Happy Halloween! Here at Cisco Meraki we recognize that network security is a crucial part of any IT deployment. As mobile device adoption continues to skyrocket, security is becoming increasingly cumbersome to manage and oversee – particularly in large or highly distributed networks. In response to this, Network Access Control (NAC) solutions have evolved to support dynamic policy enforcement, going beyond the static one-and-done configuration approach of networks past. This enables more streamlined policy control over all users and devices while reducing complexity and opportunities for human error.
We are excited to announce that RADIUS Change of Authorization (CoA), a key feature for enabling deeper integration with NAC solutions, is now available in public beta. Once CoA is enabled, Meraki switches will act as a RADIUS Dynamic Authorization Server and will respond to RADIUS Change-of-Authorization and Disconnect messages sent by a RADIUS server. CoA can be configured easily using the Access Policies page in dashboard:
There are a variety of NAC solutions available in the market, including Cisco’s own Identity Services Engine (ISE), Bradford Network Sentry, and Forescout CounterACT® just to name a few. With the addition of CoA and RADIUS accounting, NAC solutions can now further integrate with Meraki switches for comprehensive policy enforcement and network access control.
This feature is included in our new switch firmware, which will be available to all Meraki switch customers soon. You can learn more about how the feature is configured here,or if you would like to make use of this new capability right away you can contact our Support team via the Get Help page in Dashboard and we’ll be happy to get an upgrade scheduled for you.
Brian Clayton, CIO at Taft, Stettinius & Hollister LLP, joined us on December 5th to share his experiences deploying Meraki at one of the nation’s largest law firms. Taft spans 7 distributed locations in Ohio, Arizona, Indiana, and Kentucky, as well as a US-based Japanese practice.
When employees began bringing in their personal mobile devices, there was an immediate demand for network access anytime, anywhere. The demand for BYOD materialized seemingly overnight. Brian and his team responded, but ended up with a hard-to-manage network consisting of consumer grade access points as well as controller-based APs that they quickly outgrew.
After hearing about Meraki, Brian trialed it in one of the offices, finding he could not only secure the entire network in a few mouse clicks, he could also centrally manage all of the offices from his dashboard. In a matter of weeks he deployed Meraki throughout all of the offices and gained visibility into the users, devices, and applications on the network.
Check out the video and slides from the webinar – see how Brian transformed Taft into a mobile work environment and revolutionized the way attorneys and legal professionals collaborate, access information, and provide exceptional service to their clients.
You can also read Clayton’s article in the January 2012 edition of ILTA to see how Meraki can support mobile devices at your company.
Many of you have expressed interest in our new Location Services, which allow enterprise customers to determine the location of WiFi clients without additional hardware. We’re therefore holding a quick, informal webinar on Friday, during which we’ll talk a bit about how this feature works under the covers, do a live demo, and hold Q&A. The webinar runs just 15 minutes, so it’s a great quick way to learn about this new feature. You can register (for free, of course) here.
When you get a call from a wireless user complaining about connectivity problems, what is one of the first questions you might ask? “Where are you exactly?” Knowing precisely where a user is located can be immensely helpful in diagnosing and troubleshooting issues. What AP are they associated to? Are they behind a pillar that could be blocking their wireless signal? Are they in an area of a new building where the network is currently being expanded and might still have some coverage weak spots? This knowledge can often provide an administrator with a good idea of where they should dig in to properly troubleshoot the issue.
Starting today, administrators of Meraki Enterprise networks won’t have to ask where a client is because they’ll know: introducing Meraki Location-Based Services. On each client details page you’ll notice a new map where the current location of the client is clearly indicated on either a Google map or building floorplan (see below screen shot).
In addition to troubleshooting client issues, there are many other situations where being able to pin down a client device’s location can be very useful to administrators, such as tracking down a lost laptop or monitoring a nurse’s progress doing rounds in a hospital with the medicine cart. Typically these capabilities might require additional appliances and third-party software costing $10,000’s, but with Meraki they are provided with all Enterprise networks at no additional cost and without the need to deploy additional gear.
When combined with other Dashboard features like “remote hands” tools and detailed reporting with Traffic Shaper’s application-level visibility, Location-Based Services provides administrators with powerful tools to understand exactly how their network is being used and to quickly troubleshoot client issues remotely. Please let us know what you think of this new feature using the Make a Wish box!
