Joe is a small business owner. He begins and ends his day with multitasking. Checking emails, inventory, employee logins, customer service, and more is his routine. But every day is different. At times, supplies don’t arrive on time, fraudulent activities and physical break-ins happen, and customers are disappointed when transactions don’t go through. There are days when Joe needs to be away for work. Unplanned leave and staff shortage is another source of worry. And all this is just on the surface.
To stay ahead of his competitors, Joe uses different gear and apps to perform routine tasks and address these concerns. While these tools are helpful, it also results in divided attention that saps Joe’s passion for his business. Thus, using the right set of tools becomes critical. For a small business, that means supporting anything and everything from tablets to kiosks and other smart devices.
Just enough, and not too much
As many small business owners know, the way Joe’s business and other small businesses run has changed over the years. Maybe you like to keep an eye on your business with WiFi-enabled security cameras. Almost certainly, your customers are constantly using multiple WiFi-connected devices.
Remember that one time when your first-time customer walked in, right as your point-of-sale lost its WiFi connection? The result was not just limited to a single lost sale. It took you a while to figure out what went wrong. You contacted the help center, went through a few troubleshooting cycles, and manually downloaded the required software. Over time, problems like these compound, leading to lost productivity.
Do you recall the day when your important client visited your small office? You were all set for a breakthrough presentation. But your showstopper video started buffering. Yikes!
Sometimes compromised WiFi hardware tricks you into downloading malicious software which slows down your internet connection.
These setbacks take place because most devices in any business environment are WiFi enabled. While most WiFi solutions are designed for users who have network expertise, not all small businesses are able to hire a technical expert. In fact, only 19% of small businesses have dedicated personnel who handle IT issues.* So what do the rest of the 81% end up doing? Often, they compromise with a generic home WiFi box which was not designed to meet their business needs such as creating guest WiFi or managing WiFi usage. Or, they’re stuck with complex WiFi equipment that they struggle to understand how to use. None of these routes is optimal for small businesses.
Because every second you’re managing or fixing WiFi, you’re not making money.
So why make WiFi complex for small businesses? Why not have something that’s easy to set up, use, and manage and even looks great while doing it?
What does WiFi for small businesses look like?
What if you could block a website that’s slowing down your business in just a few taps on your smartphone? What if watching over all your connected devices was as easy as glancing at today’s weather forecast on your smartphone? Wouldn’t it be useful if your WiFi hardware were updated automatically with better technology and security features — just like the apps on your smartphone? And what if setting WiFi usage limits was as easy as setting the brightness on your phone?
These are the tasks a time-strapped small business owner can easily do without losing focus from business-critical tasks.
All these conveniences add up!
At Cisco Meraki, simplicity and security are at our core. That’s why Meraki Go is designed to work for a time-pressed small business owner looking to ramp up business productivity with limited resources.
Meraki Go Indoor and Outdoor Access Points offer fast and reliable WiFi built for business-critical tasks, and the mobile app is designed to be managed by anyone. Setting up Meraki Go needs no technical expertise and takes less than 5 minutes. The Meraki Go Mobile App subscription enables automatic security, software, and firmware updates to prevent financial loss caused by security breaches and business downtime.
Fast and reliable WiFi together with the ability to easily manage and monitor your WiFi networks from anywhere results in customers spending more time at your business, critical tasks like payment and contract signatures going through smoothly, better experience encouraging repeat visits and so on. With the cloud-based Meraki Go App, you’re just a few taps away from taking real-time actions that impact your business — all through a single device and from anywhere.
Watch a 2-minute video to learn more about how you can do it all and get your business going.
*According to research conducted by Cisco Meraki in association with Wakefield Research, August 2018.
Readers of this blog will be excited to learn that Meraki has recently launched a new WiFi solution for small businesses in single-site locations. Today, we are introducing Meraki Go, a set of WiFi access points tailor-made for small and home businesses, with features to get a business going, all managed by a new easy-to-use app.
