Meraki Design Options and Guidelines
Cisco - Meraki Design Options
and Guidelines
Krish Venkataraman – Technical Marketing Engineer
kvenkata@cisco.com
PSOCRS-2006
Agenda
•
Introduction to Cloud Networking Architecture
•
Cisco Meraki Product Portfolio
•
MR Access Points
• MS Switches
• MX Security Appliances
• System Manager (MDM)
•
Cisco Unified Access and Meraki Branch Design Options
•
Cisco Unified Access and Meraki Wireless Guest Network
•
Meraki Security with Cisco Campus Network
•
Cisco ISE and PI integration with Meraki
•
Key Takeaways and Resources
Cisco Meraki
Introduction
2013: Cisco Acquires Meraki –
Cloud Networking Leader
SAN JOSE, Calif. – November 18, 2012
Cisco today announced its intent to acquire privately held
Meraki Inc., a leader in cloud networking. Headquartered in
San Francisco, Calif., with offices in New York, London and
Mexico, Meraki offers midmarket customers easy-to-deploy
on-premise networking solutions that can be centrally
managed from the cloud.
June 2015: Cisco Meraki Cloud-Managed IT
Location Analytics
Device Management
Next-Gen Firewall
All Managed from the Cloud
Switching
Bonjour Gateway
Intrusion
Prevention
User Management
Network Infrastructure
Content Filtering
IWAN / Routing
Auto VPN
Wireless
Unified Threat Management
Application
Management
Mobile Management
With Centralized Monitoring and Management
CONFIGURE
Location Analytics
MONITOR
Next-Gen Firewall
REPORT
Device Management
All Managed from the Cloud
Switching
Content Filtering
Bonjour Gateway
Intrusion
NETWORK | SECURITY | DEVICES | APPLICATIONS
Prevention
Auto VPN
User Management
Wireless
Application
Management
IWAN / Routing
For Any-Sized Organization
Increase/Decrease Scale –
Based on Needs
Manage a few sites…
Always-On reliability –
Connected to Cloud or Not
Fine-Grained Control –
Users, Devices & Applications
OR…Manage thousands of sites
Delivered Across the Globe
Network Infrastructure
Unified Threat Management
Mobile Management
Customers Are Adopting Cloud Networking
70,000
MORE THAN
50K
60,000
Cisco Meraki Customer Growth
50,000
40,000
CUSTOMERS
30,000
GREW BY
20,000
LAST 12 MONTHS
10,000
0
Q4FY08
Q1FY09
Q2FY09
Q3FY09
Q4FY09
Q1FY10
Q2FY10
Q3FY10
Q4FY10
Q1FY11
Q2FY11
Q3FY11
Q4FY11
Q1FY12
Q2FY12
Q3FY12
Q4FY12
Q1FY13
Q2FY13
Q3FY13
Q1FY14
Q2FY14
Q3FY14
Q4FY14
Q1FY15
108%
Cloud Networking
Architecture
Cloud Networking increases IT efficiency
Manageability
•
Scalability
Cost Savings
Installation in minutes and management with ease on a
Cloud Dashboard
• Integrated, always up to date features –
Auto update or On Demand
• Scales from small branches to large networks
• Reduces operational costs
Cloud Managed Networking Architecture
Network endpoints
securely connected to
the cloud
Cloud-hosted
centralized management
platform
Intuitive browser-based
dashboard
Out of Band Cloud Management
•
Scalable
•
•
WAN
Config & Statistics data
~1 kb/s or less/device
•
Reliable
•
•
•
•
LAN
Unlimited throughput, no bottlenecks
Add devices or sites in minutes
Highly available cloud with multiple datacenters
Network functions even if connection to cloud is interrupted
99.99% uptime SLA
Secure
•
•
•
•
No user traffic passes through cloud
Fully HIPAA / PCI compliant (level 1 certified)
3rd party security audits, daily penetration testing
Automatic firmware and security updates (user-scheduled)
Reliability and security information at meraki.cisco.com/trust
Cisco Meraki:
Bringing the cloud to enterprise networks
Meraki MR
Wireless LAN
Meraki MS
Ethernet Switches
Meraki MX
Security Appliances
Meraki SM
(Mobile Device Management)
Cisco Meraki
Product Portfolio
MR Series Aps
Indoor Wireless Access Points
Medium Branch / Small Campus
Campus/High Performance
MR18
MR26
MR32
MR34
• 802.11a/b/g/n
•3x3:2
• 600 Mbps
• 802.11a/b/g/n
•3x3:3
• 900 Mbps
• 802.11ac/n/a/b/g
•3x3:2
• 1.2 Gbps
• Bluetooth LE Radio
• 802.11ac/n/a/b/g
•3x3:2
• 1.75 Gbps
Outdoor Wireless Access Points
MR66
MR72
•
Outdoor environments
High-density deployments
•
Outdoor environments
High-density deployments
•
802.11n up to 600 Mbps
•
802.11ac up to 1.2 Gbps
•
Self-configuring, Self-optimizing Mesh
•
Self-configuring, Self-optimizing Mesh
•
Integrated Bluetooth Low Energy Radio
MR Access Points – Key Features
Centralized Management
Automatic RF optimization

