Communicating technical topics to a broad audience can be challenging. Photos, illustrations, and video are all helpful tools designed to simplify complex subjects, but it’s easy to go overboard when describing a product as intricate as a switch or security appliance.
Left-to-Right Arrows for Layer 2 – The two sets of arrows going right and left indicate communication between devices at Layer 2. Available on MS device icons. Example:
Diagonal Arrows for Layer 3 – Our Layer 3 icon adds diagonal arrows to indicate the routing capabilities available on MS and MX products. Example:
Wireless – The icon represents a device that has Wi-Fi capabilities. Available on MR wireless, select MX security appliances, and Z-Series teleworker appliances. Example:
MX SD-WAN and security specific symbols – The MX icon includes symbols for inspecting traffic (magnifying glass), diagonal arrows for routing, and a brick wall for protection against bad actors. Example:
Dotted Line for Virtual Appliances – The virtual appliance provides Meraki security and SD-WAN services for migrating IT services to Amazon Web Services and or Microsoft Azure. Example:
Server – The server icon has several sub-icons to highlight important characteristics. Available with cloud, directory, domain, file, web, and Meraki servers. Example:
Meraki is excited to announce an extension to our growing line of multi-gigabit (mGig) switches with the release of the MS355.
The new switch features a high-count of full, 10G mGig switch ports and is designed to help IT admins of data-intensive networks prepare their organization to meet the demands of next-generation access points. Universities, hospitals, and large public complexes like transportation centers all benefit from the increased bandwidth capabilities of the MS355.
The timing is right for mGig switching. Analysts believe the rise of 802.11ax (AX) access points – also called Wi-Fi 6 – will overtake the current 802.11ac standard by 2020 and by 2022 comprise up to 87% of the wireless access point market.* These next-gen access points require more capable switches to handle the increased traffic.
*Dell’oro Group: Wireless LAN Five Year Forecast Report, 2018-2022
Enter High-Density Multi-Gigabit Switching
Multi-gigabit, or mGig, switches offer the benefit of greater switching capacity while using previously-installed Cat 5e/6/6a cabling infrastructure.
Not all mGig switch ports are the same. Switch device makers may designate a switch as mGig but cap the max bandwidth on the port to 2.5G or 5G. The device is still operable, but the smaller bandwidth size limits the potential of greater data rates in the future.
Notably, we previously dipped our foot into the water of full, 10G mGig with the release of our first multi-gigabit switch, the MS350-24X, which contained just 8 mGig ports for smaller deployments of mGig-capable devices.
For that reason, we developed the MS355, a cloud-managed high mGig port-density switch designed to help organizations prepare for large deployments of AX access points.
The series comes in four models all with 4 x 10G SFP+ ports, 2 x 40G QSFP+ ports, and 400 Gbps of stacking bandwidth. All models use 100 Gbps optical cables to stack up to eight devices for greater network resilience.
The series varies in the number of mGig ports included on the switch:
Troubleshooting network complications can be an extremely time-consuming and difficult process. Issues such as VLAN mismatch are tough to track down among the mountain of configurations needed to get a network operational.
VLAN mismatches occur when two ends of a link are misconfigured to different VLANs. These can happen over access or trunk links. A mismatch on the link that carries the critical traffic required to keep the network functioning – the Native or management VLAN – causes additional headaches and potential security concerns.
The above image represents a native VLAN configuration where management traffic flows untagged across the switch port links normally. The image below represents a VLAN mismatch.
When the switch port on Switch 2 is misconfigured to VLAN 20, the management traffic will continue to flow between Switch 1 and 2, but any traffic returning to Switch 1 is treated as VLAN 20. This mismatched scenario could result in traffic being altogether dropped or potentially be a security concern if VLAN 20 has access to confidential data not normally accessible to VLAN 1 and the data makes it to the destination device.
Meraki uses two methods to detect VLAN mismatches. The first method is to detect if the link is configured with the same VLAN type or number on each switch port of the link. The second method is to observe if the link is identically configured as an access or trunk (multiple VLANs) connection on both sides of a switch port.
To help users spot the issue, Meraki has implemented VLAN mismatch detection that notifies users when an error is found.
The dashboard now indicates when a VLAN mismatch has occurred on a specific port and what exactly is causing the mismatch.
With the notification, users can now immediately diagnose potential issues in seconds and quickly isolate which port needs to be correctly configured.
To find more information on how Meraki handles VLAN mismatches, head to our documentation page. To learn more about all of Meraki’s safety and security features for switches, consider attending one of our upcoming webinars.
We are happy to announce the availability of our MS 10 firmware update for Meraki switches. The update introduces new features that improve the overall security, efficiency, and resilience of your network.
Let’s take a moment to review several of MS 10’s most notable features!
MS 10 introduces 802.1x Multi-Auth and Multi-Host authentication options to Meraki switches.
Multi-Authentication requires each host on a shared port to authenticate individually to gain network access. This log-in process is vital for network security in deployments with many autonomous clients.
Multi-Host Authentication allows a single host to open port access for subsequent clients after a single authentication. For example, someone using a desktop with multiple VMs would only need to authenticate a single time to gain access for all of her virtual machines. This reduces the frustration of needing to log-in multiple times when only a single authentication is needed.
Resilience: Enhanced Storm Control
Network storms occur when a set of switches endlessly forward packets between themselves, which clogs network bandwidth and causes normal network traffic to grind to a halt.
Enhanced Storm Control provides greater protection against network storms by allowing administrators to set limits on how much bandwidth can be allocated for certain types of traffic. If a storm does occur, damaging traffic will be limited to only a percentage of your total bandwidth capacity.
