Moving at the Speed of Creativity by Wesley Fryer

Cisco Meraki Lab Workshop (October 2015)

This morning I’m in Tulsa, Oklahoma, attending a 3 hour “Cisco Meraki Lab Workshop.” Our seminar today is being led by Dustin Cooper, who is a Cisco engineer. Zach White, who is our regional sales rep in Oklahoma. These are my session notes.

meraki by sam_churchill, on Flickr
Creative Commons Creative Commons Attribution 2.0 Generic License   by  sam_churchill 

3 different products we’ll address today:

  1. Switches
  2. Security appliances
  3. Access Points

Meraki started as a wireless mesh routing project at MIT in 2006/2007. They created a protocol, which is still on Cisco Meraki access points today. APs find their neighbors via a secure connection and share a tree. They linked about 150 APs in residential areas and connected to the large pipe bandwidth at MIT. Roofnet is the project they started, still available as open source.

214,164 Meraki networks were in use right after the acquisition of the company by Cisco, today there are 479,574 active networks. Build out of Meraki data centers similar to Amazon E3 in terms of backups and shared architecture. Cluster of servers have “shards” or nodes, there are over 200 shards now. OS is proprietary. Have 10 data centers currently, 2 are just in Germany because of local laws. Have scaled and adapted around security and auditing requirements.

SMP has been around now for 30 years, it’s an old protocol, it hasn’t evolved much in terms of function – a little from a security perspective. It is not a scalable foundation – so the proprietary OS layer that Cisco Meraki has created is very important. Response times for pulling info with Meraki is very fast.

Cisco Meraki is a complete cloud managed networking solution: wireless switching, security, WAN optimization, mobile device manager (MDM). Dominoes, Panera, Gap – so many retail outlets now are using Meraki because the remote management features are so powerful. Big uptick now in education, both smaller customers and larger universities.

Fast rollout: As an example, H&R Block used Meraki to bring up 10,000 sites in 4 months, because of the templating features they can make changes to 1 template and those get pushed out to all sites.

Secure: no user traffic passes through the cloud, fully HIPAA/PCI compliant (level 1 certified). Automatic (user managed) firmware updates.

Also integrate into any single signon envrionment.

Simple cloud licensing model: no per-feature or per-user licenses. Licensing options are 1, 3, 5, 7 and 10 years.

Cloud license price is all inclusive: cloud management UI, 24×7 phone support, automated software updates,  advanced hardware replacement, all features are built on the platform, all new features

Wireless Tech Field Day (@TechFieldDay) is a great resource of technical video presentations about different wireless vendor capabilities, including Cisco Meraki. Here is the YouTube playlist for “Video recorded at Wireless Field Day 8, September 30-October 1, 2015.” Here’s the YouTube playlist for the 2015 wifi Tech Field Day.

Spatial streams or Spatial multiplexing for wifi depends on what your device supports – think about it like the number of wire pairs on a CAT5 ethernet cable which can be used to send and receive data.

With Meraki you can run reports to figure out what kinds of devices are connecting and what are their capabilities.

Multiuser MIMO is new protocol coming, but end user clients have to support it.

Meraki dashboard can be used to troubleshoot layer 1 connectivity issues.

Can also be used for packet capture on access points

Have intrusion protection available in Meraki.

Wifi pineapple is a hacker tool used to make wireless attacks on networks and computer systems.

Cloud Shark integrations included with Meraki (see enterprise.cloudshark.org/meraki/)

When you add users in Meraki and give “read only” access,

You can administer things by network and by tag in Meraki

  • you can even tag switches or switch ports, and grant Meraki network visibility by those tags (helpful for working with contractors, for instance)

Visualization tools for Syslog parsing: Splunk (commercial) or Elk Stack (free / open source)

MX Security Appliance comes with enterprise license, and you can add advanced licence (includes Sourcefire license & more)

Just about anything you want to learn how to configure with Meraki is addressed on: documentation.meraki.com

Bonjour configuration is all about Layer 3: won’t traverse from 1 subnet to another

  • with Meraki can configure this on the switch or security appliance / firewall

Meraki Documentation on Content and Security Filtering

Unicast to Multicast works automatically within the Meraki access points

Remember “YouTube for Schools” has been deprecated: As of Aug 2015: New settings in Admin console for restricting YouTube content on managed networks

Way many organizations are now doing single sign on: Security Assertion Markup Language (SAML)

Chromebook integation for Meraki now just affects asset tracking

Meraki MDM supports iPad “multiuser off”

  • students can login to their iPad and then get “their apps”

Now discussing Apple Device Enrollment system

  • Biggest advantage is users cannot remove a Meraki security profile when device enrollment is used

Great Meraki webinars to join/view: (enter your registration info, and immediately get access to the video/webinar)

Meraki MDM Tip: For free iOS apps when you add them, put 1000 licenses so you have plenty available for however many devices you add it to

When figuring out your tagging strategy for iOS apps in your MDM, go from global to grandular: district tag, campus tag, classroom tag, etc.

With iOS 9: Can use DEP and serial number to push apps to iPads

Broadcast or Multcast traffic isn’t shown in Meraki dashboard

With Apple AirPlay and Bonjour: You can use BLE (Bluetooth Low Energy which is at 2.4 MHz – not adhoc mode) to connect and pair

With iOS 8: Bluetooth available in AppleTV for AirPlay, but in schools that poses problems, generally better to use wifi only for AirPlay, setup in separate VLAN


Posted

in

by

Tags: