our new forum for discussing all things Meraki.
Share Share how you are using Meraki gear in your environment and find tips from other users who have had similar experiences.
Ask Can’t find what you’re looking for? Start a new topic. There are many Meraki experts on the community who are eager to help out.
Get Noticed Join PhilipDAth and BHC_RESORTS at the top of the leaderboards! We’ll be recognizing top users (and just maybe awarding some swag) each month.
Join the Meraki Community today by visiting https://community.meraki.com and logging in with your cisco.com credentials. (If you don’t already have a Cisco login, you can create one by following the “Register” link.)
iOS 11 goes live today around 10 am Pacific Time. Although the iPhone X, iPhone 8, and iPhone 8 Plus are exciting for many, they won’t change the everyday activities and workflow for everyone. However, there is a lot baked into iOS 11 itself that extends the current state of excitement around Apple to organizations in both education and the enterprise.
The list of many helpful new additions to iOS 11 includes a big win for the Device Enrollment Program, Multi-Touch with drag and drop, file exploration, a new dock, updates to app switching, and an all-new Control Center, among others. Let’s go through a few of these to stay in-the-know with what’s new and noteworthy.
Add any device into the Device Enrollment Program (DEP)
The Device Enrollment Program (DEP) allows for organization owned Apple devices to be enrolled over-the-air for better control and visibility as well as simple, zero-touch management. Previously, only devices purchased directly from Apple, an Apple authorized reseller, or an authorized carrier could be added into DEP. Now with iOS 11, any device will be able to be added to DEP using Apple Configurator 2.5 or later. After devices are included, they join provisionally for 30 days, during which users can opt out. This is to protect personally owned devices from unintentionally being added. Adding any device into DEP will be especially useful for businesses with multiple buying centers or entities as well as schools who have devices donated, for example.
Earlier this year Apple TV was also added into DEP. So, there is now excitement around DEP for those already invested in iOS as well as those with management aspirations around Apple TV.
Multi-Touch with drag and drop
iPad, and especially the iPad Pro, has recently become much more of a productivity powerhouse. There’s a keyboard, there’s a pencil, and there’s a lot more processing potential. Efficiency and accessibility are getting even better for iPad with iOS 11. Multi-Touch with drag and drop may seem like a small addition, but it makes a big difference in the day-to-day. Being able to split screen and drag and drop files makes a more compelling reason to use iPad for work in both business and an educational context. Adding attachments to an email is much smoother and quicker than it once was and even when adding photos to a blog—as I personally tested for this post with an iPad Pro—has become a better way to get work done on the go.
Files is a new native app for iOS that is integrated directly into iOS 11. Wether searching through local files, iCloud, Box, or Google Drive users can organize, open, and delete files from the comfort of their iOS devices. Technically, this functionality was available 3rd party through the different storage services’ apps, but now it is tightly integrated into the fabric of iOS. This is a win for those used to navigating through file structures and is again focused on enabling users and enhancing productivity. Meraki recommends enforcing iOS open-in management with Systems Manager enterprise mobility management (EMM) to ensure that only authorized users can access managed content and data from managed apps and containers.
A new dock, app switcher, and Control Center
Swiping up from the bottom of an iPad running iOS 11 shows the app switcher similar to the photo shown above. The new dock in this view makes switching between apps much faster and is the basic hub for multitasking on iPad. The actions seem to intentionally mirror the user experience found on macOS, and even for those not used to a Mac, they are pretty quick to pickup. Pressing F4 on a Mac shows what’s called Mission Control. A way to think of this is that the app switcher brings a similar Mission Control experience to iPad. It shows the recently used apps and offers access to the also new Control Center. Swiping up on previously used apps will clear them until they’re opened again.
iOS 11 will be available for iPhone 5s and later, all current iPad Air and iPad Pro models, iPad 5th generation, iPad mini 2 and later, and the iPod touch 6th generation.
For those new to Systems Manager, start an instant 30-day trial here.
Grab, a leading technology company that provides transportation and ride-hailing solutions across Southeast Asia, offers a wide portfolio of transportation solutions ranging from a network of taxis (GrabTaxi) to private cars (GrabCar) to a two-wheeled option to beat the traffic (GrabBike).
This growing organization is dedicated to solving real-world transportation problems, and to that end, Grab is consistently expanding to new cities across the region. In our upcoming webinar on October 5, 11:00 AM (Singapore time), Kevin Lam, Grab’s Regional IT Networks Manager, will share his experience setting up networks at new offices in new countries, which is key to the company’s growth. Each branch office is crucial to supporting the local operations of the drivers. Lam chose Meraki because it could be deployed quickly and easily at branch offices.