Resilience: Unidirectional Link Detection (UDLD)
Unidirectional link issues happen when a fiber cable is damaged or misinstalled and causes a loop that has the potential to disrupt the entire network.
A switch with UDLD prevents this type of loop by shutting down the port where a unidirectional link is detected. This keeps your network stable and more resilient against common causes of fiber-link errors.
Efficiency: Equal-Cost Multi-Path (ECMP)
Meraki uses OSPF routing which directs packets by determining the lowest-cost path to a destination. However, in situations where multiple equal-cost paths are available, some paths may be underutilized.
With Equal-Cost Multi-Path (ECMP), traffic is automatically load-balanced across up to 16 OSPF-learned paths which promote greater network efficiency.
Efficiency: Port Anomaly Detection
Port Anomaly Detection (formally called Spanning Tree Protocol /LAN Anomaly Detection) encompasses multiple enhancements for identifying and resolving spanning-tree and link issues. With the upgrade, the switch port icon indicates physical link errors and excessive link-status changes (STP issues). The individual switch ports will also display orange or red in the dashboard when these types of issues are detected.
More broadly, Anomaly Detection furthers Meraki’s mission of providing in-depth visibility into your network. By providing detection of erroneous network behavior, we help ensure network stability and scalability.
Increase your network’s resilience
If you would like to learn more about MS 10’s improvements, please visit our Knowledge Base or contact us directly.
For a full list of improvements, please login to your dashboard for more information:
Hot on the heels of our previous switch release (here) comes our MS210 stackable access switch.
We designed the MS210 to provide network administrators the option to stack the new 1G switch to the 10G uplink of the MS225.
Large enterprise networks often require multiple switches to handle office traffic but have only modest bandwidth needs per switch. However, many desire the flexibility to enhance their bandwidth capability as the organization’s tech needs grow.
The MS210 provides incredible power and flexibility to our switch line. Seven MS210s linked to a MS225 for its 10G uplink (to form a stack of eight) creates one of the most versatile and economical switch options available — all easily configurable using the Meraki dashboard.
The MS210 line features basic Layer 3 connectivity and comes in both 24- and 48-port models along with PoE and PoE+ power options.
We are pleased to announce that we have expanded our switch line to include new models designed for small office and home office customers.
For years, Cisco Meraki’s cloud-managed switches have provided network administrators with an unprecedented level of visibility and control to manage their deployments. While we already offer a wide variety of switching options for campus and enterprise networks, we wanted to introduce the benefits of cloud networking to a greater range of customers across new price points.
New Meraki customers will gain access to innovative network solutions like an entirely GUI-based management platform and firmware updates from the cloud to ensure network stability.
For organizations looking to purchase new switches, there has never been a better time to learn more about cloud-managed IT.
MS120-8 Compact Switch
The MS120-8 is our compact access switch designed for flexible and rapid deployment at branch and campus locations. We adopted a fanless design for the non-powered and PoE models, enabling completely silent operation as you work alongside the device on or near your desk.
Features of MS120-8:
2 x 1G SFP uplinks
New Low-Powered (LP) Model
Layer 2 access switch
External power supply (non-powered, LP models)
Integrated mounting plate
MS120 24/48 Port Switch
The MS120 line is designed for widespread deployment in networks of any size. The large switch port capacity on the 24- and 48-port models allows network administrators to take advantage of the growing number of IoT devices found in the modern workplace, including IP-connected phones, cameras, and security systems.
It’s never fun when your network suddenly stops working, especially when the problem turns out to be more subtle than those configuration changes you just saved. Even worse: your network seems to be smoothly humming along, but you’ve been compromised unknowingly. What could cause such catastrophic behavior? Rogue DHCP servers on your network.
DHCP is one of those Layer 2 protocols you never notice until it crashes or misbehaves. But, while DHCP may often be treated like the proverbial ugly stepchild, neglecting DHCP security comes with significant risk. After all, DHCP provides clients connecting to your network with IP addresses and configuration parameters such as subnet mask, default gateway, and DNS server information.
If these parameters become corrupted, the smooth flow of network traffic can abruptly halt. Worse, if a setting such as the default gateway is maliciously defined, network security is immediately jeopardized but you may not immediately notice. This makes detecting rogue DHCP servers paramount, especially given the ease with which they can be deployed.
Meraki’s switches operate at the same TCP/IP layer as the DHCP protocol and record which devices are sending DHCP server traffic. You can easily see if a non-authorized device is replying to DHCP requests from connecting clients.
View a list of all network devices replying to DHCP requests for the last month.
The image above shows that a device named Godzilla is replying to DHCP requests made by several clients on Meraki’s network. You can see Godzilla’s MAC address, as well as the VLANs and subnets it is servicing DHCP requests for. To get a more detailed view of any particular reply, you can click view packet:
View individual replies to client DHCP requests and learn what IP parameters may be corrupted.
This view provides the details of a DHCP server reply, including the IP address being offered to the connecting client and additional parameters such as lease time, subnet mask, default gateway, and DNS server information.
If Godzilla were not an authorized DHCP server, we could easily contain it. Simply search for Godzilla’s MAC address in the Monitor > Clients page to determine which switch and port it is connected to. Click into the connected switch and drill down to the individual port.
Port-level view of Godzilla, giving more details about the device.
Click “Edit configuration” and disable the port servicing Godzilla. This immediately disconnects the device from your LAN.
Port configuration settings allow you to disable a port and make several other useful changes
Detecting and disabling a rogue DHCP server is as simple as that. With the immediate threat contained, you can now track down the physical location of the rogue device. Re-enabling the port is as simple as repeating the steps above and selecting “enabled” in the port configuration menu.
Recent updates have made this DHCP server visibility possible at the switch level, so stay tuned for more posts detailing new features!