Crediton Dairy in Devon, England, is a major supplier of milk products to grocery stores across the UK. The milk processing plant employs about 160 workers in both factory and office roles. When IT Manager Benjamin Evans and his team realized it was time to upgrade their existing CCTV system, they looked to Meraki, whose access points they had already been using.
The team had a dated CCTV system that was only deployed in a couple of areas around the facility.
The processing plant spans a large area and contains several tall structures, like silos, making it difficult to survey multiple areas at once.
A constant stream of lorries (or delivery trucks) driving through the facility introduces potential safety hazards for workers.
An initial deployment of 16 MV71 cameras helps cover a majority of external areas.
Benji and the team relied heavily on the Meraki mobile app when physically installing cameras.
“Literally plug it in, and it’s up and running.”
The Operations team, as well as the Health & Safety team, utilize the camera feeds to monitor potential hazards throughout the site, such as high traffic areas.
The team already encountered and resolved one incident involving a lorry driving into a barrier with the help of their MV deployment. They were able to prove the cause of the accident and assign liability accordingly.
Benji and his team have saved both time and money due to the “plug-and-play” nature of the cameras, and the lack of extraneous hardware, like a UPS.
The architecture of the cameras allows the team to monitor video feeds locally without impacting the company’s bandwidth usage.
The team is exploring the possibility of expanding their deployment into the factory to help monitor processes and ensure employee safety, both inside and outside the facility.
Hot on the heels of our previous switch release (here) comes our MS210 stackable access switch.
We designed the MS210 to provide network administrators the option to stack the new 1G switch to the 10G uplink of the MS225.
Large enterprise networks often require multiple switches to handle office traffic but have only modest bandwidth needs per switch. However, many desire the flexibility to enhance their bandwidth capability as the organization’s tech needs grow.
The MS210 provides incredible power and flexibility to our switch line. Seven MS210s linked to a MS225 for its 10G uplink (to form a stack of eight) creates one of the most versatile and economical switch options available — all easily configurable using the Meraki dashboard.
The MS210 line features basic Layer 3 connectivity and comes in both 24- and 48-port models along with PoE and PoE+ power options.
We are pleased to announce that we have expanded our switch line to include new models designed for small office and home office customers.
For years, Cisco Meraki’s cloud-managed switches have provided network administrators with an unprecedented level of visibility and control to manage their deployments. While we already offer a wide variety of switching options for campus and enterprise networks, we wanted to introduce the benefits of cloud networking to a greater range of customers across new price points.
New Meraki customers will gain access to innovative network solutions like an entirely GUI-based management platform and firmware updates from the cloud to ensure network stability.
For organizations looking to purchase new switches, there has never been a better time to learn more about cloud-managed IT.
MS120-8 Compact Switch
The MS120-8 is our compact access switch designed for flexible and rapid deployment at branch and campus locations. We adopted a fanless design for the non-powered and PoE models, enabling completely silent operation as you work alongside the device on or near your desk.
Features of MS120-8:
2 x 1G SFP uplinks
New Low-Powered (LP) Model
Layer 2 access switch
External power supply (non-powered, LP models)
Integrated mounting plate
MS120 24/48 Port Switch
The MS120 line is designed for widespread deployment in networks of any size. The large switch port capacity on the 24- and 48-port models allows network administrators to take advantage of the growing number of IoT devices found in the modern workplace, including IP-connected phones, cameras, and security systems.
Happy Halloween! Here at Cisco Meraki we recognize that network security is a crucial part of any IT deployment. As mobile device adoption continues to skyrocket, security is becoming increasingly cumbersome to manage and oversee – particularly in large or highly distributed networks. In response to this, Network Access Control (NAC) solutions have evolved to support dynamic policy enforcement, going beyond the static one-and-done configuration approach of networks past. This enables more streamlined policy control over all users and devices while reducing complexity and opportunities for human error.
We are excited to announce that RADIUS Change of Authorization (CoA), a key feature for enabling deeper integration with NAC solutions, is now available in public beta. Once CoA is enabled, Meraki switches will act as a RADIUS Dynamic Authorization Server and will respond to RADIUS Change-of-Authorization and Disconnect messages sent by a RADIUS server. CoA can be configured easily using the Access Policies page in dashboard:
There are a variety of NAC solutions available in the market, including Cisco’s own Identity Services Engine (ISE), Bradford Network Sentry, and Forescout CounterACT® just to name a few. With the addition of CoA and RADIUS accounting, NAC solutions can now further integrate with Meraki switches for comprehensive policy enforcement and network access control.
