Posts Tagged ‘MS10’

VLAN Troubleshooting with MS

Troubleshooting network complications can be an extremely time-consuming and difficult process. Issues such as VLAN mismatch are tough to track down among the mountain of configurations needed to get a network operational.

VLAN mismatches occur when two ends of a link are misconfigured to different VLANs. These can happen over access or trunk links. A mismatch on the link that carries the critical traffic required to keep the network functioning – the Native or management VLAN – causes additional headaches and potential security concerns.

 

The above image represents a native VLAN configuration where management traffic flows untagged across the switch port links normally. The image below represents a VLAN mismatch.

 

When the switch port on Switch 2 is misconfigured to VLAN 20, the management traffic will continue to flow between Switch 1 and 2, but any traffic returning to Switch 1 is treated as VLAN 20. This mismatched scenario could result in traffic being altogether dropped or potentially be a security concern if VLAN 20 has access to confidential data not normally accessible to VLAN 1 and the data makes it to the destination device.

Meraki uses two methods to detect VLAN mismatches. The first method is to detect if the link is configured with the same VLAN type or number on each switch port of the link. The second method is to observe if the link is identically configured as an access or trunk (multiple VLANs) connection on both sides of a switch port.

To help users spot the issue, Meraki has implemented VLAN mismatch detection that notifies users when an error is found.

 

The dashboard now indicates when a VLAN mismatch has occurred on a specific port and what exactly is causing the mismatch.

 

With the notification, users can now immediately diagnose potential issues in seconds and quickly isolate which port needs to be correctly configured.

To find more information on how Meraki handles VLAN mismatches, head to our documentation page. To learn more about all of Meraki’s safety and security features for switches, consider attending one of our upcoming webinars.

Building a more resilient network

We are happy to announce the availability of our MS 10 firmware update for Meraki switches. The update introduces new features that improve the overall security, efficiency, and resilience of your network.

Let’s take a moment to review several of MS 10’s most notable features!

 

Security: Multi-Auth/Multi-Host

MS 10 introduces 802.1x Multi-Auth and Multi-Host authentication options to Meraki switches.

Multi-Authentication requires each host on a shared port to authenticate individually to gain network access. This log-in process is vital for network security in deployments with many autonomous clients.

Multi-Host Authentication allows a single host to open port access for subsequent clients after a single authentication. For example, someone using a desktop with multiple VMs would only need to authenticate a single time to gain access for all of her virtual machines.  This reduces the frustration of needing to log-in multiple times when only a single authentication is needed.

 

Resilience: Enhanced Storm Control

Network storms occur when a set of switches endlessly forward packets between themselves, which clogs network bandwidth and causes normal network traffic to grind to a halt.


Enhanced Storm Control provides greater protection against network storms by allowing administrators to set limits on how much bandwidth can be allocated for certain types of traffic. If a storm does occur,  damaging traffic will be limited to only a percentage of your total bandwidth capacity.

 

Resilience: Unidirectional Link Detection (UDLD)

Unidirectional link issues happen when a fiber cable is damaged or misinstalled and causes a loop that has the potential to disrupt the entire network.

A switch with UDLD prevents this type of loop by shutting down the port where a unidirectional link is detected. This keeps your network stable and more resilient against common causes of fiber-link errors.

 

Efficiency: Equal-Cost Multi-Path (ECMP)

Meraki uses OSPF routing which directs packets by determining the lowest-cost path to a destination. However, in situations where multiple equal-cost paths are available, some paths may be underutilized.

With Equal-Cost Multi-Path (ECMP), traffic is automatically load-balanced across up to 16 OSPF-learned paths which promote greater network efficiency.

 

Efficiency: Port Anomaly Detection

Port Anomaly Detection (formally called Spanning Tree Protocol /LAN Anomaly Detection) encompasses multiple enhancements for identifying and resolving spanning-tree and link issues. With the upgrade, the switch port icon indicates physical link errors and excessive link-status changes (STP issues).  The individual switch ports will also display orange or red in the dashboard when these types of issues are detected.

More broadly, Anomaly Detection furthers Meraki’s mission of providing in-depth visibility into your network. By providing detection of erroneous network behavior, we help ensure network stability and scalability.

 

Increase your network’s resilience

If you would like to learn more about MS 10’s improvements, please visit our Knowledge Base or contact us directly.

For a full list of improvements, please login to your dashboard for more information:

Access Policies

Dynamic ARP Inspection

Unidirectional Link Detection (UDLD)

Storm Control for MS