Archive for the ‘The Official Meraki Blog’ Category

2010 Meraki Enterprise Customer Summit

Last week we held the 2010 Meraki Enterprise Customer Summit, or ECS.  ECS is an opportunity for us to show our appreciation to our Enterprise customers in person by hosting them for a two-day event in San Francisco.  At the same time, it allows us to gather valuable feedback firsthand about our product roadmap as well as support and marketing activities.  In addition, it allows prospective customers to mingle with current customers and learn about their experience deploying Meraki networks and their IT challenges that led them to seek out a better solution.

This year’s Summit brought together customers and prospective customers from all over the country from a wide range of industries including manufacturing, professional services (law and architecture), healthcare, higher ed, K-12 and libraries.

Sunday’s activities included a wine tour in gorgeous Sonoma Valley, where we tasted wines and olive oils at some of the most scenic vineyards in California wine country.

Monday brought a full day of discussions at Meraki HQ, including presentations by the customers themselves about their own organizations’ IT challenges, followed by discussions led by members of Meraki’s product management, marketing, engineering and support teams.  The day was capped off by a fantastic dinner at a nearby Vietnamese restaurant in San Francisco.  A good time was had by all, professional networks were expanded and great ideas were discussed.

We’d like to thank all of our customers that took time out of their busy schedules to join us for this event.  All of our other customers will certainly benefit as well as the great feedback that we received is incorporated into our products to further improve the Meraki experience.

-Posted by Greg Williams

WWDC WiFi – It doesn’t have to be this way!

 

WiFi Fail, WWDC 2010

 

Image courtesy of ars technica

“The networks in here are always unpredictable, they are slow today…  you could help me out if you’re on Wifi if you could just stop.”

— Steve Jobs, WWDC 2010 Keynote

In a previous life, as an engineer at Apple, I demoed the new networking technology I’d built in front of a few thousand developers at Apple’s World Wide Developer Conference (WWDC). I was showing off our zero-configuration networking platform, called Bonjour, which involved throwing together a dozen devices on stage and having them instantly talk to each other. Back then, the rule was clear – never, ever rely on the wireless for a high-stakes live event!

Sadly it seems that little has changed. At last week’s WWDC, Steve Jobs’ new iPhone crapped out trying to load the New York Times over WiFi. I’m not sure which happened first – shutting of the WiFi for conference attendees in an attempt to get the demo back on track, or a head rolling somewhere at Apple HQ – but either way, the aftermath wasn’t pretty.

While this was perhaps the most visible conference WiFi fail, it is certainly not the first. Twitter’s Chirp, Facebook’s F8, Google/IO, and scores of other tech conferences, with large audiences of power-users crammed in one big hall, all had their issues. These environments are challenging, for sure, but the issues that bring down these networks are, by and large, preventable. (See, for example, the fine work by our friends at British Telecom at Le Web – 2,400 concurrent users in one hall pushing 300mb/s!) If you’re serving high-density, high-bandwidth environments, here are a couple of tips:

Bandwidth Limits
The pipe to the internet needs to be shared amongst a large group of people, so one of the most crucial aspects is setting an appropriate bandwidth limit per client. This keeps internet access consistent for all users, and prevents one hog from ruining the experience for all. A real-time management console (like ours!) makes it very easy to set a per-client bandwidth limit, and to monitor the number of clients on the network and the overall bandwidth usage, so you can adjust as needed. Of course, you’ll want to exempt VIPs (think Steve Jobs) from these limits. With our platform, this is easy – either whitelist their MAC address, or create a separate SSID (aka virtual network) that isn’t subject to a limit, with access control locked down to VIPs only.

Dual-Radio 802.11n with Band Steering
802.11n provides much faster speeds than its predecesor, 802.11g.  But not all 11n APs are created equal. Most 11n client, including laptops and iPads, can operate at either 2.4Ghz or 5Ghz (a clean, wide-open spectrum), whereas older clients and iPhones only operate at 2.4Ghz. Also crowding 2.4Ghz are bluetooth headsets, microwave ovens, and cordless phones. A dual-radio access point can operate at 2.4Ghz and 5Ghz simultaneously. To reduce interference, we’ll want to clear the 11n devices off of 2.4Ghz. An AP like our MR14 that features Band Steering will proactively steer 11n clients to the 5Ghz radio, reducing contention amongst the legacy devices on the 2.4Ghz radio. Finally, you’ll need an AP with an enterprise-grade chipset to support high user densities, like BT did at Le Web with 100+ users per AP.