This feature is included in our new switch firmware, which will be available to all Meraki switch customers soon. You can learn more about how the feature is configured here,or if you would like to make use of this new capability right away you can contact our Support team via the Get Help page in Dashboard and we’ll be happy to get an upgrade scheduled for you.
PCI DSS 2.0 Compliance Reports are now available on Enterprise dashboards! You can check your network settings such as firewall rules and password policies against PCI WLAN requirements, and receive a summary report that can be archived or printed out. If something’s out of compliance, the report provides guidance on how to fix things. Centrally managed from the cloud, Meraki makes it easy and cost effective to deploy, monitor, and verify PCI compliant WiFi across distributed networks of any size. It’s no wonder retailers are turning to Meraki for their networking solutions. (more…)
What did you wish for this holiday season? Perhaps some shiny new Meraki Wireless LAN features such as PCI reports, WIPS enhancements, group policies by device type, or Teleworker VPN split tunnels? If so, you’re in luck because our engineering elves have been hard at work. There’s something for everyone including retail, enterprise, education, and remote workers. Even better, these enhancements don’t cost you a thing. Thanks to our cloud-based architecture, there’s nothing you need to do to install or enable them. Just wait for them to show up intime for the holidays! For now, here’s a quick preview.
(Oh, if your wish is to build awesome features like these, then apply to join our Engineering Elves!) (more…)
It’s been a busy summer at Meraki, and today we’re excited to announce two new outdoor APs – the MR62 and MR66. They bring Meraki’s leading security, performance, and management to harsh outdoor and industrial indoor wireless networks. They’re rugged (IP67 rated) and sleek at the same time. See for yourself:
MR66 Cloud Managed AP
The MR66 includes dual-band, dual-concurrent radios, with speeds up to 600 Mbps for high performance in the most demanding environments. The single-radio MR62, with speeds up to 300 Mbps, is designed for value-oriented outdoor WLANs. They both have all the enterprise class features required for modern wireless networks, including:
Layer 7 application traffic shaping
Band steering (for the MR66)
The APs are designed to be deployed in harsh outdoor conditions and are able to survive temperature and precipitation extremes. They’re also ideal for harsh indoor environments, such as industrial and manufacturing applications, where dust or high particle content may be problematic. They weatherproof, dustproof, and powered by PoE 802.3af.
MR66 rear view
The new models won’t break the bank, either — the MR62 lists at $699 and the MR66 lists at $1299 and they’re available for order immediately. Our comparison table shows the Meraki outdoor AP specs side by side. Want to get your hands on one? Sign up online for a free evaluation.
Internet connectivity for branch locations is often mission critical. For retail, hospitality, financial, and many other organizations, reliable internet connectivity ensures business continuity, uninterrupted financial transactions, and customer satisfaction. Branch connectivity is often established through leased private lines, such as multiprotocol label switching (MPLS) links.
The most attractive feature of MPLS is usually its reliability. Providers offer service agreements with uptime of 99.9% or higher. But this level of reliability comes at a high price, and rolling out MPLS to hundreds or thousands of branch locations quickly becomes prohibitively expensive. Fortunately, it’s now possible to aggregate multiple lower-cost access alternatives to achieve similar levels of reliability and performance. Meraki’s MX70 cloud-managed router makes this very simple.
Taking a hard look at connectivity costs
Using link failover and link aggregation, it’s now possible to take advantage of multiple internet access methods to increase the reliability of the branch network connection. The price of broadband access technologies such as DSL, cable, and even broadband fixed wireless has steadily declined over the past several years. By connecting more than one link at a time, the low price of these access technologies can be enjoyed without sacrificing reliability. For example, a branch location may have DSL and cable internet access available to it, but few other affordable options. In this case, each can be connected to the MX70’s WAN ports. To approximate the new level of reliability for two bonded links, use this equation:
1 – (1 – link 1 availability) x (1 – link 2 availability)
Figure 1 shows a cost comparison for two T1-MPLS links bonded together vs. bonding one cable and one DSL line together.
Figure 1: MPLS vs cable + DSL yearly connectivity costs for 20 branch locations
Figure 2 shows an MX70 router status page with two active WAN connections, as would be the case when bonding a cable line and a DSL line together.
