Archive for the ‘Product Blog’ Category

Get a Bird’s Eye View of All Your Networks with the All-Network Overview Page

Meraki’s cloud-based architecture makes it an ideal choice for distributed, multi-site systems of networks, with administrators able to manage up to 1,000 networks from a single web browser using Dashboard. We’ve recently added a feature that makes it even easier to visualize and manage geographically distributed networks. Users who have logged into Dashboard in the last day may have noticed a new link above the network name on the Monitor > Overview page:

The link is the name of the organization that contains the network. (The network selector at the top of the page groups your networks by organization. Many of our network administrators have just one organization, but it’s not uncommon to have more — one for Enterprise networks and one for Pro networks, for example.) Clicking on this link will take you to a new page, the All-Network Overview page:

This displays all of an organization’s networks on single map. These networks are listed at the top of the screen, along with color coded markers so that each network can be easily located on the map below. The usage graph displays cumulative usage across all listed networks. If you mouse over a particular network name, that network’s usage is highlighted on the usage graph, and its network markers are highlighted on the map below.

Jump to a network’s overview page by clicking its name, or jump to a particular access point in any of your networks by double-clicking its marker. If you’d like to see all your networks’ access points color-coded by status, that’s easy too: just uncheck “Color by network” on the map’s Options menu.

You can also get to the All-Network Overview page by choosing “All-network overview” from the network selector:

The All-Network Overview page is available today to all Meraki network administrators with two or more networks. This is a great tool to assist with managing large, multi-site deployments and we are very excited about this new addition to Dashboard.

SpeedBurst: Faster browsing for guest networks

Meraki administrators utilizing per-user bandwidth limitations now have a new tool at their disposal to ensure that their wireless users have the best possible experience while preventing any one user from hogging bandwidth.  Introducing SpeedBurst, a new feature that allows users to temporarily exceed their bandwidth limit at the beginning of a download while staying within assigned limits over time.  This makes downloads feel speedier and network performance snappier.

You can enable SpeedBurst by using the checkbox that can be found under Configure -> Access Control in the Bandwidth Limit section (see screenshot below).  The checkbox will be grayed out if bandwidth limits are not in use.

SpeedBurst is a great for guest access or event networks where end user experience is critical while at the same time equal network performance for all users is required.  We’ll be rolling out SpeedBurst to Enterprise and Pro Meraki networks starting today.

WWDC WiFi – It doesn’t have to be this way!

 

WiFi Fail, WWDC 2010

 

Image courtesy of ars technica

“The networks in here are always unpredictable, they are slow today…  you could help me out if you’re on Wifi if you could just stop.”

— Steve Jobs, WWDC 2010 Keynote

In a previous life, as an engineer at Apple, I demoed the new networking technology I’d built in front of a few thousand developers at Apple’s World Wide Developer Conference (WWDC). I was showing off our zero-configuration networking platform, called Bonjour, which involved throwing together a dozen devices on stage and having them instantly talk to each other. Back then, the rule was clear – never, ever rely on the wireless for a high-stakes live event!

Sadly it seems that little has changed. At last week’s WWDC, Steve Jobs’ new iPhone crapped out trying to load the New York Times over WiFi. I’m not sure which happened first – shutting of the WiFi for conference attendees in an attempt to get the demo back on track, or a head rolling somewhere at Apple HQ – but either way, the aftermath wasn’t pretty.

While this was perhaps the most visible conference WiFi fail, it is certainly not the first. Twitter’s Chirp, Facebook’s F8, Google/IO, and scores of other tech conferences, with large audiences of power-users crammed in one big hall, all had their issues. These environments are challenging, for sure, but the issues that bring down these networks are, by and large, preventable. (See, for example, the fine work by our friends at British Telecom at Le Web – 2,400 concurrent users in one hall pushing 300mb/s!) If you’re serving high-density, high-bandwidth environments, here are a couple of tips:

Bandwidth Limits
The pipe to the internet needs to be shared amongst a large group of people, so one of the most crucial aspects is setting an appropriate bandwidth limit per client. This keeps internet access consistent for all users, and prevents one hog from ruining the experience for all. A real-time management console (like ours!) makes it very easy to set a per-client bandwidth limit, and to monitor the number of clients on the network and the overall bandwidth usage, so you can adjust as needed. Of course, you’ll want to exempt VIPs (think Steve Jobs) from these limits. With our platform, this is easy – either whitelist their MAC address, or create a separate SSID (aka virtual network) that isn’t subject to a limit, with access control locked down to VIPs only.

Dual-Radio 802.11n with Band Steering
802.11n provides much faster speeds than its predecesor, 802.11g.  But not all 11n APs are created equal. Most 11n client, including laptops and iPads, can operate at either 2.4Ghz or 5Ghz (a clean, wide-open spectrum), whereas older clients and iPhones only operate at 2.4Ghz. Also crowding 2.4Ghz are bluetooth headsets, microwave ovens, and cordless phones. A dual-radio access point can operate at 2.4Ghz and 5Ghz simultaneously. To reduce interference, we’ll want to clear the 11n devices off of 2.4Ghz. An AP like our MR14 that features Band Steering will proactively steer 11n clients to the 5Ghz radio, reducing contention amongst the legacy devices on the 2.4Ghz radio. Finally, you’ll need an AP with an enterprise-grade chipset to support high user densities, like BT did at Le Web with 100+ users per AP.

