Archive for the ‘Product Blog’ Category

See How Simple Your Network Can Be

Customers tell us all the time that they love using the Meraki dashboard. We like to think it’s never been easier to manage a network. See for yourself with these videos. Don’t forget your popcorn!
(more…)

New MX Router Features and Expanded Availability

In January, Meraki introduced the industry’s first cloud-managed routers, the MX series. We’ve been selling the MX50 and MX70 directly to end customers, and the feedback we’ve received has been quite positive and enthusiastic. We shared some of that feedback in the blog post about the new router webinar.

Now available through your favorite reseller

Today we’re happy to announce that the MX50 and MX70 cloud-managed routers are available through our channel and for sale through your favorite reseller, starting April 1. We now have over 700 resellers, and this means you can purchase the MX routers through the same trusted partners that also carry our wireless access points. The MX50 Cloud Manager Router lists starting at $995.

New 1:1 NAT and DMZ

That’s not all. Our team continues to work hard on enhancing the MX and integrating even more useful tools. We’re now adding 1:1 network address translation (NAT) and demilitarized zone (DMZ) capabilities.

1:1 NAT is a form of NAT that assigns one public IP address to one private IP address. 1:1 NAT/DMZ is useful when exposing a group of internal servers to the outside world while still protecting the corporate network. For example, web servers need to be exposed to the outside world so that users can establish inbound connections, but this should not compromise the security of the internal corporate network. Using 1:1 NAT, the web server can be placed in a DMZ such that external users can access it (and only the web server), internal users can access it, but external users cannot access the internal network.

Configuration in dashboard is very easy. Simply enter the external and internal IP addresses as shown in the example below.

Figure 1: 1:1 NAT configuration in dashboard

The MX routers can also connect two sites over a secure site-to-site VPN connection. Suppose a user at one location is assigned an internal IP address. The routers automatically discover and configure the appropriate routing entries that establish the link between sites, traversing NAT and firewalls as necessary. Figure 2 shows an example configuration between several sites in northern and southern California.

Figure 2: Site-to-site VPN configuration in dashboard

Punching through

When deploying the MX routers for site-to-site VPN, you don’t need to worry about the link between each site. The MX automatically punches through to the other side to establish a secure and persistent link. The VPN connection is established using IPsec with 128-bit AES for encryption, a secure standard commonly used for VPN. This also means you can deploy the MX router behind an existing 3rd-party firewall or router. The whole process is zero-config. You don’t need to manually provision the MX or supply entries to a routing table – the MX works through the cloud to discover the correct routes and automatically establish the secure layer 3 site-to-site VPN.

We’re not stopping here, either. Keep an eye out for more router enhancements coming soon. If you want to get your hands on an MX router, you can sign up for a free trial online, or call us at 1-888-490-0918 (outside the US: +1 415 632 5800).

If you’re a reseller and are interested in learning more about how the MX can help your customers, we’re running a training webinar exclusively for resellers on Thursday, April 14, at 11:00 AM Pacific time.

Thanks!

Where In the World Are Your Clients? Now You Know!

When you get a call from a wireless user complaining about connectivity problems, what is one of the first questions you might ask?  “Where are you exactly?”  Knowing precisely where a user is located can be immensely helpful in diagnosing and troubleshooting issues.  What AP are they associated to?  Are they behind a pillar that could be blocking their wireless signal?  Are they in an area of a new building where the network is currently being expanded and might still have some coverage weak spots?  This knowledge can often provide an administrator with a good idea of where they should dig in to properly troubleshoot the issue.

Starting today, administrators of Meraki Enterprise networks won’t have to ask where a client is because they’ll know: introducing Meraki Location-Based Services.  On each client details page you’ll notice a new map where the current location of the client is clearly indicated on either a Google map or building floorplan (see below screen shot).

In addition to troubleshooting client issues, there are many other situations where being able to pin down a client device’s location can be very useful to administrators, such as tracking down a lost laptop or monitoring a nurse’s progress doing rounds in a hospital with the medicine cart.  Typically these capabilities might require additional appliances and third-party software costing $10,000’s, but with Meraki they are provided with all Enterprise networks at no additional cost and without the need to deploy additional gear.

When combined with other Dashboard features like “remote hands” tools and detailed reporting with Traffic Shaper’s application-level visibility, Location-Based Services provides administrators with powerful tools to understand exactly how their network is being used and to quickly troubleshoot client issues remotely.  Please let us know what you think of this new feature using the Make a Wish box!

You asked, we listened: introducing Network Cloning

Cloud-based networking is ideally suited to managing multiple sites under a single dashboard – networks like Remington College’s 20 campuses or Epic Management’s 20 clinics are perfect example.  Recently, customers suggested a great feature to us that would make multi-site management even easier: Network Cloning.  We’re excited to announce that this wish is now a reality, and all Meraki users can try it out today!

Network Cloning is simple; when you create a new network, you now have the option to copy your configuration from an existing network with a single click.  This can save lots of time recreating similar configurations when you have multiple sites with corporate standard network configurations, such as in retail chains or corporate offices with multiple satellite branches.