Meraki Go enables small business owners to manage their own WiFi needs. With a simple guided onboarding process, users can configure multiple WiFi networks in minutes. This allows shops, restaurants, and cafes to segment their guest and corporate traffic for added security. Meraki Go users can also quickly set usage limits on applications, and block clients from accessing certain websites. This way, small offices with limited bandwidth can prioritize business traffic, and make sure video streaming doesn’t get in the way of work.
As Meraki expands our product offerings, we want to make sure that we’re listening to the needs of our users. This is why we have built the Meraki Go experience from the ground up. With features made for business but an app designed for humans, Meraki Go has the best of both worlds, and we’re excited for you to try it.
All Meraki Go access points will require a subscription (1, 3, or 5 years), which provides access to in-app support, as well as security and app updates.
Check this out on meraki-go.com today, or watch our launch video below.
The pace at which new security threats are being introduced and propagated online has reached exponential levels, gaining speed with each passing year. Organizations have more locations and devices to protect, and threats are using many different ports to try to gain access or exfiltrate data. Security teams are often understaffed and struggle with complex, siloed systems that do not integrate or share intelligence in a programmatic way. These teams need solutions that are easy to deploy, simple to manage, can scale exponentially, and can integrate with other tools.
Securing your wireless users from malicious attacks — particularly these “DNS blind spots” that exist in many networks and are exploited by 97% of advanced malware — is of paramount importance. Unfortunately, recent surveys indicate that 75% of organizations do not actively monitor and apply security for DNS.
It is within this context that we are excited to announce support for integration between Meraki MR wireless access points (APs) and Cisco Umbrella (formerly OpenDNS).
Umbrella is the industry’s first secure internet gateway, a cloud-delivered first line of defense against threats like malware, ransomware, and phishing. Umbrella enforces security at the DNS layer by identifying requested web domains hosting nasty stuff — malware, phishing, etc. — and block end user access to them. Umbrella also enables more secure DNS querying through a tool called DNSCrypt, which automatically encrypts DNS queries between your network and Umbrella’s servers, effectively eliminating the chance that your queries will be the victim of eavesdropping or man-in-the-middle (MITM) attacks. This secures the “last mile” of a client’s internet connection, which is often left exposed and vulnerable.
There is no additional cost or charge for taking advantage of this integration (which is available to all Meraki wireless customers who have upgraded to our latest MR26.x firmware), but Meraki wireless customers who wish to integrate with Umbrella will need a separate Umbrella license and account with that service.
Enabling Umbrella integration
So, what does this mean for admins of Meraki wireless networks? This integration with Umbrella enables Meraki admins who obtain Umbrella licenses (WLAN, Professional, Insights, or Platform) to seamlessly assign DNS filtering via Meraki group policy or SSID to specific subsets of wireless clients, or to them all.
Enabling Umbrella integration takes only a few steps. First, the Meraki and Umbrella dashboards must be linked via the Umbrella Network Devices API key. Once this API key is generated from within the Umbrella dashboard, it needs to be copied into the Meraki dashboard by navigating to Network-wide > General.
Enabling Meraki + Umbrella integration within the Meraki dashboard.
Once the Meraki and Umbrella dashboards have been configured, linking a Meraki SSID or group policy to an Umbrella security policy is easy (note: Meraki group policies must be set to use ‘Custom SSID Firewall & Shaping Rules’ to link an Umbrella policy to them). After this initial setup, a unique identifier is generated behind the scenes for the specified Meraki SSID or group policy and is used by Umbrella to determine how to evaluate traffic from that Meraki network moving forward.
To link a Meraki SSID to an Umbrella policy, navigate to the Wireless > Configure > Firewall & Traffic Shaping section of the Meraki dashboard. There, you will find a button to link Umbrella policies.
Linking an Umbrella policy to a Meraki SSID.
By default, the last policy physically listed in the Umbrella dashboard’s ordered policy list will be inherited by a Meraki SSID unless a different policy is selected from the dropdown list.
To link a Meraki group policy to an Umbrella security policy, navigate to the Network > Configure > Group policies page in the Meraki dashboard and choose the specific Meraki group policy that you want to link. Under the ‘Layer 7 firewall rules’ section of that policy, you’ll be able to choose which Umbrella policy you’d like to apply.