Rapid Deployment with SelfProvisioning
 Control Applications, Users, Devices
 Automatic Monitoring and Alerts

Enterprise security
and Guest access
Application Visibility
and Control
Air Marshal™ wireless intrusion
prevention
 Secure guest access
 802.1x / Active Directory integration
 Dedicated Security Radio


AutoRF™ cloud-based
performance tuning
 High performance mesh routing
 Dedicated Radio for Monitoring
Deep Packet Inspection
 Traffic Shaping
 Cloud-Based Application Signatures
MS Series Switches
Cisco Meraki Switching Portfolio
Small Branch / Teleworker
Medium Branch / Large Branch
Layer 3 Fiber Switches
MS220-8
MS220-24/48
MS420-24/48
• 2 x Gig SFP Uplink
• 8 Port, PoE+
• 20 Gbps Switching Capacity
24/48 Port, Full PoE+
•
•
•
•
4 x Gig SFP Uplink
24/48 Gig Port, PoE+
External RPS
104 Gbps Switching Capacity
• All 10 Gb SFP+ Ports
• 24/48 Port SFP or SFP+
• Hot Swappable Redundant
Power, FRU Fans
• 960 Gbps Switching Capacity
Large Branch/Campus
176 Gbps Switching Capacity
Feature Rich
(Layer 3 OSPF, Virtual Stacking,
Packet Capture, AVC)
All 10Gb SFP+
Uplinks
Hot Swappable Redundant
Power Supplies
MS320-24/48
MS Switches – Key Features
Centralized Management
Virtual Stacking

Rapid Deployment with Self-Provisioning
 Control Applications, Users, Devices
 Automatic Monitoring and Alerts

Enterprise security
Application Visibility and Control

802.1x / Active Directory
integration
 PCI 1.0 and HIPAA Compliant
 Access Control Lists

Routing and Redundancy
Remote Live Tools and Alerts


Route Redundancy (VRRP)
 Dynamic Routing Protocols (OSPF)
 DHCP Failover, Relay, Servers
Scalable Management Architecture
 No Stack Licenses or Cables
 Zero-Touch Deployments
Deep Packet Inspection
 Packet Processing Engine
 Cloud-Based Application Signatures
 Voice optimization
Automatic 24x7 Monitoring
 Configurable Alerts
 Built-in Ethernet Cable Testing
MX Series Security Appliances
MX for Small Branch – Up to 50 Users
MX for Medium Branch – Up to 500 Users
MX for Campus/Large Branch – Up to 10000 Users
MX Security Appliances – Key Features
Centralized Management
Auto VPN