Optimize Channel Selections
Think of the wireless spectrum as a multi-lane highway. You’d never cram 100 cars into one lane while leaving the others empty, yet this is exactly what happens if you have APs nearby one another on the same channel. It takes more than just putting APs on different channels  to fix this, though. Some channels actually overlap, while others may be occupied by other devices that are out of your control. With typical wireless systems, this can be addressed with site surveys and optimization by a wireless technician. Alternately, in our cloud-managed solution, each AP monitors the airwaves around it, uploading interference data to the cloud. Our servers then analyze this data, along with performance metrics and usage information, and compute the optimal channel configuration and push this down to the APs. This process repeats continually, so the network stays optimally configured even as RF conditions change.
Real-time visibility and support
Over the course of a major conference, conditions can and will change. Being able to monitor bandwidth consumption, identify overly high-density areas, and receive real-time alerts if anything goes awry is immensely helpful. We’d watch our dashboard over the web to monitor bandwidth usage, and ratchet down the per-client bandwidth limit if needed. We also like our dashboard’s display of APs by usage – if we see some being overtaxed, we’ll just plug in another to share the load. It’ll automatically connect to the cloud controller, download the correct configuration, and join the network. And if an unruly attendee unplugs an AP, we’ll get an automatic alert.

I hope some of these tips help you plan for big events. Have any tips and tricks that you’d like to share? Let us know!

-Posted by Kiren Sekar

Identity Policy Manager… coming soon to a network near you.

The Meraki Identity Policy Manager (IPM) is now being rolled out to Meraki Enterprise customer network with the latest firmware release.  Look for a Dashboard notification of an upcoming firmware upgrade to your network, and after that upgrade you will see a new page under the Configure tab called Group Policies:

IPM can be used to create identity-based policy controls.  What this means is that you can define groups of users and set different policies for each group.  VLAN tagging, bandwidth limitations and customized access control lists (ACLs) can be applied on a per-device, per-user or per-group basis over a single SSID.  IPM integrates with an existing Active Directory or RADIUS environment, allowing you to seamlessly enforce existing policies over the wireless network.

Here is an example of how you might use IPM to configure a group policy for contractors in your office to give them limited access to LAN resources:

This new capability is now included with the Meraki Enterprise Cloud Controller, no additional licenses required.  Another example of the how Meraki’s cloud-based architecture provides a constantly evolving feature-set and unmatched future-proofing of your network.

-Posted by Greg Williams

 

 

Meraki Now Supports Smart Client Roaming

To support the needs of some of our large service provider customers, Meraki now supports the Wi-Fi Alliance WISPr protocol.  What this means is that wireless users who subscribe to a multi-provider service like Boingo can roam across different service provider networks like AT&T, T-Mobile, and Telmex and authenticate seamlessly via RADIUS without the need to interact with a captive portal.  This is similar to how cellphone users are allowed to roam across different networks, and is also known as Smart Client roaming.  For example, one of our larger service provider customers can now allow users to roam across networks covering hundreds of Starbucks cafes and restaurants like Burger King.  This allows service providers to offer convenient, hassle-free wireless access wherever their customers need it with minimum hassle as an added value service to their subscribers.  This is a great example of how Meraki networks can be used by service providers to expand their businesses and improve service levels to their own customers.

– Posted by Greg Williams

We're not sure why you'd want to hide such a beautiful wireless network, but….

Sometimes there are good reasons to not want to broadcast an SSID.  Often it is to prevent wireless users from associating to an SSID that they are not supposed to associate to, or if neighbors in adjacent buildings are averse to having RF “clutter” coming onto their property.

Starting today, all Meraki Enterprise network administrators will find a new feature on the Access Control page – Configure tab under Wireless Options in Dashboard: the ability to hide SSIDs.  With this feature turned on for an SSID, anyone searching for nearby wireless networks with their wireless card in their laptop or iPhone would not see this SSID, and would only be able to connect if they knew the name of the SSID.

See the below screen shot for what the new drop-down tool looks like in Dashboard:

blog shot

Note: Meraki does not recommend hiding SSIDs as the sole means of securing a wireless network against unauthorized access.  WPA/WPA2 authentication and encryption should still be used to secure your network.

Happy hiding!

-Posted by Greg Williams

We’re not sure why you’d want to hide such a beautiful wireless network, but….

Sometimes there are good reasons to not want to broadcast an SSID.  Often it is to prevent wireless users from associating to an SSID that they are not supposed to associate to, or if neighbors in adjacent buildings are averse to having RF “clutter” coming onto their property.

Starting today, all Meraki Enterprise network administrators will find a new feature on the Access Control page – Configure tab under Wireless Options in Dashboard: the ability to hide SSIDs.  With this feature turned on for an SSID, anyone searching for nearby wireless networks with their wireless card in their laptop or iPhone would not see this SSID, and would only be able to connect if they knew the name of the SSID.