Applying an Umbrella DNS policy to the Meraki ‘VIP Umbrella Clients’ group policy.
Once a Meraki SSID or group policy has been successfully linked to an Umbrella security policy, clients connecting to that SSID or who have been applied that group policy will have their DNS queries encrypted (if the AP supports 802.11ac) and verified against the corresponding Umbrella policy. Encrypting DNS queries between Meraki APs and Umbrella DNS endpoints helps secure the ‘last mile’ of client web browsing and protects against devastating MITM attacks or packet snooping that can reveal which websites client devices are browsing.
An example Umbrella policy may prohibit access to known malicious web domains or websites that host specific types of content, like gambling or peer-to-peer domains. If the client’s request for access to a given website is allowed, Umbrella will return an encrypted DNS response with the appropriate IP address. If the request is denied, then an encrypted DNS response pointing to the Umbrella block page will be returned instead.
Taken together, Meraki wireless and Umbrella integration provide a significantly more robust security framework for IT admins looking to protect clients from web threats in a more proactive way. Instead of waiting for a malicious site to infect a machine and then using tools like antivirus to detect and remediate, Meraki MR customers can rest easy knowing that they are protected from ever reaching harmful sites in the first place.
Interested customers should contact Meraki Support to have this feature enabled. This feature requires an early-release MR firmware version that can be enabled with Meraki support assistance.
1:00 pm: Students trickle back into class after a well-deserved lunch break. Eager to get started with their next lesson, they grab their school-issued laptop out of their emptying backpack, log on, and start their next assignment while patiently waiting for the teacher to bring attention to the front of the room. Unbeknownst to the students and teachers actively participating in classroom activities, the network deployment team paces the halls, double checking that each new access point has a home, and that each switch will be comfortable in its new closet.
3:30 pm: The bell rings. Students rejoice; jumping, dancing, and skipping out of the building, excited to get to their study group, sports practice, or friend’s house. Some stay behind to attend an after-school course, work on homework, or attend a teacher’s office hours. Behind the scenes, the deployment team sneaks inside empty classrooms and offices, unmounting old access points and seamlessly swapping them for brand new, inconspicuous access points to take their place. From the gym to the cafeteria, no space can be left unconnected. With great attention to detail and swift hanging capabilities, the team goes room by room, replacing and adding APs, making sure no classroom is left behind.
4:30 pm: The last of the students head home for the day, with tired eyes, full brains, and superb stories. Once everyone has left the campus, and the school buildings start humming in their normal emptied silence, the real fun begins. Operation: the complete switchover. The deployment team speeds through the remaining AP installation. They move onto the closets, and in a sea of cables, sweat, and servers, they unrack and uninstall the legacy switches, tossing them into a corner of their already forgotten memory. Installing the new switches is faster than a cheetah lapping the school, with an organized, lit up rack of switches foreseeable on the other end.
5:00 pm: Testing. Testing. 1, 2, 3, testing. The devices are online. The computers are connecting. The tablets are connecting. Even the phones are connecting! The intrusion detection system is working. The security cameras are on. We are a go! Network complete.
This nonfiction tale tells the story of Orange County Public Schools (OCPS), the 9th largest school district in the United States, with around 208,000 students spread across 200 schools. And yes, they continue to flip schools left and right in four hours, moving them off of their legacy equipment and onto a Meraki network of MR access points and MS switches. Originally a project that David Overton, Senior Director of Information Security, thought would take several years to finish, is on pace to finish in under two years, with the deployment team transitioning three schools a week. And, for the schools that have already moved onto Meraki, not only has student learning through their 1:1 device program continued to work without a hitch, but the simplified management through the Meraki dashboard has been a lifesaver for the IT team.
To learn more about OCPS and their Meraki deployment, watch a webinar recording with David and a Meraki product specialist. They discussed why David chose Meraki, how they are able to install a new network in 4 hours, and why a robust network is imperative to supporting their 1:1 device program. Watch here!