Optimize Channel Selections
Think of the wireless spectrum as a multi-lane highway. You’d never cram 100 cars into one lane while leaving the others empty, yet this is exactly what happens if you have APs nearby one another on the same channel. It takes more than just putting APs on different channels  to fix this, though. Some channels actually overlap, while others may be occupied by other devices that are out of your control. With typical wireless systems, this can be addressed with site surveys and optimization by a wireless technician. Alternately, in our cloud-managed solution, each AP monitors the airwaves around it, uploading interference data to the cloud. Our servers then analyze this data, along with performance metrics and usage information, and compute the optimal channel configuration and push this down to the APs. This process repeats continually, so the network stays optimally configured even as RF conditions change.
Real-time visibility and support
Over the course of a major conference, conditions can and will change. Being able to monitor bandwidth consumption, identify overly high-density areas, and receive real-time alerts if anything goes awry is immensely helpful. We’d watch our dashboard over the web to monitor bandwidth usage, and ratchet down the per-client bandwidth limit if needed. We also like our dashboard’s display of APs by usage – if we see some being overtaxed, we’ll just plug in another to share the load. It’ll automatically connect to the cloud controller, download the correct configuration, and join the network. And if an unruly attendee unplugs an AP, we’ll get an automatic alert.

I hope some of these tips help you plan for big events. Have any tips and tricks that you’d like to share? Let us know!

-Posted by Kiren Sekar

Identity Policy Manager… coming soon to a network near you.

The Meraki Identity Policy Manager (IPM) is now being rolled out to Meraki Enterprise customer network with the latest firmware release.  Look for a Dashboard notification of an upcoming firmware upgrade to your network, and after that upgrade you will see a new page under the Configure tab called Group Policies:

IPM can be used to create identity-based policy controls.  What this means is that you can define groups of users and set different policies for each group.  VLAN tagging, bandwidth limitations and customized access control lists (ACLs) can be applied on a per-device, per-user or per-group basis over a single SSID.  IPM integrates with an existing Active Directory or RADIUS environment, allowing you to seamlessly enforce existing policies over the wireless network.

Here is an example of how you might use IPM to configure a group policy for contractors in your office to give them limited access to LAN resources:

This new capability is now included with the Meraki Enterprise Cloud Controller, no additional licenses required.  Another example of the how Meraki’s cloud-based architecture provides a constantly evolving feature-set and unmatched future-proofing of your network.

-Posted by Greg Williams

 

 

Meraki Now Supports Smart Client Roaming

To support the needs of some of our large service provider customers, Meraki now supports the Wi-Fi Alliance WISPr protocol.  What this means is that wireless users who subscribe to a multi-provider service like Boingo can roam across different service provider networks like AT&T, T-Mobile, and Telmex and authenticate seamlessly via RADIUS without the need to interact with a captive portal.  This is similar to how cellphone users are allowed to roam across different networks, and is also known as Smart Client roaming.  For example, one of our larger service provider customers can now allow users to roam across networks covering hundreds of Starbucks cafes and restaurants like Burger King.  This allows service providers to offer convenient, hassle-free wireless access wherever their customers need it with minimum hassle as an added value service to their subscribers.  This is a great example of how Meraki networks can be used by service providers to expand their businesses and improve service levels to their own customers.

– Posted by Greg Williams

We're not sure why you'd want to hide such a beautiful wireless network, but….

Sometimes there are good reasons to not want to broadcast an SSID.  Often it is to prevent wireless users from associating to an SSID that they are not supposed to associate to, or if neighbors in adjacent buildings are averse to having RF “clutter” coming onto their property.

Starting today, all Meraki Enterprise network administrators will find a new feature on the Access Control page – Configure tab under Wireless Options in Dashboard: the ability to hide SSIDs.  With this feature turned on for an SSID, anyone searching for nearby wireless networks with their wireless card in their laptop or iPhone would not see this SSID, and would only be able to connect if they knew the name of the SSID.

See the below screen shot for what the new drop-down tool looks like in Dashboard:

blog shot

Note: Meraki does not recommend hiding SSIDs as the sole means of securing a wireless network against unauthorized access.  WPA/WPA2 authentication and encryption should still be used to secure your network.

Happy hiding!

-Posted by Greg Williams

We’re not sure why you’d want to hide such a beautiful wireless network, but….

Sometimes there are good reasons to not want to broadcast an SSID.  Often it is to prevent wireless users from associating to an SSID that they are not supposed to associate to, or if neighbors in adjacent buildings are averse to having RF “clutter” coming onto their property.

Starting today, all Meraki Enterprise network administrators will find a new feature on the Access Control page – Configure tab under Wireless Options in Dashboard: the ability to hide SSIDs.  With this feature turned on for an SSID, anyone searching for nearby wireless networks with their wireless card in their laptop or iPhone would not see this SSID, and would only be able to connect if they knew the name of the SSID.

