An attacker wanting to eavesdrop on a network has several methods at their disposal to cause harm, notably with “man-in-the-middle” attacks where an attacking device pretends to be a valid member of the network to intercept traffic.
That method of attack is called “spoofing” which enables visibility into the device’s traffic and provides an option for attackers to use more aggressive network-disrupting tactics.
Device spoofing is a significant security threat, and it’s vital that your network have strong defenses. With our MS 10 firmware, Meraki is working to ensure your network remains secure with Dynamic ARP Inspection.
How does spoofing occur?
The attack works by deactivating the regular connection that switches use to pass information to client devices. The attacking device then misdirects traffic through itself by announcing its hardware address to devices that can hear it. The client devices aren’t smart enough to know the difference between the fake and real messages, so they begin forwarding potentially sensitive information to an attacking device.
The attacker can then spy on the traffic before forwarding the message to the correct device without anyone being the wiser.
How to defend against spoofing
Dynamic ARP Inspection (DAI) places safeguards at Layer 2 where bad actors may manipulate these important messages (ARP requests). DAI calls upon the network to verify whether the device handling the ARP requests is real or fake by checking whether that device has been seen before on the network. If the device hasn’t been seen, then messages from the attacking device are ignored.
Configuring DAI with Meraki is easy with MS 10. Note that to avoid disruption to your network, it’s essential to follow the steps in order.
In the Meraki dashboard, first, navigate to Switch > Switch Port and select the port associated with a DHCP Server or Relay. Select “Edit.”
Then navigate to “Trusted” and toggle to “enabled”.
Finally, navigate to Switch > DHCP Servers& ARP > DAI Status and select “Enabled.”
As with all things Meraki, the configuration of Dynamic ARP Inspection can be completed in seconds with our easy-to-use dashboard.
To learn more about other improvements in MS 10, please visit our documentation page or attend a webinar for a demonstration.
Hot on the heels of our previous switch release (here) comes our MS210 stackable access switch.
We designed the MS210 to provide network administrators the option to stack the new 1G switch to the 10G uplink of the MS225.
Large enterprise networks often require multiple switches to handle office traffic but have only modest bandwidth needs per switch. However, many desire the flexibility to enhance their bandwidth capability as the organization’s tech needs grow.
The MS210 provides incredible power and flexibility to our switch line. Seven MS210s linked to a MS225 for its 10G uplink (to form a stack of eight) creates one of the most versatile and economical switch options available — all easily configurable using the Meraki dashboard.
The MS210 line features basic Layer 3 connectivity and comes in both 24- and 48-port models along with PoE and PoE+ power options.
We are pleased to announce that we have expanded our switch line to include new models designed for small office and home office customers.
For years, Cisco Meraki’s cloud-managed switches have provided network administrators with an unprecedented level of visibility and control to manage their deployments. While we already offer a wide variety of switching options for campus and enterprise networks, we wanted to introduce the benefits of cloud networking to a greater range of customers across new price points.
New Meraki customers will gain access to innovative network solutions like an entirely GUI-based management platform and firmware updates from the cloud to ensure network stability.
For organizations looking to purchase new switches, there has never been a better time to learn more about cloud-managed IT.
MS120-8 Compact Switch
The MS120-8 is our compact access switch designed for flexible and rapid deployment at branch and campus locations. We adopted a fanless design for the non-powered and PoE models, enabling completely silent operation as you work alongside the device on or near your desk.
Features of MS120-8:
2 x 1G SFP uplinks
New Low-Powered (LP) Model
Layer 2 access switch
External power supply (non-powered, LP models)
Integrated mounting plate
MS120 24/48 Port Switch
The MS120 line is designed for widespread deployment in networks of any size. The large switch port capacity on the 24- and 48-port models allows network administrators to take advantage of the growing number of IoT devices found in the modern workplace, including IP-connected phones, cameras, and security systems.