During the webinar, Lam will share why Grab chose Meraki for their regional expansions. With advantages such as rapid deployments, simple management, and an easy-to-use dashboard interface, Lam can now deploy the network at new sites and offices in minutes.
Topics that will be covered in this webinar:
How Lam and his lean IT team manage everything from wireless, desktop support, server maintenance, data security, and network management
How the Grab team deploys a Meraki network (wireless, switching, security) at a new office in less than 24 hours
How Meraki makes it easy for Lam to manage a network distributed across seven countries from Grab’s headquarters in Singapore
Some unique use cases, challenges, and needs that a growing startup faces, and how a solid network infrastructure is essential for their success
Register for our webinar today to hear from Lam himself on October 5 at 11:00 AM (Singapore time). Eligible attendees will receive a free Meraki access point for attending this webinar*
Today we are excited to announce a variety of new models and capabilities to the Meraki MX, SM, and MS product families that bring additional power, choice, and protection for Meraki customers. We will be hosting a series of live webinars covering these updates in depth next week, but see below for a quick summary!
MX SECURITY APPLIANCES
Introducing MX250 and MX450: two new security appliances ideal for large branch, campus, and VPN concentration:
Designed for high-performance deployments, with stateful firewall throughput ranging from 4 to 6 Gbps
Flexible interface options, including 1GbE and 10GbE for copper and fiber applications
10G WAN interfaces for high-speed uplink connectivity
Modular, field-replaceable power supplies and fans
Introducing the Meraki Z3: a powerful addition to the Meraki Teleworker gateway family:
Includes a PoE port for VoIP phones and other powered end devices
802.11ac Wave 2 Wireless
Higher throughput and support for 802.1x port authentication
This is the second in a series of blog posts that focus on wireless security and technology at Cisco Meraki.
Wireless LANs are widely critical to the way companies work and are used to transact sensitive data (e.g. point of sale). A Wireless Intrusion Prevention System (WIPS), such as Cisco Meraki Air Marshal, gives companies the ability to ensure they are protected against threats to these WLANs. This blog post shows how Air Marshal protects against one such threat, namely a rogue access point.
What is a Rogue Access Point?
A rogue access point is an AP that is connected to a company’s physical network infrastructure but is not under that company’s administrative control. This could arise if an employee or student naively brought in a home WiFi-enabled router and connected it to the company’s infrastructure to provide wireless network access. This act introduces multiple threat vectors to the company, such as:
Insecure wireless standards – the rogue AP might only support a deprecated and insecure encryption standard, such as WEP. Or even worse, be purposefully configured with open association and authentication.
Inappropriate attachment – the user could also physically attach the AP to a network port in a secure area of the network, or in an area without appropriate firewalling between it and sensitive information.
Inappropriate location – the AP could be placed close to the perimeter of a building, meaning that someone could listen in on the company’s network.
This is by no means an extensive list of threat vectors introduced by this potentially innocuous action. So, it’s very clear that rogue access points are something we need to protect our business critical WLAN and networks from!
What makes a rogue access point rogue?
Cisco Meraki defines a rogue access point as an AP that is both “seen” on the LAN and is broadcasting SSIDs that are visible to the APs that make up the corporate wireless infrastructure.
In order to identify a rogue AP, all currently available Meraki access points leverage their dedicated “listening” radio to continuously monitor the RF. However, older APs without a dedicated listening radio can also be configured to utilize their access radios at specific times to scan for rogue access points, as shown below:
Air Marshal listens for 802.11 beacon frames sent out by APs that are “visible” to the corporate APs, then all the BSSIDs (advertising MAC address of the SSID) that the access point sees are categorized as either “Rogue SSID” or “Other SSID”.
In order to classify an SSID as rogue, we also need to look at the MAC addresses of frames on the wired side of the corporate APs. This is done by simply listening to the broadcast frames that the access point already receives. If the wired MAC and the broadcast BSSID MAC match on the 3rd and 4th bytes of the MAC address (typically wired and wireless MAC addresses are contiguous), and the rest of the bytes differ by 5 bits or less, then the AP is classified as rogue. This comparison is achieved by applying an XOR to the MAC addresses in binary form, as shown below in a rogue access point:
With this information in hand, we can safely say that this access point is connected to the same wired infrastructure as the Meraki access points and that it is actively advertising at least one SSID. So, we can assume that this is a threat to the corporate infrastructure that needs to be mitigated!