Network Cloning complements other features – cloud-based provisioning, automatic RF optimization, and seamless firmware updates, to name a few – that make deploying branches a breeze.  As always, please let us know what you think about this new feature using the Make a Wish box in Dashboard.  We welcome your feedback!

New 802.11n APs – Higher performance, slimmer design, lower price

We are very excited to announce two new enterprise 802.11n access points: the Meraki MR12 and MR16. These new APs offer across the board upgrades over their predecessors, the venerable MR11 and MR14: improved performance, sleeker design, and even a lower price!
MR12/MR16

Meraki MR16 ($649)
Dual Concurrent 802.11n for Enterprise/Campus

Meraki MR12 ($399)
Single Radio 802.11n for Small Branch/Teleworker

These are the slimmest enterprise 802.11n APs.  Measuring in at under 1? thin, they blend seamlessly into their environment.


We built these APs with the network administrator in mind, making them as fast and easy as possible to deploy.  The  industrial design makes for easy, 1-handed mounting.  Each box contains a complete accessory kit, with gear for wall, drop ceiling, and desktop mounting.  No pre-configuration is required – just plug the AP in, and it automatically assumes gateway or mesh mode, and downloads its configuration from the cloud.



Despite its slim profile and lower price, the MR12 and MR16 are actually more powerful than their predecessors, featuring both increased transmit power and receive sensitivity. Highlights include:

Layer 7 Traffic Shaping
Line rate deep packet inspection engine for application QoS

High Capacity Design
Memory capacity for 100+  simultaneous users

Built-in Policy Firewall
Guest, User and Group Acces Control

4th Generation Chipset
Top of the line 2×2 MIMO with spectrum analyzer and transmit power control

Client Enhancements
Beamforming, Voice/Video QoS, Band steering

Enterprise Mesh
Self configuring, Automatic healing


To top it all off, these are green little APs, with 100% recyclable packaging, 90% recyclable components, and a multi-tenant cloud hosted controller that is far more energy efficient than traditional hardware controllers.

We’re incredibly excited about these APs, and the response we’ve received from our beta testers has been very encouraging. We hope that you like them too!

All New Dashboard Radio Settings Page

Meraki’s AutoRF technology performs automatic cloud-based, system-wide network optimization to ensure peak network performance in any environment.  Each AP on a Meraki network continually monitors its environment for interference from other APs and feeds this information back to the Cloud Controller.  Last month we added Spectrum Analysis, mitigating interference from non-WiFi devices like microwave ovens and Bluetooth headsets.

AutoRF has always run quietly in the background.  But now, our new Radio Settings page gives you more visibility into what’s happening behind the scenes, and exposes new controls for advanced configuration.

The new Radio Power selector either allows the Cloud Controller to automatically dial back transmit power if it detects adjacent access points stepping on each others’ toes, or allows you to maintain full power for all APs.

The Channel Planning Report sheds light on how AutoRF is tuning your network, providing  visibility into the current channel and transmit power settings for each AP,  as well as the interference sources that were avoided.  If you click on the “Details” link next to each row in the table, you will find a detailed report for all of the APs in your network on a particular channel.

Regular users of the Cloud Controller will notice that some settings previously found under Network Wide Settings have moved to this page, where they fit naturally.

We hope that you find this Radio Settings page helps you better understand how the Cloud Controller is optimizing your network, and helps you to make more informed decisions about how to use the Cloud Controller’s RF controls.  Please let us know what you like, what you don’t, and what you’d like to see next!

Leave the bug spray to us

Cisco recently issued a security advisory about several serious vulnerabilities for its wireless LAN controllers, including DoS, privilege escalation, and ACL bypass vulnerabilities. These liabilities could allow attackers to modify your controller’s configuration or bypass your ACLs—so if it were my network, I’d certainly want a fix.

Cisco issued software updates, but they’re no quick-snap remedy. Here’s what I’d need to do before I could download the new release:

  1. Follow Cisco’s instructions on the command-line to determine which software version is running on my controller.
  2. Verify if my software version is an affected release. If it is, confirm which versions are “fixed” and note the “recommended release.”
  3. Download and install the patch.
Cisco Patch Compatibility

A few of the steps for determining patch compatibility from cisco.com

The real kicker is what I’m signing up for when I actually install the patches.  From Cisco’s advisory:

In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release…  Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

We don’t mean to pick on Cisco here, and we certainly aren’t implying that one vendor’s products are more secure than another’s.  With any complex system, bugs and security patches will happen.  But the customer experience of dealing with these patches for traditional, behind-the-firewall appliances like wireless controllers is a royal pain. At best, they result in headaches, downtime, and frustration.  At worst, administrators miss patches altogether, and their systems are vulnerable.  Fortunately, The Cloud points to a better way.

The Cloud Controller, like other cloud applications such as Gmail and Salesforce.com, is always up to date.  We push out new features, bug fixes, performance improvements, etc. several times a day.  This is completely invisible to the customer, save for new features appearing from time to time.  (How we do this, and maintain quality, is pretty interesting, but we’ll save that for another post.)