Cloud-based networking is ideally suited to managing multiple sites under a single dashboard – networks like Remington College’s 20 campuses or Epic Management’s 20 clinics are perfect example. Recently, customers suggested a great feature to us that would make multi-site management even easier: Network Cloning. We’re excited to announce that this wish is now a reality, and all Meraki users can try it out today!
Network Cloning is simple; when you create a new network, you now have the option to copy your configuration from an existing network with a single click. This can save lots of time recreating similar configurations when you have multiple sites with corporate standard network configurations, such as in retail chains or corporate offices with multiple satellite branches.
Network Cloning complements other features – cloud-based provisioning, automatic RF optimization, and seamless firmware updates, to name a few – that make deploying branches a breeze. As always, please let us know what you think about this new feature using the Make a Wish box in Dashboard. We welcome your feedback!
We are very excited to announce two new enterprise 802.11n access points: the Meraki MR12 and MR16. These new APs offer across the board upgrades over their predecessors, the venerable MR11 and MR14: improved performance, sleeker design, and even a lower price!
Meraki MR16 ($649)
Dual Concurrent 802.11n for Enterprise/Campus
Single Radio 802.11n for Small Branch/Teleworker
These are the slimmest enterprise 802.11n APs. Measuring in at under 1″ thin, they blend seamlessly into their environment.
We built these APs with the network administrator in mind, making them as fast and easy as possible to deploy. The industrial design makes for easy, 1-handed mounting. Each box contains a complete accessory kit, with gear for wall, drop ceiling, and desktop mounting. No pre-configuration is required – just plug the AP in, and it automatically assumes gateway or mesh mode, and downloads its configuration from the cloud.
Despite its slim profile and lower price, the MR12 and MR16 are actually more powerful than their predecessors, featuring both increased transmit power and receive sensitivity. Highlights include:
Layer 7 Traffic Shaping
Line rate deep packet inspection engine for application QoS
High Capacity Design Memory capacity for 100+ simultaneous users
Built-in Policy Firewall Guest, User and Group Acces Control
4th Generation Chipset Top of the line 2×2 MIMO with spectrum analyzer and transmit power control
Client Enhancements Beamforming, Voice/Video QoS, Band steering
To top it all off, these are green little APs, with 100% recyclable packaging, 90% recyclable components, and a multi-tenant cloud hosted controller that is far more energy efficient than traditional hardware controllers.
We’re incredibly excited about these APs, and the response we’ve received from our beta testers has been very encouraging. We hope that you like them too!
One of the most challenging aspects of managing large distributed networks is troubleshooting issues when the client is across town (or maybe even across the country!). Having on-site IT personnel 24/7 at even small satellite branch offices can require a very large IT staff and is too expensive for most organizations. Meraki networks offer a variety of “remote hands” troubleshooting tools, helping network admins diagnose and resolve many wireless connectivity issues without dispatching IT staff to the site. The ability to run diagnostic checks such as pinging an access point, running a throughput test from Dashboard, or reviewing detailed event logs have been integral to Meraki’s value for distributed networks and organizations with small IT staffs and large footprints.
We are now announcing a set of Live Client Tools that expose even more up-to-the-second information about who is on a wireless network, and further help troubleshoot connectivity issues. Administrators who log into their Enterprise network in Dashboard will notice several new and improved areas. On the Monitor > Overview page, there is now a new addition under the network name showing the number of clients that are associated at that moment:
If you click on the “More” link, you will see an expanded list with more information, including which SSIDs and channels the clients are using. This data is automatically refreshed as long as the “More” link is expanded.
Even cooler, Enterprise customers can change the access points map to show where clients are associated: click the “Options” menu on the map and select “Current clients.”
But the really interesting stuff is on the Access Point and Client detail pages. The Access Point detail page used to look like this:
Now, all of the live tools have been consolidated into a new, cleaner layout. Both Pro and Enterprise networks will benefit from the new layout. Enterprise networks now have two additional features in this area: Current Clients and Ping Client MAC. Clicking on the play icon next to Current Clients will pop up a list of all clients associated to that AP at that instant, including useful information about each client such as MAC, SSID, channel, signal strength, and how long they have been associated. Click on the name of a client to go to its client details page. You’ll even see clients that have associated, but not authenticated (they’re listed in grey). If you click the Ping link next to the client, you can actually ping that client in real time using ARP, as well as get additional information, such as RSSI changes over time and 802.1X identity (if appropriate).