Note: If you have wireless APs that advertise SSIDs and form part of your legitimate corporate infrastructure, then you can prevent Air Marshal from containing them by whitelisting them:
How can Air Marshal protect against rogue access points?
In order to protect your corporate infrastructure from rogue access points, Air Marshal uses a technique called “containment”. When a Meraki AP is containing a rogue SSID, it uses three frame types:
Broadcast 802.11 deauthorization frame – this entails the Meraki AP spoofing the MAC address/BSSID of the rogue SSID and transmitting an 802.11 deauthorization to the broadcast MAC address (FF:FF:FF:FF:FF:FF). This is, in essence, the AP masquerading as the rogue AP and telling all the clients that were connected to the rogue point and in range of the Meraki AP to disconnect from the BSSID.
Targeted 802.11 deauthorization frame – this entails the Meraki AP again spoofing the MAC of the BSSID of the rogue SSID and transmitting an 802.11 deauthorization to the MAC address of the clients that are associated with it. Again this is, in essence, the Meraki AP masquerading as the rogue access point and specifically telling the clients that are connected to the rogue to disconnect from the SSID. It is assumed that since the Cisco Meraki AP can “see” the association and authorization frames of the rogue SSID-client relationship, then the client will also receive this deauthorization frame from the Meraki AP.
Reciprocal targeted 802.11 deauthorization and disassociation frames – this entails the Meraki AP spoofing the MAC address of all clients that were connected to the rogue SSID and transmitting a deauthorization frame for each of them to the BSSID of the rogue access point. Finally, the Meraki AP masquerades as each client that was connected to the rogue AP and sends deauthorization and disassociation frames to the BSSID of the rogue SSID. This ensures that more modern 802.11 clients with battery-saving capabilities are also disconnected from the rogue SSID, as they might have ignored the deauthorization messages “from” the rogue SSID if they were “sleeping”, saving battery life.
This behavior is shown in the below packet capture:
Note: As containment renders any standard 802.11 network completely ineffective, extreme caution should be taken to ensure that containment is not being performed on legitimate networks nearby. This action should only be taken as a last resort. Please also see the Cisco guidance note on de-authentication technology for more information.
The Meraki Air Marshal system is a best-in-class WIPS solution that includes real-time detection, remediation, and alerting capabilities (please see the references section for more information on the elements we haven’t discussed). This also includes the ability to define pre-emptive policies that will take action to contain rogue APs using the containment mechanisms discussed above.
The entire Meraki wireless portfolio contains APs with dedicated listening radios that act as full-time sensors, running as Air Marshal scanners. By utilizing Meraki APs and the Meraki dashboard, network administrators can create a robust WIPS policy, and easily deploy a powerful network to deliver enterprise-grade security in a WLAN environment.
This year we were thrilled to launch our very first European Startup Kit, a program that offers 10 innovative startups a full stack of free cloud managed networking gear, which debuted at VivaTechnology in Paris. This tech-focused event saw 50,000 visitors from all over Europe and featured high-profile speakers including Alphabet’s Eric Schmidt, Alibaba’s Daniel Zhang, and Cisco’s very own John Chambers.
It was also interesting to notice some trends among these startups:
Several entrants are applying machine learning to data and big data to transform their industries
A considerable number of applications were from healthcare startups, trying to simplify processes in that sector
There were quite a few fintech companies creating financial products with new and exciting technologies
Without further ado, we’d like to introduce the 10 startups we’ve selected:
Bird.i, a big data company focused on the geospatial industry, based in the UK
REALIZ3D, a 3D printing company based in France that specializes in the construction industry
Predictive Layer, which uses machine learning, big data, and open data to automate predictions for businesses, based in Switzerland
La Valériane, a healthcare company that creates software to streamline patient pain points
Teemo, a company that applies machine learning to marketing
MishiPay, a UK-based startup that has created a mobile self-checkout technology for retail shops
IVIZONE, a company that uses its customers’ WiFi infrastructure to provide business intelligence insights, based in Paris, France
UTOCAT, a fintech startup specializing in Blockchain solutions
ForePaaS, a French Platform-as-a-Service dedicated to data-centric applications
Mapwize, a software editor in the indoor mapping field
We want to extend massive congratulations to these teams, who are building ambitious companies that we believe will change the world. To support their growth, each of these companies will receive a free full stack of Meraki gear, which includes:
It’s that time of year again; school is back in session and our recruiters are getting ready to hit the road to spread the word about Meraki. At Meraki, we create 100% cloud managed IT that simply works. By simplifying powerful technology, we can free passionate people to focus on their mission and reach groups previously left in the darkness. We are driven by innovative technical talent and we are looking for university students and graduates to hire across our technical teams.