Figure 2: MX router status with 2 active WAN links
The green indicators show that both WAN connections are live and active. If either link fails, traffic will be routed through the other WAN link, and network clients won’t see a disruption in their connectivity. When both links are active, their bandwidth can be aggregated and traffic will flow through both connections. The MX can also be configured to use only one primary WAN connection, using the other connection only in case the primary link fails. In both cases, the reliability of the branch connection is increased.
But this greater reliability isn’t the only benefit: since both WAN connections are active, the MX70 can aggregate their bandwidth, thus increasing the network performance. Internet traffic is spread among the uplinks in the proportion you specify in the dashboard, as shown in figure 3.
Figure 3: Uplink WAN aggregation
Tying it all together
Once branch locations have reliable and redundant internet connectivity, how can they connect to headquarters? The Meraki MX70 router has built-in site-to-site VPN capability that enables branch networks to automatically connect back to headquarters. For branches that have simple network requirements, the MX can connect the entire branch subnet to the site-to-site VPN. It’s as simple as selecting participation for the subnet, as shown in figure 4.
Figure 4: Participating in site-to-site VPN
Branches with VLANs can also be integrated into the site-to-site VPN. For each VLAN, simply choose if it participates in the site-to-site VPN, as shown in figure 4.
Figure 4: VLAN site-to-site VPN participation
For connecting multiple sites together, the MX70 provides a simple way to reduce your WAN costs, allowing you to eliminate expensive, leased private lines such as MPLS. Instead of buying one expensive MPLS line, take two lower cost links, aggregate them, and benefit from the built-in redundancy and cost savings. And once those branches are connected, monitoring and managing the entire network is extremely simple, because it’s done through Meraki’s web-based dashboard. The burden of remote site IT support is dramatically reduced, and network administration can be performed from a central location.
If you’d like to find out more about the MX series routers, don’t miss our next webinar on June 22nd at 11am Pacific time.
Meraki customers know the power of client visibility. We provide great granularity into your network to make identifying clients or devices simple – and we want to continue to WOW you! Starting today, Enterprise users will get live status information when viewing the list of connected clients. You will see information such as a real time signal strength bar, packets sent and received, channel information, and association state.
Networks today are full of information and getting visibility into it is key. Seeing real time signal strength for a device makes the job of the IT administrator that much easier. This will be one of many new “live” tools you will see us roll out over the coming months.
Meraki is committed to providing great products, and we welcome your suggestions and feedback. Our users requested this feature, and we take your input seriously.
Active Directory has become the industry standard authentication server for most enterprise network deployments today. Meraki cloud-managed APs have always been able to integrate with Active Directory using RADIUS, by enabling Microsoft Network Policy Server (or Internet Authentication Service, depending on which version of Windows Server you are running). This satisfies the needs of most enterprise deployments, and RADIUS can actually be used with Meraki to communicate with any type of authentication server that speaks RADIUS, including LDAP.
If your network does not require the additional configuration options provided by RADIUS integration, there are certain advantages if the APs can communicate directly with Active Directory without a RADIUS server playing intermediary. Using Meraki’s native AD integration eliminates the need to configure Microsoft NPS (or any other RADIUS server) for AD integration. Also, for multi-domain forests, for example a school that has one domain for faculty and another for students that is using sign-on splash authentication, users must remember to include their domain with their username, which can easily be forgotten. Or alternatively, a complex hierarchy of RADIUS proxy servers or custom scripts might be required to make the log in process easier for the user. These steps aren’t necessary when using native AD.
With our latest firmware upgrade (being rolled out to Enterprise customer networks now), Meraki wireless networks now feature native Active Directory and LDAP integration with Sign-On Splash. It’s incredibly easy to deploy. When the network sign-on method is configured as Sign-on splash page on the Configure -> Access Control page, you will now see two new options under the Authentication Server drop-down selector, “Use my LDAP server” and “Use my Active Directory server”. If you don’t see these options, then you have not yet been upgraded to our most recent firmware version, so keep an eye out for a Dashboard notice about a pending firmware upgrade in the next 1-2 weeks and then give it a try.
To enable native Active Directory authentication, select “Use my Active Directory server”, and then add the IP addresses of each domain controller in the forest, along with administrator credentials that have administrative access to each domain listed.
LDAP works the same way and is just as easy to configure. And you’re off and running with native Active Directory authentication!