Meraki switching and security solutions are simple, powerful solutions on their own, but like all Meraki products, they work even better together. As a follow-up to our recent product and feature releases around these ‘wired’ product families, we are hosting two webinars in December to show off our intelligent switches and security appliances.
Don’t miss out on this opportunity to learn about both solutions at once! To make these presentations even more exciting, all eligible attendees will receive a free Meraki 8-port PoE switch.
Our wired webinars will occur on the following dates:
Last week we introduced some exciting new hardware. A range of stackable switches for building fast, scalable and resilient networks, plus a new, more powerful security appliance for the branch.
Now it’s time to bring the focus back to features, today exploring a couple of changes for our switch customers, designed to make busy lives easier.
First up, port mirroring. While a packet capture can be useful for getting deep into the detail of how a client is behaving – or misbehaving – on the network, it’s primarily designed as a troubleshooting tool. Port mirroring takes things a step further by allowing network administrators to capture all traffic traversing one or multiple ports, via another. Port mirroring is useful wherever traffic flows need to be recorded, for example archiving VoIP calls for compliance or training purposes.
Meraki switches have had port mirroring capabilities since the early days, and configuration was tucked-away on the Switch Settings page. After considering feedback from our customers we’ve moved the configuration for mirroring to the Switch Ports page. With the benefit of hindsight this new home for the feature makes perfect sense, and is certainly a more intuitive approach. Here’s how it looks:
To mirror ports, simply select them and click the Mirror button and a prompt will ask for the destination port which will receive the mirrored traffic. They say simple ideas are the best and this example of that mantra will certainly save some head-scratching when looking for the feature.
The second feature we’ll cover today is upcoming for our Layer 2 switch customers. DHCP is fundamental to the operation of modern networks, with all clients using the protocol by default to get connected and online. Layer 2 switches have always been able to connect clients to a DHCP server on the same VLAN, but what happens if there’s a requirement to support multiple IP based VLANs, each with their own IP address range?
Until now, supporting multiple VLANs would have meant using a Layer 3 switch, capable of relaying DHCP requests to a server and then returning the correct IP address to the source VLAN. Now, thanks to a wave of the Meraki Magic wand, our brainiac engineers have added DHCP functionality for multiple VLANs to our Layer 2 switch line.
Configuration is easy, as our customers would expect. Simply provide an IP address in each VLAN where DHCP is required. This IP address will then be used in the DHCP request and the switch will process the returning offer, returning it to the appropriate VLAN. Anyone familiar with configuring DHCP relay will be right at home here as configuration is essentially the same.
This feature will be coming soon for all of our Layer 2 switch customers. In the meantime please reach out to our support team to take it for a spin.
Feature velocity is in our DNA here at Meraki. Every week our switch team is discussing new and upcoming capabilities which we know our customers will love. Today’s examples are humble but useful additions for the busy network engineer and we look forward to bringing many more features to our customers soon. In the meantime, please don’t forget to ‘make-a-wish’ on the dashboard to let us know where we should be focussing next.
Not long ago the configuration of a computer’s settings were the responsibility of the end user. This spawned numerous guides, created by beleaguered IT administrators, that tried to ease the number of repetitive helpdesk support calls on common topics.
What if you could do away with the multi page WiFi configuration guide, yet still allow users to connect securely? Systems Manager Sentry provides simple, automatic security that is context aware. Sentry WiFi settings automate the configuration of mobile device wireless connectivity. This simplifies the task of joining the network for both the user and IT administrator, eliminating one of those clunky step-by-step guides from your help portal. Watch the video below to see this feature in action.
Systems Manager can create WiFi configuration payloads which contain configuration settings for a wireless network. It can then deliver this to the client device so they know how to get connected without the user having to follow a guide. Sentry WiFi settings take advantage of the native cloud integration of Meraki’s networking stack with Systems Manager MDM.
With Sentry, Systems Manager queries the Meraki WLAN network to understand what the security requirements are for a chosen SSID. Now instead of the IT administrator manually configuring the settings, the configuration fields are automatically populated with the correct information, eliminating possible errors and saving time.