Meraki is the ideal place to learn, whether you’re interning or starting your career. As a member of the Meraki engineering team, your code will help provide faster and more reliable IT solutions to millions of people in more than 170 countries. Our network support team provides global 24/7 support, solving tough customer issues to provide a simplified cloud-managed experience. And finally, we have a strategic product management team to bring our engineering product vision to the market.
Interested? Make sure to stop by at one of the following universities. Not at one of the schools we are traveling to? No problem – you can find a list of our open roles here. We hope to hear from you soon!
Alfred State College 11.7.2017 | Intern Panel Q&A 11.8.2017 | Learn Meraki with ASIST and ACM
Caltech 10.17.2017 | Fall Career Fair
Cal State University at East Bay 10.31.2017 | Tech Talk with Meraki Support Senior Leadership 11.1.2017 | Science & Technology CareerFest
Cornell University 9.06.2017 | Technology and Big Data Career Fair 9.07.2017 | Tech Talk with Meraki CTO, Bret Hull hosted by Theta Tau
Carnegie Mellon University 9.10.2017 | Let’s Talk! The Prequel 9.11.2017 | Bagels with Meraki & CS Department 9.12.2017 | Technical Opportunities Conference (TOC) 9.13.2017 | Tech Talk with Meraki Firmware Director, hosted by the CMU ECE Department
Brown 9.26.2017 | Tech Fair
DePaul University 10.31.2017 | Networking Lab 11.1.2017 | Technology Job & Internship Career Fair
Georgia Tech 9.26.2017 | College of Computing Career Fair 9.27.2017 | Tech Talk with Meraki Engineering, hosted by the Bill Moore Student Success Center
George Washington University 9.12.2017 | Information Session 9.13.2017 | Career and Internship Fair
Harvey Mudd College 9.21.2017 | Software Engineering Fair
Howard 10.03.2017 | University Fall 2017 Career Fair 10.04.2017 | Tech Talk with Meraki Engineering
Massachusetts Institute of Technology 9.13.2017 | Tech Talk with Meraki CEO, Todd Nightingale 9.29.2017 | Fall Career Fair 9.29.2017 | SWE Networking Evening
Purdue University 9.5.2017 | Learn Meraki presented by Cisco Meraki and AITP 9.7.2017 | Computing Career Fair
Rensselaer Polytechnic Institute 9.22.2017 | NSBE/SHPE 2017 Fall Career Fair
Rice University 9.19.2017 | Fall Expo Career Fair
Rochester Institute of Technology 9.19.2017 | Build it Night with NextHop 9.20.2017 | Tech Talk with Meraki Support
San Jose State University 9.7.2017 | Meraki Careers in Support – Information Session 9.28.2017 | Undergraduate Engineering & Science Career Fair 9.28.2017 | Graduate Engineering & Science Career Fair 10.18.2017 | SWE Industry Night
The competition between brick-and-mortar shops and ecommerce retailers has never been fiercer. And to many observers, leading ecommerce companies like Amazon seem to have the upper hand: according to PwC, online retail sales grew over 10% in 2016, compared to just 1.4% for brick-and-mortar retail. But traditional retailers have a trick up their sleeve: experiential shopping, which turns physical shopping into an engaging experience that no online retailer can come close to emulating.
One of the best ways brick-and-mortar retailers can deliver a personalized, high-impact customer experience is through location analytics technologies. Retailers now have the power to combine Bluetooth Low Energy (BLE) and the Wi-Fi signals emanating from shoppers’ smartphones to understand customer behavior patterns, like where they are in the store and how long they’ve been there, and shape the shopping experience around these customers’ needs.
Here are just a few ways brick-and-mortar retailers can take advantage of location analytics to boost customer engagement.
1. Grab shoppers’ attention at just the right moment.
Remember those old coupon dispensers (affectionately referred to as “Blinkies”) that were in every aisle of most grocery stores in the ‘90s? Location analytics allows retailers of all types, grocery or otherwise, to grab shoppers’ attention just like these coupon dispensers once did.