But what about the firmware running on our APs?  They aren’t in the cloud…  Are they resigned to the fate of traditional patch management?

Fortunately, an AP that can be managed from the cloud can also be upgraded from the cloud, seamlessly and automatically.  Our Cloud Controller knows with certainty that all of the Meraki access points deployed around the world are up to date, with the latest features, fixes, and yes, security patches.

Since we can install firmware seamlessly, over the web, we’ve been able to release new firmware every three months or so, continually delivering new features to our customers. We just did one, in fact – with firmware support for application-aware traffic shaping.

Here’s what our customers saw in their dashboard before the update:

Meraki Upgrade Notification

Firmware Upgrade Notification in the Meraki Dashboard

Customers can let the upgrade happen on its own, schedule it when they want it, or click “Upgrade Now” to get it right away. It’s worth noting that the upgrade process was engineered to be completely fault tolerant.  Say, for example, you lose power in the middle of a firmware update.  No problem, the AP will boot up with its previous firmware once power is restored.  This technology has let us do quarterly upgrades for four years straight and keep customers happy.

We’re excited about how this system has not only eliminated headaches for our customers, but has also enabled us to innovate much faster.  We hope to see this architecture spread to other types of infrastructure, so patch management nightmares some day become a thing of the past.

Red Alert!! Enhanced Dashboard Alerts Now Available

We are excited to announce that network administrators now have enhanced alerting capabilities in Dashboard to help them stay up to date with their wireless network.  Under Configure->Network-wide settings in the Network Alerts section you’ll see these expanded options:


Now you can select to receive prompt email alerts when an AP goes offline or switches from gateway to repeater mode, a new rogue AP is detected or configuration changes are made to your network settings in Dashboard.  You can also customize the time delay before you are notified as well as qualify the type of rogue APs for which you are alerted to so you’re not bombarded with low priority updates.  These alerts can be sent to multiple administrators via email.  The email alerts contain detailed information to help you determine the urgency of the situation, such as the AP that went offline or what configuration setting was changed.

In addition to the unprecedented visibility that is provided about your network through the Cloud via Dashboard’s reporting capabilities, these new alerts will now allow you to stay on top of your network even when not logged into Dashboard.  These alerts are one more tool in the administrator’s toolkit to make managing Meraki networks remotely even simpler and to enable you to be more responsive to your end users’ needs.  New alerts are now available to all Meraki customers.

Who is on your Network RIGHT NOW? Introducing Live Client Tools

One of the most challenging aspects of managing large distributed networks is troubleshooting issues when the client is across town (or maybe even across the country!).  Having on-site IT personnel 24/7 at even small satellite branch offices can require a very large IT staff and is too expensive for most organizations.  Meraki networks offer a variety of “remote hands” troubleshooting tools, helping network admins diagnose and resolve many wireless connectivity issues without dispatching IT staff to the site.  The ability to run diagnostic checks such as pinging an access point, running a throughput test from Dashboard, or reviewing detailed event logs have been integral to Meraki’s value for distributed networks and organizations with small IT staffs and large footprints.

We are now announcing a set of Live Client Tools that expose even more up-to-the-second information about who is on a wireless network, and further help troubleshoot connectivity issues.  Administrators who log into their Enterprise network in Dashboard will notice several new and improved areas.  On the Monitor > Overview page, there is now a new addition under the network name showing the number of clients that are associated at that moment:

If you click on the “More” link, you will see an expanded list with more information, including which SSIDs and channels the clients are using.  This data is automatically refreshed as long as the “More” link is expanded.

Even cooler, Enterprise customers can change the access points map to show where clients are associated: click the “Options” menu on the map and select “Current clients.”

But the really interesting stuff is on the Access Point and Client detail pages.  The Access Point detail page used to look like this:

Now, all of the live tools have been consolidated into a new, cleaner layout.  Both Pro and Enterprise networks will benefit from the new layout.  Enterprise networks now have two additional features in this area: Current Clients and Ping Client MAC.  Clicking on the play icon next to Current Clients will pop up a list of all clients associated to that AP at that instant, including useful information about each client such as MAC, SSID, channel, signal strength, and how long they have been associated.  Click on the name of a client to go to its client details page.  You’ll even see clients that have associated, but not authenticated (they’re listed in grey).  If you click the Ping link next to the client, you can actually ping that client in real time using ARP, as well as get additional information, such as RSSI changes over time and 802.1X identity (if appropriate).

The other new addition, Ping Client MAC, allows you to enter a MAC address and try to ping it.  This can be very useful if you are trying to determine if a particular device is on your network at that moment.

There is also a new Live Tools section on the client detail page.  From this page you can also ping that individual client, but there are a few additional new tools:

The Locate Client tool allows you to find out whether that client is associated on your network at that moment, and if so, where they’re associated and for how long:

Finally, the Packet Counter tool shows a real-time count of received and sent packets to that client.  You can actually see the packet counters roll as you ping the client!

We think these new tools further improve Meraki’s uniquely clear approach to distributed, multi-site network management, a normally challenging task.  Network administrators can more quickly resolve their wireless users’ connectivity issues and access accurate real-time data about the exact state of their network.