The convenience of Sentry WiFi settings becomes exceptionally powerful when combined with the tagging engine available in Systems Manager. Tags are Systems Manager’s way of choosing what managed devices should get what settings. As tags can be automatically applied, this means client devices can receive WiFi settings based on dynamic events such as the time of day, device user, device type, location, or security posture.
If you would like to find out more about Systems Manager Sentry, then you can attend one of our specialist Sentry webinars, or alternatively contact your Meraki representative for more information. If you are an existing Meraki WLAN customer, Systems Manager offers an industry leading MDM capability with a unique level of network integration, that due to its simplicity can secure and automate your IT operation in minutes.
Earlier this week we announced some exciting new additions to the Cisco Meraki portfolio. While yesterday’s post extolled the virtues of Meraki switch stacking, today we look at the new MX84 cloud-managed security appliance and the Intelligent WAN (IWAN) capabilities that will be available in beta later this month.
Introducing the MX84
The MX84 follows in the footsteps of the MX64, which was released in February 2015. While the MX64 boasts higher overall performance than its predecessor and the option for 802.11ac wireless, the MX84 likewise offers a significant improvement in throughput over the the MX80, along with twice as many Ethernet ports and the addition of two SFP ports for fiber connectivity.
These improvements are aimed at allowing administrators to deploy the MX84 in a variety of network designs without worrying about encountering throughput bottlenecks or having to add extra infrastructure to connect everything they want to connect – all at the same price point as the MX80.
Make way for IWAN
Earlier this year we announced that a series of IWAN features would be coming to the MX product line, and since then the Cisco Meraki development team has been working hard to ensure we deliver those features with the same blend of powerful functionality and simple, intuitive configuration that Meraki is known for. Later this month these new IWAN capabilities will be made available to all MX customers through an open beta. However, we want to give you a sneak peek of what configuring IWAN on the MX will look like.
To do this, let’s imagine a few scenarios in which IWAN might be useful. First, we have a branch office with two broadband internet links where the administrator wants to make sure that VoIP traffic back to headquarters always uses VPN over the better-performing link. To accomplish this, the administrator creates a VPN uplink selection policy for traffic from their VoIP subnet, like so:
This straightforward policy will use preset metrics to determine what the best VPN path is for VoIP traffic. If the best link changes, traffic paths will be adjusted accordingly.
Now imagine that rather than two broadband links, the branch has one broadband link and an MPLS connection. The administrator wants to send VoIP traffic over the MPLS, since it is likely to have better performance. However, if MPLS performance begins to suffer from high latency it may be better to use the broadband link. That can be accomplished with a slightly different policy:
The administrator has specified a preferred uplink (WAN2), so that link will be used by default. Since performance failover is enabled, if the WAN2 link fails to meet the performance standards configured in the ‘Tons of latency’ category, VoIP traffic will be moved to the WAN1 link. Multiple performance categories can be created depending on the needs of the deployment.
These are only a few examples of how IWAN features can be used to improve network performance and resiliency. Stay tuned for the open beta later this month to see the full capabilities of Meraki IWAN.
Tell me more!
If you want to know more about the MX84, IWAN, or the MS350 switches, be sure to register for one of next week’s launch webinars using the links below.
Back in early 2012 the world of switching was disrupted by a bold newcomer. For the first time the benefits of centralizing management in the cloud were applied to the switch network, and the life of the network admin became significantly easier.
Suddenly switches could be prepared for deployment without even removing them from their boxes. Units could simply be shipped directly to sites and while in transit have their config pre-staged, so that the recipient merely needed to power them on and connect them to the Internet.
Suddenly it was easy to see how the wired network was being used, with the same level of detail as Meraki wireless customers had already been enjoying for years. While possible with other switches, Layer 7 visibility had never been so simple, and accessible.
Suddenly the network engineer at HQ could easily troubleshoot switches deployed all over the state, the country, the world, to a level of detail previously unobtainable. Never before had it been possible to run an ad-hoc, full-blown packet capture on a network port thousands of miles away.
Taken together, these developments quickly reduced the operational expense of running a switch network, particularly a geographically disperse one. One other new feature significantly eased the burden of multi-site management: virtual stacking.