See the below screen shot for what the new drop-down tool looks like in Dashboard:

blog shot

Note: Meraki does not recommend hiding SSIDs as the sole means of securing a wireless network against unauthorized access.  WPA/WPA2 authentication and encryption should still be used to secure your network.

Happy hiding!

-Posted by Greg Williams

Using the Events Log for Quick Troubleshooting of Client Issues

If a client is having trouble associating to your Meraki Enterprise wireless network, one of the best troubleshooting tools at your disposal is the event log. You can find the log under Monitor -> Event log and see a detailed log of exactly what has been going on with your network.

The log captures various types of traffic on your network that can be very useful for troubleshooting:

802.1X – Authentication communication between the client and RADIUS server.

IP (Data) – Initial requests and responses between computers and servers, including HTTP.

802.11 – Association and disassociation of clients from the network.

DHCP – Lease information from the DHCP server about the client IP address, default gateway, and DNS server.

WPA – Password authentication of the client.

ARP – Requests by clients to find the MAC address associated to an IP address.

3-15-2010 11-01-01 AM_EventLog2

If a client is having trouble associating to the network, the event log can help you determine the most likely culprit. For example, you can easily tell if it’s related to a bad password or a failure to obtain an IP address and take the appropriate steps to get the user up and running again.

If you’d like to see more information captured in the event log, let us know by entering your feedback in the “Make a Wish” field on the Dashboard.

-Posted by Ahmed Akhtar

Tips for Multi-Site Network Management

Do you have a multi-site wireless deployment that is giving you fits?  Does making a small change to your wireless configuration require manual intervention and painful coordination among sites?  Managing wireless implementations in different locations is a snap with Meraki.  Not only can you manage your networks from one centralized Dashboard, but in many cases, you will only need to create a one-time  Meraki network configuration that will scale to all of your sites.  Simply create your preferred wireless network configuration prior to deployment, and then add access points to each network as necessary.  Once these access points are plugged in, they will automatically “call home” to Meraki’s Cloud Controllers and configure themselves according to your Meraki Network’s configuration.  This greatly simplifies the regional deployment of your wireless networks.

After creating each of your regional networks, you can assign specific network administrators to each network for localized administration.  You may also assign read-only administrators if required to monitor user access and overall network performance.  With the combination of centralized configuration, ease of deployment, and shared network administration, your Meraki wireless networks are super scalable and perfect for multi-site deployments.

-Posted by Dan Pittelkow

New access control features: $0. More flexible policy enforcement: $0. Not having to read a thick configuration manual: Priceless.

Here at Meraki, we like to take the traditional network experience (read: complex and expensive) and turn it on its head by making it easier to use and manage while keeping it affordable.  Recently, our engineers have been working on identity-based policy enforcement, a feature set that is typically found in only the most complex and expensive wireless LAN solutions. Meraki’s new Identity Policy Manager (IPM) offers identity-based policy controls, such as per-user VLAN tagging and per-user access control lists, coupled with the easy-to-use graphical interface that our customers have come to know and love.  We see a lot of higher education organizations use this feature set to create different access policies for the various students, faculty, and guests that are accessing the wireless network.  We also have seen larger businesses use these features to enforce granular access control over multiple sites.
With Meraki, these schools and businesses can implement these same access policies without having to pay dearly for them.  And, if you’re used to having to read bulky administrator manuals to configure features like these, we’re sorry to report that you may have to find some new bedtime reading material: A Meraki wireless network is so easy to configure that you won’t have to read a single configuration guide.  (Feel free to contact us for some good book recommendations.)
Please see our press release about our new IPM product <link>here</link>.  As you’ll see, MIT’s Computer Science and Artificial Intelligence Laboratory is currently using IPM successfully today.  Others can look for it in a few weeks when it becomes generally available, at no additional cost to Enterprise customers.

Here at Meraki, we like to take the traditional network experience (read: complex and expensive) and turn it on its head by making it easier to use and manage while keeping it affordable.  Recently, our engineers have been working on identity-based policy enforcement, a feature set that is typically found in only the most complex and expensive wireless LAN solutions.  Meraki’s new Identity Policy Manager (IPM) offers identity-based policy controls, such as per-user VLAN tagging and per-user access control lists, coupled with the easy-to-use graphical interface that our customers have come to know and love.  We see a lot of higher education organizations use this feature set to create different access policies for the various students, faculty, and guests that access the wireless network.  We also have seen larger businesses use these features to enforce granular access control over multiple sites.

With Meraki, these schools and businesses can implement these same access policies without having to pay dearly for them.  And, if you’re used to having to read bulky administrator manuals to configure features like these, we’re sorry to report that you may have to find some new bedtime reading material: A Meraki wireless network is so easy to configure that you won’t have to read a single configuration guide.  (Feel free to contact us for some good book recommendations.)

Please see our press release about our new IPM product. As you’ll see, MIT’s Computer Science and Artificial Intelligence Laboratory is currently using IPM successfully today.  Others can look for it in a few weeks when it becomes generally available, at no additional cost to Enterprise customers.

– Posted by Jed Lau