Rapid Deployment with Self-Provisioning
 Control Applications, Users, Devices
 Automatic Monitoring and Alerts

Application Aware Firewall
Content Filtering


Layer 7 Classification and Control
 Intrusion Detection Engine
 Identity-Based and DeviceAware Security
Auto-provision IPSec VPNs
 Flexible Tunnels, Topology and Policies
 Automatic VPN Parameter Configuration
Identity-Based Filtering Policies
 Scalable Database with
SafeSearch Integration
 Automatic, Cloud-Based Signature Updates
Failover and High Availability

3G/4G Cellular and Dual Uplink
 Warm Spare Failover
 Datacenter High Availability
Cisco Meraki System Manager (MDM)
Cisco Meraki Systems Manager
Central Device Management
Remote Deployment of Software
Enforce Settings and Restrictions
Fully Integrated with the
Cisco Meraki Network
Enterprise Connectivity
Asset and Inventory Management
Remote Troubleshooting and Live Tools
Meraki Systems Manager – More Features
Dynamic Security Profiling
Dynamic User Enrollment
Enterprise Wipe and Profile Removal
Application and Data Control
Network Group Policy Integration
24 x 7 Support
And even more ….
Systems Manager FREE up to 100 end points!

Networks with 100 devices or fewer do not require a license
 Networks with more than 100 devices do require a license for each device
 All networks will receive ongoing feature updates
Cost
24/7 Support
Features
<= 100 devices
> 100 Devices
Free
Paid
No
Yes
Full Set
Full Set
Cisco Meraki Software License
Cisco Meraki License –
One SKU includes all Support!
 Pay
as you grow with a subscription based licensing model
 One
Software SKU covers everything : Software, Support and Warranty
 Licenses
are available on a 1,3,5,7 or 10 year basis
Meraki Cloud
Dashboard
Unlimited Software
Upgrade
Automatic Patches
and updates
24x7 Support
Advanced NBD
replacement
Lifetime Hardware
Warranty*
*Except for Outdoor Access Points
Cisco Meraki License Categories
• MR & MS have one license that supports all features
• MX has two software license categories – Enterprise & Advanced
Enterprise License
Advanced Security License
Stateful firewall
All enterprise features, plus
Site to site VPN
Content filtering (with Google SafeSearch)
Branch routing
Kaspersky Anti-Virus and Anti-Phishing
Link bonding and failover
SourceFire IPS / IDS
Application control
Geo-based firewall rules
Web caching
WAN optimization
Client VPN
Cisco Campus &
Meraki Branch
On Prem and Cloud Managed Deployment Options
Optimized
for Ease of
Optimized for Ease
of Management
Optimized for Ease of
Management
Management
Hybrid
Cisco Enterprise
Core / Datacenter
Cisco
Meraki
Cloud
Managed
Mid-Market Business
Cisco
Meraki Edge
Optimized for Flexibility and Control
Cisco
Enterprise
Datacenter
Cisco Meraki
Branch
Enterprise and Mid-Market Business
Cisco
Enterprise
Branch Deployment
Meraki in Branch & Cisco in Campus
MX60
MS220
ISE
FW
ASR1K
CUCM
NX7K
Internet
VPN Cloud
MR32
Phone
PC
Cat4
K
VSS
Branch 1
MX60
ISR
MS220
L2 MEC
Access-3850
Campus
MR32
Phone
Branch 2
PC
Access-4K
Access-2Ks
PI
Branch Deployment – Branch 1
Meraki in Branch & Cisco in Campus
Campus
MX60
MS220
MS220
MR32
MR26
Branch 1 – Configuration Notes

MX Appliance manages the VLANs, Subnets and the DHCP Servers

APs are assigned Static IP by the MX

In the Voice VLAN DHCP scope Option 150 pointing to the CUCM
should be included

Either ISE or Cloud based Radius can be used for user authentication

VPN tunnel between MX & Campus is necessary to ensure connectivity
between IP Phones & CUCM in a Private Network

Cisco VPN peer is added as a ‘Non Meraki VPN Peer’ in the MX60 VPN
Configuration. Refer to the Branch Deployment guide for detailed
configuration
Branch Deployment – Branch 2
Meraki in Branch + Cisco in Campus
Campus
MX60
ISR
MS220
MS220
MR32
MR26
Branch 2 – Configuration Notes

MX Appliance is in Pass-Through mode performing Firewall,
Traffic shaping, Security & Content filtering operations.