Virtual stacking was, and remains, transformational, eliminating the physical constraints of a switch stack – most commonly 4 or 8 co-located switches – and allowing multiple ports to be simultaneously configured based on a common variable. For example, all ports tagged ‘VoIP’, potentially running into thousands, can be simultaneously edited so they can be placed into the appropriate Voice VLAN. A newly created network access policy can be applied to every port facing network users across every company location.
Virtual stacking was a groundbreaker and has helped thousands of Meraki customers improve management efficiency. The good news is that this week’s announcement of new physically stackable switches changes nothing for those customers happily using virtual stacking today. The feature remains a clear differentiator across the Meraki switch family.
The new MS350 line of physically stackable switches was developed to address a couple of specific challenges our customers fed back to us. Firstly, bandwidth. It is now possible to create aggregated links between adjacent stacks of switches (or to a core/aggregation switch) comprising up to 8 x 10Gb/s links, with all of these forwarding traffic.
Secondly, dedicated stacking connectors open up new connectivity and bandwidth possibilities. Connecting adjacent switches no longer requires the use of a regular SFP+ port, meaning these can be used for uplinks, or connections to high-performance servers. Also, the new stacking connections provide exceptionally fast throughput between switches in a stack; 80Gb/s full duplex from each stack connection on the switch. And because this is Meraki, you get a ½ meter stacking cable in the box with every MS350, with longer cables on the accessories list.
To maximize stack bandwidth, a technology known as spatial reuse is employed. Packets destined for a device connected elsewhere in the stack travel via the dedicated stacking links on what we call a stack ring, from switch to switch. When the packet’s destination switch is reached it is removed from the stack ring, thereby freeing-up bandwidth on the ring for other stack switches to use. With spatial reuse, Meraki MS350 switches can provide up to 160Gb/s of aggregate stack bandwidth, ample for today’s high-performance network.
If you’re wondering how the introduction of physical stacking impacts our much-loved virtual stacking feature, we have good news – nothing changes! The ability to configure thousands of ports simultaneously works identically across ports on both standalone and physically stacked switches. In other words, with Meraki stacking, you really can have your cake and eat it!
We’re excited to be bringing these stackable switches to the market, furthering our push into enterprise grade networks. A new stacking whitepaper has been added to our documentation library, and don’t forget an evaluation is just a phone call away. Lastly, we regularly run switch-specific webinars where we demonstrate what it’s like to be a network engineer enjoying all the aforementioned capabilities and more.
Today is an exciting day at Meraki HQ. Following months of hard work by our hardware and software engineering teams, we’re delighted to announce new additions to our switch and security appliance lines which will help our customers build larger, faster and more robust networks.
Meraki has revolutionized the world of network management, reducing cost and complexity for tens of thousands of customers. With so many organizations operating distributed networks, Meraki provides an elegant solution that scales beautifully, with no loss of performance, lightening the administrative load and delivering exceptional operational savings.
Two factors prompted us to create new hardware. First, internet connections are becoming faster by the day, demanding ever-increasing performance from the networks that connect to them. Secondly, building larger networks introduces fresh challenges around network topology, cabling capacity, and performance. In 2015, all networks can be seen as mission critical, but inevitably this applies particularly to larger networks containing more equipment and supporting more activity. The network absolutely must be built to work around failure scenarios and deliver fast, seamless connectivity.
To address these challenges, Meraki is introducing a powerful security appliance for the branch, and the world’s first cloud-managed range of stackable switches. Say hello to the new MX84 security appliance and the MS350 switch family.
The MX84 packs a real punch, with double the performance and capacity of its predecessor. Port counts are up on the new model, with two dedicated WAN ports for active-active Ethernet/VPN WAN links. LAN connections have increased too, with 8 Ethernet ports (up from 4 on the previous model) and the addition of 2 brand new SFP fiber ports.
Since the MX84 (and the other MX models) support dual WAN connections, it’s important to ensure that both connections can be used to their fullest potential. To that end, Meraki is announcing support for dual-active VPN connectivity and Intelligent WAN (IWAN) features. With Meraki IWAN, customers will be able to configure their security appliances to support automatic policy-based and performance-based routing decisions, ensuring more demanding applications get the bandwidth they require, and seamless failover in the event a VPN connection is dropped for any reason. Joe, our MX product marketing manager, will be back in a couple of days with a more detailed blog post covering these new capabilities for the product line.