The other new addition, Ping Client MAC, allows you to enter a MAC address and try to ping it. This can be very useful if you are trying to determine if a particular device is on your network at that moment.
There is also a new Live Tools section on the client detail page. From this page you can also ping that individual client, but there are a few additional new tools:
The Locate Client tool allows you to find out whether that client is associated on your network at that moment, and if so, where they’re associated and for how long:
Finally, the Packet Counter tool shows a real-time count of received and sent packets to that client. You can actually see the packet counters roll as you ping the client!
We think these new tools further improve Meraki’s uniquely clear approach to distributed, multi-site network management, a normally challenging task. Network administrators can more quickly resolve their wireless users’ connectivity issues and access accurate real-time data about the exact state of their network.
Meraki’s cloud-based architecture makes it an ideal choice for distributed, multi-site systems of networks, with administrators able to manage up to 1,000 networks from a single web browser using Dashboard. We’ve recently added a feature that makes it even easier to visualize and manage geographically distributed networks. Users who have logged into Dashboard in the last day may have noticed a new link above the network name on the Monitor > Overview page:
The link is the name of the organization that contains the network. (The network selector at the top of the page groups your networks by organization. Many of our network administrators have just one organization, but it’s not uncommon to have more — one for Enterprise networks and one for Pro networks, for example.) Clicking on this link will take you to a new page, the All-Network Overview page:
This displays all of an organization’s networks on single map. These networks are listed at the top of the screen, along with color coded markers so that each network can be easily located on the map below. The usage graph displays cumulative usage across all listed networks. If you mouse over a particular network name, that network’s usage is highlighted on the usage graph, and its network markers are highlighted on the map below.
Jump to a network’s overview page by clicking its name, or jump to a particular access point in any of your networks by double-clicking its marker. If you’d like to see all your networks’ access points color-coded by status, that’s easy too: just uncheck “Color by network” on the map’s Options menu.
You can also get to the All-Network Overview page by choosing “All-network overview” from the network selector:
The All-Network Overview page is available today to all Meraki network administrators with two or more networks. This is a great tool to assist with managing large, multi-site deployments and we are very excited about this new addition to Dashboard.
Meraki administrators utilizing per-user bandwidth limitations now have a new tool at their disposal to ensure that their wireless users have the best possible experience while preventing any one user from hogging bandwidth. Introducing SpeedBurst, a new feature that allows users to temporarily exceed their bandwidth limit at the beginning of a download while staying within assigned limits over time. This makes downloads feel speedier and network performance snappier.
You can enable SpeedBurst by using the checkbox that can be found under Configure -> Access Control in the Bandwidth Limit section (see screenshot below). The checkbox will be grayed out if bandwidth limits are not in use.
SpeedBurst is a great for guest access or event networks where end user experience is critical while at the same time equal network performance for all users is required. We’ll be rolling out SpeedBurst to Enterprise and Pro Meraki networks starting today.
Last week we held the 2010 Meraki Enterprise Customer Summit, or ECS. ECS is an opportunity for us to show our appreciation to our Enterprise customers in person by hosting them for a two-day event in San Francisco. At the same time, it allows us to gather valuable feedback firsthand about our product roadmap as well as support and marketing activities. In addition, it allows prospective customers to mingle with current customers and learn about their experience deploying Meraki networks and their IT challenges that led them to seek out a better solution.
This year’s Summit brought together customers and prospective customers from all over the country from a wide range of industries including manufacturing, professional services (law and architecture), health care, higher ed, K-12 and libraries.
Sunday’s activities included a wine tour in gorgeous Sonoma Valley, where we tasted wines and olive oils at some of the most scenic vineyards in California wine country.
Monday brought a full day of discussions at Meraki HQ, including presentations by the customers themselves about their own organizations’ IT challenges, followed by discussions led by members of Meraki’s product management, marketing, engineering and support teams. The day was capped off by a fantastic dinner at a nearby Vietnamese restaurant in San Francisco. A good time was had by all, professional networks were expanded and great ideas were discussed.
We’d like to thank all of our customers that took time out of their busy schedules to join us for this event. All of our other customers will certainly benefit as well as the great feedback that we received is incorporated into our products to further improve the Meraki experience.