Cisco Meraki customers can easily future proof their networks for the needs of their business with the new Meraki MR32 and MR72 802.11ac access points (AP) that include built-in Bluetooth Low Energy (BLE) beacon technology. These APs can be integrated seamlessly into any standard WLAN deployment, while giving customers a BLE beacon-enabled network, ready for the future. We see this being especially important in retail where iBeacons and other customer Bluetooth engagement technologies are rapidly growing in adoption.
What are BLE Beacons?
BLE is a recent enhancement to the Bluetooth standard which allows for the wireless protocol to be applied to new use cases which were previously not feasible. This is primarily due to the energy saving techniques implemented in BLE which reduce power consumption when compared to previous Bluetooth standards.
With the ability to efficiently utilize limited power sources, BLE is now used in a number of devices which need to communicate small amounts of data over wireless. It is now possible to have devices with battery life measured in months and years rather than days or weeks, while also making them smaller.
This has led to the development of beacon technology and its application in a number of situations. Beacons are very simple BLE messages which are transmitted or heard by BLE compatible devices. This device could be a computer, a phone, a wireless AP, or a tag, to name just a few possible devices.
This message has three basic components:
Universally Unique Identifier (UUID)
These components of the beacon can be configured with information the operator wants to communicate to other BLE-compatible devices. Typically this is in a non-human friendly form but it can be interpreted by a listening device. For example, in a retail environment it could be interpreted as:
Retail Brand (UUID)
Shop Location (Major)
Product Category (Minor)
When a BLE-compatible device hears one of these messages, a user-installed app which is beacon aware can interpret the information in the UUID, Major, and Minor identifiers. This could be used to trigger functionality in that app, for example it could display information relevant to a particular product in that shop, a discount to be redeemed at purchase, or a customer service interaction.
Is it worth using BLE Beacons?
BLE beacons are a simple way to provide mobile apps with location awareness that is specific to your organization. The low energy features of BLE beacons allow mobile devices to use this functionality with minimal impact on battery life. The benefit of this is that apps can enable bluetooth on devices with little negative side effects and a positive experience to end users.
The downside for organizations wishing to implement BLE beacon devices is the scale at which they could be deployed creates a significant administrative burden. With a thousand, or ten thousand of these devices, even a year long battery life would lead to a large number being replaced every week.
It also means that when it comes to configuration, it can require extensive pre-staging and visits to site. Should this need to be updated in the future to meet new business needs, the costs of doing this may outweigh the benefits of making the change.
Meraki has solved the physical and configuration challenges of implementing beacon technology by integrating it into the new MR32 and MR72 APs. These APs have fully integrated BLE radio chipsets that works in parallel to the three WLAN radios that are inside.
BLE and beacon compatible Meraki MR32 and MR72 APs
Hear from Adam Weiss, one of the Meraki engineers responsible for the development of the BLE functionality in the APs, on the possible uses cases of this technology and the importance of an integrated solution.
By integrating the BLE technology into the PoE compatible MR32 and MR72 APs, the problems associated with maintaining a widely distributed inventory of battery powered beacons is completely eliminated.
The unique cloud-managed architecture of the Meraki MR32 and MR72 means that they can be remotely deployed and configured for zero-touch deployments. The APs can broadcast BLE Beacons with a configured UUID, Major, and Minor that is only set once for a whole network of APs. If these identifiers need to be updated, it can be done quickly and remotely through the Meraki dashboard for all APs, all sites, or even different countries.
The rapid software development cycle of the Meraki cloud management solution means that as and when new BLE Beacon features are needed, these can be delivered seamlessly at no cost to existing deployments. This ensures your investment in APs can provide the greatest value for the longest period of time.
We are very excited to announce two new enterprise 802.11n access points: the Meraki MR12 and MR16. These new APs offer across the board upgrades over their predecessors, the venerable MR11 and MR14: improved performance, sleeker design, and even a lower price!
Meraki MR16 ($649)
Dual Concurrent 802.11n for Enterprise/Campus
Single Radio 802.11n for Small Branch/Teleworker
These are the slimmest enterprise 802.11n APs. Measuring in at under 1″ thin, they blend seamlessly into their environment.