The MS350 line of physically stackable switches sets a new standard for combining power with simplicity. Delivering best-in-class performance and enabling resilient, full-bandwidth connections to the aggregation layer, the MS350 is ready for today’s demanding network clients, providing fast lane access to the server and cloud-based applications we increasingly rely on to do our work.
Let’s take a look at the hardware. Under the hood the MS350 line boasts a more powerful CPU and more memory, helping the 350 support larger client device counts with the performance they require. From the front, the MS350 switches look almost identical to our existing line of Layer 3 switches, although those with a keen eye will notice a couple of design tweaks. Flipping the switch around, we immediately see just how much has changed at the back.
The MS350 has a new, dedicated management port which provides access to the switch’s local management interface, so that this no longer takes up one of the ports on the front of the switch. MS350 switches feature two built-in stacking interfaces, enabling up to 8 switches to operate as a single physical switch with up to 160 Gbps of stacking bandwidth. The new switch family introduces another enhancement for the access layer; hot-swappable fans in addition to the power supplies.
Tomorrow we’ll be back with another blog post in which we’ll take a more detailed look at the stacking capabilities of the MS350 line, and how physical stacking works together with virtual stacking, a feature which we pioneered back in 2012, and which is a defining feature across the Meraki switch line.
Taken together, these new products and the announcement of our support for Intelligent WAN features enhance Meraki’s value as a complete enterprise networking solution, all managed with the intuitive, simple interface for which we’ve become renowned. These exciting products will be shipping soon. To try them in your network, please reach out to your Meraki contact to arrange an evaluation. In the meantime, stay tuned for more details about today’s exciting announcement, including webinars in your region:
Here at Meraki, we are continually focused on simplifying the IT management experience. One of the areas our engineering team is always paying attention to is how to offer additional benefits to customers who have multiple Meraki product types. We want every product, be that wireless, security, switching or mobility management to be outstanding in their own right, but what about when they come together?
One exceptional example of this integration is Systems Manager Sentry. With Systems Manager MDM holding a wealth of data on client devices, it can automatically configure the network based on rules you provide. Another is Group Policies, where one interface allows network-wide rules, such as firewalling and traffic shaping to be configured, no matter if the connectivity type is wired or wireless.
The Meraki dashboard is central to our cloud technology and is used to manage all our products through a simple, intuitive, and powerful interface. This is continually updated and improved based on customer feedback and internal research. The cloud infrastructure allows for these changes to be seamlessly deployed without user intervention, patches, or downtime.
In February we introduced our #fullstack campaign to highlight the benefits of a combined network view in dashboard. With a combined view, the products are grouped together so that a single site can be viewed in a single navigation pane.
Although Systems Manager deployments could be managed from the same dashboard interface as the other products, it was previously not possible to combine them. Today we announce the beta availability of fully combined networks, with Systems Manager integrated into the navigation pane. If you would like to try out the new interface, go to the Organization Overview page within dashboard and choose Combine.
To celebrate the arrival of the combined #fullstack network, we are running another blog promotion for our subscribers. The winner will receive a full stack of Meraki equipment, comprising the following equipment, supplied with 3 year licences:
1 x MX64 Security Appliance
1 x MS220-8P PoE Ethernet Switch
1 x MR32 Wireless Access Point with BLE beacon technology
20 x Systems Manager licences
To take part in the promotion, all you need to do is subscribe to the Meraki blog by the end of November 2015. Current subscribers are automatically entered to win. Additional terms and conditions apply; subscription is not necessary to enter.
If you are an existing Meraki customer with only one product family today, why not try adding some of the others to learn more about the benefits of the full Meraki stack. Contact us to arrange your evaluation at no charge. You’ll be up and running in a matter of minutes, and we have a dedicated evaluation support team ready to help you at every step.
With the release of iOS 9 Apple introduced a number of improvements to the Volume Purchasing Program (VPP). Of these improvements, one of the more significant is app assignment by device. With this new functionality it is now possible to assign VPP apps to an iOS device without the need for an Apple ID, and if that device is supervised, the installation is silent.
