If you weren’t aware, every Meraki device has a local status page for provisioning, configuration, and onsite troubleshooting. No need for a USB-to-console-dingus to get access to the unit locally. Simply connect an Ethernet cable to a LAN or management port on the device, open a web browser, navigate to setup.meraki.com, and be surprised by the lovely HTML5 local web console.
Several new switch features were introduced in Meraki’s MS10 firmware including loop guard, DIA, storm control, and LAN anomaly detection for improved control-plane monitoring and stability.
This serves as a quick look into some of the new enhancements available. More information including a full list of features can be found in the detailed firmware change notes within the Meraki Dashboard (Organization > Firmware upgrades page).
The Cisco Meraki team hit a major milestone this week. CRN, one of the largest network industry vendor publications recently announced the best selling enterprise firewall and wireless access point brnads of Q3, 2017 and the Cisco Meraki portfolio took the top spot in both categories.
Another week, another exciting round of feature enhancements from the Cisco Meraki Engineering team. The biggest announcement was the addition of a new Bridge-mode Client Isolation feature for MR networks.
L2 client isolation has been a distinguishing feature of Meraki NAT-mode SSIDs for some time and is an incredibly useful security tool to prevent wireless clients from communicating with each other on the same SSID. NAT-mode is great if public DNS, AP-delivered DHCP, and client IP NATing to the AP’s management IP is fine for your use case. Guest service in a click.
I was working on large Meraki MX VPN deployment project recently and was asked to explain a common theme I’ve had to give guidance on time and time again with customer VPN designs – how do you integrate non-Meraki VPN peers with an existing AutoVPN domain? Well, this is one of those topics that requires a little more detailed explanation and this seemed like a perfect place to unpack it.
How do the two VPN solutions work and what are ways we can cleanly merge the two together?
Last week Meraki released MX12-26 as the new stable release candidate firmware for MX security appliances. For those running Meraki MX networks, this is kind of a big deal.
New Warm Spare UI for MS and MX
Some of you may have noticed a slight change in the warm spare configuration in my recent MX warm spare design writeup. The Meraki UI/UX team has updated the warm spare configuration in Dashboard for both MX and MS. Configuration has moved to the switch and security appliance status pages.
The new interface is more intuitive all around. A particularly useful addition is the warm spare serial dropdown selection.
At a recent technology conference and I found myself answering questions on Meraki wireless design with a curious network engineer. His company was in the process of replatforming their corporate wifi to Meraki wireless and he had some questions around segmenting guest access.
Their existing wireless design used a single controller appliance positioned in a data center DMZ zone so guest wireless traffic could be filtered by a firewall (after exiting the controller). This has been a common deployment for adding firewall protection to untrusted wireless networks for almost a decade.
L3 Firewall Rules Programmable via API
The MX layer 3 firewall rules can be found under Security Appliance > Firewall > Layer 3 > Outbound rules in Dashboard. The L3 firewall ruleset allow outbound firewall filtering for all traffic crossing a routed boundary. This includes both inside-to-outside (LAN port > WAN port) packets as well as inter-VLAN routed traffic within the MX.
While the firewall UI makes adding or modifying rules simple, it’s not well suited for bulk import of hundreds or thousands of entries. Enter L3 FW API!
Building redundant WAN routing and security services mitigates a critical single point of failure in mission-critical networks. If a single gateway fails, a standby unit can seamlessly continue servicing clients without disruption.
There have been many proprietary and standards-based gateway redundancy protocols developed over the years to solve this problem. HSRP, VRRP, GLBP are all common examples.
The Cisco Meraki MX security appliance offers a similar HA solution called warm spare mode. Enabling this option provides a seamless way to create a highly-available pair of MX appliances with automatic configuration, gateway, and VPN peer syncing.