Retailers that offer free guest Wi-Fi with BLE-enabled access points can push relevant display ads, notifications, and targeted coupons to customers’ smartphones at the right place and at the right time. For example, if a shopper has been lingering in the lipstick aisle of a beauty store, the retailer can push a “50% off the second lipstick” promotional coupon right to her smartphone, thereby increasing the likelihood of conversion.
It’s a win-win: the customer feels like she’s gotten something relevant and valuable, while the retailer can make more sales. Location analytics makes this all possible.
2. Optimize store layout in line with foot traffic trends.
Most retailers pay close attention to sales per square foot as a metric for how well they’re doing. Ensuring the layout of a store conforms to shoppers’ needs and expectations is key to maximizing this metric. However, for many retailers, store layout has often been more of an art than a science: what “feels right” over what actually is right. Location analytics changes the equation. Now shop owners can know precisely where shoppers are within the store and use this knowledge to put merchandise or in-store displays in the right place to maximize product exploration and purchase likelihood.
It all happens like magic: shoppers’ smartphones that have Wi-Fi and Bluetooth enabled automatically send out probes and beacons that can communicate with access points and Bluetooth sensors. Through various mechanisms, these sensors can triangulate shoppers’ locations within the store. Over time, store owners can see a visual map of where customers are (and aren’t) going within the store.
A location heat map, with foot traffic and Wi-Fi access points mapped.
Interestingly, grocery stores have designed their store layouts in a very specific way to increase how long shoppers spend in-store, as well as average basket size. Location analytics lets businesses of all types do this in a data-driven manner. As an example, a home improvement store like Orchard Supply Hardware (OSH) could glean information from location heat maps that customers don’t linger near the paint section for long. The store owner could then decide to locate the paint near a more heavily trafficked area — say, the hardware area — or to increase the visibility of signage pointing to the paint aisle.
3. Always put the best message out there.
The era of mass advertising has largely given way to more targeted, personalized messaging appropriate for consumers at different stages of their buying journey and with different needs. It’s imperative that retailers adapt to this new reality — that they learn more about their customers in order to specifically tailor messages for their audiences. Location analytics can help by tracking customer behavior both inside and outside the store.
In-store, location-based data can be used to track how often customers visit (and return) to stores, and for how long. Imagine how valuable it would be to know not only when people visit — information that’s available simply through observation — but also why they’re coming back (is a new promotion working?), how often they come back (are these frequent shoppers or sporadic visitors?) and how long they linger inside the store. Once customers connect to the store’s Wi-Fi network, stores can track visitors each time they come back. This information can be linked to loyalty programs to provide even deeper insight into customers’ behavior.
Even when customers aren’t in the store, companies that utilize Facebook login as an authentication tool can get a host of anonymized customer demographic information, such as age, gender, education, workplace, and more. This information can automatically be aggregated and organized to give store owners valuable insight into who their customers are.
Brick-and-mortar stores can and should leverage every resource possible to create personalized customer experiences. Location analytics can help physical retailers learn more about their customers, just like their online counterparts, thereby making the physical shopping experience more engaging and high-touch.
All Cisco Meraki access points come with integrated BLE radios. Combined with the location analytics capabilities built into the Meraki dashboard, retailers that deploy Meraki in-store can learn more about their customers and use this knowledge to elevate the shopping experience.
To learn more about how Meraki location analytics can help boost your customer engagement and sales, download the solution guide, Location Analytics for Retailers.
Prior to Oreo’s release, Cisco Meraki Systems Manager teams had already tested dozens of possible variations of customer use cases with Android Oreo. This includes updates that can be utilized by customers using G Suite Education and Business–also known as Android for Work. Systems Manager is certified for all the Android EMM protocols and is ready to go with Android Oreo. See below for a few example use cases:
Enable Work Profile on employee-owned BYOD devices to isolate personal and work apps and data
Place education, payment, or healthcare devices into single use mode or Kiosk mode (COSU)
Enjoy all the necessary control with Android Device Owner mode for corporate-owned devices
Android Oreo also brings many device advantages and improvements including better battery life, picture-in-picture, and increased stability for apps. See below for a list of some of the new functionality with Android 8.0:
System optimizations around better app stability
Background limits including battery and memory optimizations
Picture-in-picture for multitasking on Android
Notification dots for streamlined access of activity and notifications
Autofill framework to simplify new device setup and password synchronization
A complementary Android Vitals dashboards containing exciting new visibility for developers