We built these APs with the network administrator in mind, making them as fast and easy as possible to deploy. The industrial design makes for easy, 1-handed mounting. Each box contains a complete accessory kit, with gear for wall, drop ceiling, and desktop mounting. No pre-configuration is required – just plug the AP in, and it automatically assumes gateway or mesh mode, and downloads its configuration from the cloud.
Despite its slim profile and lower price, the MR12 and MR16 are actually more powerful than their predecessors, featuring both increased transmit power and receive sensitivity. Highlights include:
Layer 7 Traffic Shaping
Line rate deep packet inspection engine for application QoS
High Capacity Design Memory capacity for 100+ simultaneous users
Built-in Policy Firewall Guest, User and Group Acces Control
4th Generation Chipset Top of the line 2×2 MIMO with spectrum analyzer and transmit power control
Client Enhancements Beamforming, Voice/Video QoS, Band steering
To top it all off, these are green little APs, with 100% recyclable packaging, 90% recyclable components, and a multi-tenant cloud hosted controller that is far more energy efficient than traditional hardware controllers.
We’re incredibly excited about these APs, and the response we’ve received from our beta testers has been very encouraging. We hope that you like them too!
Meraki’s AutoRF technology performs automatic cloud-based, system-wide network optimization to ensure peak network performance in any environment. Each AP on a Meraki network continually monitors its environment for interference from other APs and feeds this information back to the Cloud Controller. Last month we added Spectrum Analysis, mitigating interference from non-WiFi devices like microwave ovens and Bluetooth headsets.
AutoRF has always run quietly in the background. But now, our new Radio Settings page gives you more visibility into what’s happening behind the scenes, and exposes new controls for advanced configuration.
The new Radio Power selector either allows the Cloud Controller to automatically dial back transmit power if it detects adjacent access points stepping on each others’ toes, or allows you to maintain full power for all APs.
The Channel Planning Report sheds light on how AutoRF is tuning your network, providing visibility into the current channel and transmit power settings for each AP, as well as the interference sources that were avoided. If you click on the “Details” link next to each row in the table, you will find a detailed report for all of the APs in your network on a particular channel.
Regular users of the Cloud Controller will notice that some settings previously found under Network Wide Settings have moved to this page, where they fit naturally.
We hope that you find this Radio Settings page helps you better understand how the Cloud Controller is optimizing your network, and helps you to make more informed decisions about how to use the Cloud Controller’s RF controls. Please let us know what you like, what you don’t, and what you’d like to see next!
TEDGlobal 2010, themed “And Now the Good News”, wrapped up with some good news for Meraki and TEDGlobal attendees using the conference WiFi. As part of the British Telecom Sponsorship team, fellow Meraki engineer Robert Shanks and I were on site to deploy and support the wireless network for this 4-day conference. To make a long story short, the wireless network performed flawlessly, with just over a 1,000 people connecting throughout the conference and transferring over 250 gigabytes of data.
The conference venue, located in Oxford, UK, had its fiber backhaul brought in by BT. The backhaul was then distributed to wireless users in the two main venues of the conference, the Oxford Playhouse and the gala rooms of the Randolph Hotel, through fifteen MR14 dual-radio access points.
We leaned heavily on the Cloud Controller to quickly deploy the network with a small team. Rogue AP detection and automatic channel spreading maintained performance while TEDsters blogged, tweeted, browsed and streamed all at once. While we trusted the Cloud Controller’s real-time alerts to let us know about unexpected changes (there weren’t any), we also kept tabs on the network’s summary report, giving us a good understanding of the overall usage and performance of the network.
Along with performance and usage information, the summary reports confirmed that the device-of-choice for TEDsters was the iPad, with well over 100 using the network. In fact, hand-held devices accounted for over 50% of clients connecting to the network.
We had a great time at TED, and were happy to see the Meraki network being used so heavily. Thanks to the team at British Telecom for including us!