Before this change, it was only possible to assign apps to a user by associating them with an Apple ID. This method of app management can be an administrative nightmare when used in environments such as K-12 education, where many users may be working with a particular device. Students may not have an Apple ID, or may be too young to have one without parental consent. Additionally, it meant that an Apple ID needed to be configured on the iPad for apps to be silently pushed to supervised devices.
With VPP device assignment, an Apple ID is no longer required and with supervised devices, apps can be pushed silently with no end user interaction. Silent app push has a huge impact on an administrator’s ability to seamlessly deliver iOS apps to users. Combining this new functionality with Meraki Systems Manager features, such as multiuser authentication, can offer a fantastic classroom experience. Apps and settings are tailored to each student’s needs and dynamically changed as the user changes.
Systems Manager Legacy customers can gain access to this great new functionality by upgrading to the latest version of Systems Manager. Please contact your Meraki representative for further information or alternatively sign up for a specialist Systems Manager Teacher’s Assistant webinar here. Additionally stay tuned to our YouTube channel for an upcoming video guide to this functionality.
Over the years, many Meraki employees have found ways to volunteer and give back to causes they are passionate about. About a year and a half ago, some Meraki go-getters wanted to take this interest already inherent in many employees and create a central, company-wide volunteer program that would promote team bonding and create an impact of scale around the Bay Area. After many months of planning, Meraki Gives was born!
Since its launch, Meraki Gives has organized quite a few activities including a local food bank volunteer day, a PB&J sandwich assembly line to help local organizations fight hunger, a holiday card-making session for survivors of domestic violence, and most recently, a company-wide school supply drive to help local students head back to school with backpacks filled to the brim.
Just a few of the school supplies Meraki employees gave to kick off this school year.
The enthusiasm we’ve seen in the office around these activities has been extremely inspiring. Managers have found crafty methods and motivational words to promote healthy inter-team competition for donation drives, employees have put an incredible amount of attention to detail in the gifts and supplies they bring in, and the company is always looking for more ways to give back.
Employees making hundreds of tasty PB&J sandwiches to fight local hunger.
The Meraki Gives planning team is currently looking for more volunteering opportunities in San Francisco and the surrounding area. If you have a cause or activity you think would be a good fit, please let us know! Shoot us an email at [email protected].
Meraki volunteers at the SF Marin Food Bank earlier this year.
If you’re interested in keeping up with Meraki Gives, follow the Meraki Facebook page for updates about what we’re up to. Maybe we’ll see you out and about in the community!
Over the last few months there have been a number of opportunities for our blog subscribers to have a chance of receiving exciting Meraki goodies. Being up to date with all the latest information has never been so rewarding! As we reach lofty new levels of readership, we wanted to reflect on our past promotions and their winners.
“March to 1000”
In our “March to 1000” promotion, subscribers could receive the industry’s first 802.11ac UTM device. Lars Cederholm, Business Developer at ATEA, was the winner of this promotion and received an MX64W.
ATEA is an IT infrastructure company based in the Nordics with several events throughout the year, including an IT roadshow. With 14 cities along the way and over 3,000 customer attendees, Lars has been putting his new security appliance to good use. Not only is he using the device to demo the security and wireless features of the Cisco Meraki solution, but he’s also set it up to provide guest WiFi at the events. The integrated Facebook WiFi splash feature is providing a streamlined way to access the network, while also providing ATEA with additional brand awareness on the social media platform. We’re excited to see what Lars does next with his MX64W!
“We Made it!”
Following the great success of the “March to 1000” promotion we ran the “We Made it!” promotion offering ten limited edition Meraki t-shirts. The winners included:
If you’re a blog subscriber it could be worth double checking your inbox, maybe you missed our message. Please get in contact if you find your congratulatory e-mail!
“Take me Home”
Finally the “Take me Home” promotion celebrated the power of the Meraki teleworking solutions available with the MX64 and Z1 products. The five winners of the Z1 teleworker gateways were:
We would like to offer our thanks to all winners and blog subscribers for their support of the blog, and we look forward to running further promotions in the future.