Hello, folks! And yet another weekend article! 💪
Today's topic is dedicated to Meraki
hmmm. I think something is wrong. Not this one.
I think I found the right picture:
Meraki is a Cisco product,which has grown leaps and bounds in the last 7 years, developing from a solid wireless provider with an awesome set of management tools to a Cisco-owned full network stack product including network switching,wireless LAN, mobile device management, next generation firewall, , security cameras, and IP-phone system.
The Meraki stack brings the incredible feature-set offered by Cisco, but without the necessity of depending on CLI (command line interface).
Instead all management and reporting is offered in a single web-based portal. This combination of smart management with the most powerful network toolset in the world gives Meraki a significant edge that all the other major players are chasing.
Why should you choose Meraki ?! Because of following:
It’s always available (cloud-managed)
Meraki takes suggestions seriously (Make a Wish)
The system offers better security in comparison to others
Inspection ,identification and resolving network issues requires a combination of data collection, isolation of problems,analysis and a poor engineer with advanced network skillsets 😂.
Meraki's ambitious of analytics and developing tools to assist in improving performance is quickly outpacing the industry with the soon to be released Meraki Insights, designed to give customers visibility into performance issues beyond your own network with visibility into ISP and application specific performance. For wireless customers, the new Meraki Wireless Health provides detailed information on wireless networks, identifying weak performing access points and providing context, so administrators can easily and consistently improve performance and fix it. Identifying and resolving network troubles is what keeps us up at night, Meraki lets us sleep easy.
Meraki's reporting and troubleshooting tools aim to simplify this process by providing complete visibility into physical layout of equipment and the route paths. The software includes embedded tools to remotely ping, blink LEDs, measure throughput, cycling of ports, Wake-on-LAN (WoL), conduct a traceroute, cable testing, remote packet captures, a learned MAC address table, and an understood ARP table.
Failover and High Availability
Designing a stable network demands engineers to carefully plan for disaster recovery and failover scenarios, while balancing performance for end-users.
Meraki has simplified this process dramatically in many number of ways, allowing even us to get engaged and providing us the opportunity to design something spectacular.
Meraki also supports the use of VRRP with a warm spare; the design allows for a maintaining 100% feature set with limited disruption. Embedded site-to-site SDWAN technology allows Meraki customers to provide optimized Internet performance and automated failover across WAN circuits, on-premise or public cloud.
The MX appliances provide built-in fault tolerance, automating the failover process without the need for a degree in dynamic routing technologies. The system automates the creation of mesh VPN connections between sites, making sure you are never dependent on a single site for routing.
Meraki will continue to route even in the event it cannot connect to the Meraki cloud data center, a seldom event considering Meraki maintains multiple datacenters with automated failover in the event of a tertiary location failure.
As a network house, we know failure is not an option, deploying Meraki is a solid way to improve the reliability of your network.
Management got easier thank Meraki
connection management among devices and their destinations, and ensuring security while prioritizing traffic has always been a headache.
Back in the day, network administrators must be skilled in many different products, utilizing different operating systems, different portals.
Using virtual stacking (up to 10,000 ports), projects like rolling out VLANS, updating STP or applying QoS policies becomes a couple of clicks in the GUI and is applied to the selected devices instantly
Roll-out of new sites is plug and play. Meraki allows for configuration in transit, giving the IT team the ability to dropship equipment and have local hands plug it in. The equipment is then connected to the network, grabs DHCP, connects to the Meraki cloud, receives configurations, and is ready for use.
Meraki takes the complexity away by moving all the various components of a network to one single pane of glass, with a single place to apply applications and group or user policies for all your infrastructure.
Enabling Mesh VPN between sites is now a tiny checkbox, eliminating the inconvenient process of setting up IPSEC tunnels between each device.
Regardless of the industry, data security is extremely significant, but often neglected by many. It can be incredibly challenging to choose the right solutions, apply the appropriate policies, design the physical layout, and maintain critical patches while maintaining the performance users expect.
For those on the Meraki platform, these challenges are laughable. Managing and applying content filtering across all devices is a dropdown menu, giving you granular control over what is blocked for who and when.
Rolling out patches is automated, improving the average of 100 days for patch application to less than 10 hours.
That is the reason why most of the moster-huge not IT enterprises leverage Meraki to meet their SEC-NEEDS!
Meraki has access to Cisco's robust security tools and is using tools like Snort Sourcefire for IPS/IDS and Cisco's advanced malware protection (AMP) database for real time review of files for malware. Depending on your security needs, additional tools may be required, but for the most ofthe businesses Meraki's included security tools will be a vast improvement on the current state of security
Layer 7 Visibility
I think we can all agree that traffic on a data network is not entirely equal. Some applications are so critical that performance degradation can bring an enterprise to its knees*Bottleneck Scenarios! 🤦 Yet most of our network tools have limited to no visibility into this important layer in the OSI model.
Meraki provides Layer 7 visibility through the entire network stack, from the Firewall to the endpoint. The solution can then make routing decisions and shape traffic based on the specific application, the importance you place on it, and the real-time nature of the traffic.
Layer 7 traffic shaping can also be used to identify and then control bandwidth hogs, allowing you to throttle traffic to social media, streaming services, or any other application that is wreaking havoc. This visibility also provides flexibility for administrators to allow specific traffic like Microsoft O365, SalesForce.com, or RingCentral direct access to the Internet while routing casual web browsing through more beefy security appliances at a headquarter site or a cloud firewall
Ok then what??! How can I configure Meraki ? What are some usual problems when having Meraki?
We even thought about that and now want to present you the solution to a common issue (Disaster for some people)
When you have Meraki Security device and have enabled Content Filtering, instead of an elegant fancy block-page you will see http://wired.meraki.com:8090 informing you why you are being blocked:
This is happening because your Corporate DNS resolves ‘wired.meraki.com’ to X.X.X.X, which you can also see if you look at the URL you are trying to connect to it on port 8090.
You can do an nmap of that IP will tell you port 8090 is not open, (only port 80 and port 443 are).
This is happening because if you were to use your Meraki Device for DNS forward lookups, it would ‘DNS Doctor’ the return DSN packet and insert its own IP address in there instead. That’s fine but most corporate networks don’t want to use their Meraki devices for DNS forward lookups.
The easiest way to resolve the problem, is with your own corporate DNS servers.
First you need the inside IP of your Meraki device(s). You can get these from the Meraki Dashboard (Security Devices > Addressing and VLANS). If you browse to that IP, you should se something like this:
Navigate to DNS Servers, and create a new forward lookup zone.
Next > Primary zone > Next > To all DNS Servers… > Next.
Zone Name = wired.meraki.com > Next > Allow only Secure… > Next > Finish.
In the newly created zone, create a ‘New Host (A or AAAA) record.
Enter the Inside IP or your MX device (only) > Add Host > Repeat for each Meraki device, if you have more than one.