It doesn’t matter how large or small the conference is, it seems like they always have WiFi problems. The networks are consistently slow, frequently fail, and usually require some arcane security measure that involve weirdly-small scraps of paper and bizarre usernames.
There’s no reason for WiFi to be this frustrating!
We’ve started a new project to loan our enterprise-grade WiFi gear to smaller tech conferences, meetups, BarCamps, WordCamps, Tweetups, whathaveyou … for free. You provide the Internet connection, and we’ll provide a rock-solid WiFi connection. All we ask in return is that if you like our products, tell your friends, and if not, let us know how we can make them better.
We’ve just gotten started with this project, but so far, meetups like SF Beta, WordCamp Boulder, and Hacks/Hackers NYC have had great experiences.
“One of the best decisions we made for our conference. Not only was the delivery and setup effortless, our network remained stable throughout the entire day. No matter your wireless needs, this experience alone tells me Meraki’s solutions are some of the best.” —WordCamp Boulder
As part of this project, we’re excited to be partnering with WordCamp.org. We’ll offer a streamlined signup process for the many BarCamp-style events that these organizations sponsor throughout the year.
If you run an event and would like to participate in our new Free Event WiFi project, we’d love it if you signed up! We’re looking for small to medium-sized events that have enough bandwidth to support that group.
If you’re interested, head on over to the signup page to learn more or take a look at our plug-and-play setup guide, or ask any questions below!
One of the most challenging aspects of managing large distributed networks is troubleshooting issues when the client is across town (or maybe even across the country!). Having on-site IT personnel 24/7 at even small satellite branch offices can require a very large IT staff and is too expensive for most organizations. Meraki networks offer a variety of “remote hands” troubleshooting tools, helping network admins diagnose and resolve many wireless connectivity issues without dispatching IT staff to the site. The ability to run diagnostic checks such as pinging an access point, running a throughput test from Dashboard, or reviewing detailed event logs have been integral to Meraki’s value for distributed networks and organizations with small IT staffs and large footprints.
We are now announcing a set of Live Client Tools that expose even more up-to-the-second information about who is on a wireless network, and further help troubleshoot connectivity issues. Administrators who log into their Enterprise network in Dashboard will notice several new and improved areas. On the Monitor > Overview page, there is now a new addition under the network name showing the number of clients that are associated at that moment:
If you click on the “More” link, you will see an expanded list with more information, including which SSIDs and channels the clients are using. This data is automatically refreshed as long as the “More” link is expanded.
Even cooler, Enterprise customers can change the access points map to show where clients are associated: click the “Options” menu on the map and select “Current clients.”
But the really interesting stuff is on the Access Point and Client detail pages. The Access Point detail page used to look like this:
Now, all of the live tools have been consolidated into a new, cleaner layout. Both Pro and Enterprise networks will benefit from the new layout. Enterprise networks now have two additional features in this area: Current Clients and Ping Client MAC. Clicking on the play icon next to Current Clients will pop up a list of all clients associated to that AP at that instant, including useful information about each client such as MAC, SSID, channel, signal strength, and how long they have been associated. Click on the name of a client to go to its client details page. You’ll even see clients that have associated, but not authenticated (they’re listed in grey). If you click the Ping link next to the client, you can actually ping that client in real time using ARP, as well as get additional information, such as RSSI changes over time and 802.1X identity (if appropriate).
The other new addition, Ping Client MAC, allows you to enter a MAC address and try to ping it. This can be very useful if you are trying to determine if a particular device is on your network at that moment.
There is also a new Live Tools section on the client detail page. From this page you can also ping that individual client, but there are a few additional new tools:
The Locate Client tool allows you to find out whether that client is associated on your network at that moment, and if so, where they’re associated and for how long:
Finally, the Packet Counter tool shows a real-time count of received and sent packets to that client. You can actually see the packet counters roll as you ping the client!
We think these new tools further improve Meraki’s uniquely clear approach to distributed, multi-site network management, a normally challenging task. Network administrators can more quickly resolve their wireless users’ connectivity issues and access accurate real-time data about the exact state of their network.