See the below screen shot for what the new drop-down tool looks like in Dashboard:

blog shot

Note: Meraki does not recommend hiding SSIDs as the sole means of securing a wireless network against unauthorized access.  WPA/WPA2 authentication and encryption should still be used to secure your network.

Happy hiding!

-Posted by Greg Williams

Our new digs in the Mission

After a week of moving in and getting settled, we are finally starting to feel at home in our new office at 660 Alabama in San Francisco’s Mission neighborhood. With floor-to-ceiling windows and an airy wide-open space, it’s a perfect set up for us. We’ve shared a few photos so you can get an inside look.

Enjoy, and happy Friday, everyone!

DSC01532

DSC01529

DSC01528

DSC01525

– Posted by Marie Williams

Miles the Piñata Goes Out With a Bang

In celebration of our upcoming office move, Meraki engineers Dan and Brian and sales development rep Mary created a piñata in the form of our beloved mascot, Miles. Last Friday, we threw a fiesta to say goodbye to 99 Rhode Island and give Miles a good beating.
For those of you concerned that we demolished our own mascot, it’s supposed to be good luck. In Mexico, piñatas are believed to have originated among the Aztecs, Mayans, and other native peoples of Mexico, who made clay pots in the shape of their gods. The pots were meant to be broken forcefully with poles and sticks, so the contents spilled to signify abundance or favors from the gods.
In fact, Miles the piñata was so well-constructed – true to Meraki standard of course – that he broke bats, warped a metal rod and gave our user experience and design guru, JT, a nasty arm injury after he elbow dropped Miles (check it out at the end of the video).
Hope you enjoy the video, and stay tuned next week for photos of our new office!

DSC01509

In celebration of our upcoming office move, Meraki engineers Dan and Brian and one of our sales development reps, Mary, created a piñata in the form of our beloved mascot, Miles. Last Friday, we threw a fiesta to say goodbye to 99 Rhode Island and give Miles a good beating.

For those of you concerned that we demolished our own mascot, it’s supposed to be good luck. In Mexico, piñatas are believed to have originated among the Aztecs, Mayans, and other native peoples of Mexico, who made clay pots in the shape of their gods. The pots were meant to be broken forcefully with poles and sticks, so the contents spilled to signify abundance or favors from the gods.

In fact, Miles the piñata was so well-constructed – true to Meraki standard of course – that he broke bats, warped a metal rod and gave our user experience and design guru, JT, a nasty arm injury after he elbow dropped Miles (check it out at the end of the video).

Hope you enjoy the video, and stay tuned next week for photos of our new office!

Free Tools for IT Pros

Software that makes your life easier is pretty sweet. It’s even better if it’s free.

We were pleasantly surprised to find our WiFi Stumbler mentioned over the weekend on ILoveFreeSoftware.com – a nifty site that catalogs some of the best free software and web tools in a quick-to-read format.

The site got us thinking about the free software we use. Solar Winds offers a great FTP client. PuTTy is the perfect SSH client and IfranView is handy for fast image editing on PCs.

ILoveFreeSoftware has featured other free tools that we think look really useful too:

Fiddler’s network traffic logger
Draw Anywhere’s online diagramming tool (a Visio replacement)
Jasper Reports, which allows you to easily visualize the trends in your data

Let us know if you find these tools useful.

– Posted by Joey Baker

Using the Events Log for Quick Troubleshooting of Client Issues

If a client is having trouble associating to your Meraki Enterprise wireless network, one of the best troubleshooting tools at your disposal is the event log. You can find the log under Monitor -> Event log and see a detailed log of exactly what has been going on with your network.

The log captures various types of traffic on your network that can be very useful for troubleshooting:

802.1X – Authentication communication between the client and RADIUS server.

IP (Data) – Initial requests and responses between computers and servers, including HTTP.

802.11 – Association and disassociation of clients from the network.

DHCP – Lease information from the DHCP server about the client IP address, default gateway, and DNS server.

WPA – Password authentication of the client.

ARP – Requests by clients to find the MAC address associated to an IP address.

3-15-2010 11-01-01 AM_EventLog2

If a client is having trouble associating to the network, the event log can help you determine the most likely culprit. For example, you can easily tell if it’s related to a bad password or a failure to obtain an IP address and take the appropriate steps to get the user up and running again.

If you’d like to see more information captured in the event log, let us know by entering your feedback in the “Make a Wish” field on the Dashboard.

-Posted by Ahmed Akhtar