The Cisco ISR operates as the DHCP Server, NAT to
Internet & VPN Peer to Campus.

Either ISE or Cloud based Radius can be used for
user authentication.

No Configuration changes in MS Switches & MR APs.

Refer to the Branch deployment guide for
detailed configuration.
Branch 1 & 2 – VoIP Configuration Notes

The MS switch is compatible with IP phones that can receive
LLDP-MED or CDP, and will automatically distinguish voice traffic from
computer data traffic behind the IP phone into their respective VLANs

QoS for the Voice VLAN is set as follows

Refer to the VoIP deployment guide for detailed
configuration information
UA & Cisco Meraki
Guest Network
UA & Cisco Meraki Guest Network
Campus
VSS Core
•
MR Access Points
providing only Guest
Network Service
•
CDP & Auto Smart
Ports features in
Catalyst can be
enabled
•
All Guest Network
configuration done in
the Dashboard
Access
MR 34
MR 34
MR 34
Wireless Guest Network Configuration

DHCP for Guest SSID enabled in the Dashboard
Wireless Guest Network Configuration

RADIUS server integrated in the Cisco Meraki Dashboard is a scalable
solution for Wireless Guest Network
Wireless Guest Network Configuration

User names need to be created in the Dashboard.
Network-wide -> Configure -> Users
Cisco Meraki Security
Option for Teleworker
Secure Teleworker Connectivity – Auto VPN
MX600
CUCM
ISE
PI
Z1
Cat6
K
Core
ASR1K
FW
Internet
VPN Cloud
Distribution
Guest iPad
Cat4
K
VSS
Phone
Home/Office
L2 MEC
Access
Access-3850
Campus
Access-4K
Access-2Ks
Corp PC
Teleworker Gateway Configuration

Auto VPN (patent pending) for Site-to-Site VPN connectivity.
No special configuration required.
Teleworker Gateway Configuration

Supports 4 SSIDs for Personal & Guest users
ISE and PI integration
ISE and PI integration with Cisco Meraki
Cisco
ONE Architecture
Cisco OnPrem
CLI, SNMP,
Embedded GUI
Cisco Meraki
Cisco ISE
Cloud Management
Policy and Control
MX
ISR / ASA
Catalyst
Cisco Prime
MS
Management
and Analytics
Aironet
MR
Flexibility
Simplicity
Identity Services Engine integration with Cisco Meraki
CISCO ISE 1.2
Meraki MX Security
Appliance
Meraki MR Access Points
Meraki MS Switches
Who are connected to my
Network – LWA
✔
✔
✔
✔
✔
✔
✔
✖
Are my Devices Complaint –
Posture Assessment
Limited
Limited
Limited
How do I handle Guests to
my company
Sponsored accounts
Guest VLAN
✖
Who are connected to my
Network – 802.1x
Who are connected to my
Network – MAB
What is connected to my
Network
✔
N/A
N/A
✖
Cisco Meraki & ISE Guide Available
 Cisco tested and validated
 Demonstrates compatible ISE use cases
 Refer to the Blog post for details
Cisco Meraki
ISE Guide
https://meraki.cisco.com/blog/2014/05/got-ise/
PI Integration with Cisco Meraki
•
•
Single Pane of Glass Visibility for Cisco and Cisco Meraki Devices
Includes
• Contextual Cross
• Discovery
Launch for control
• Reachability (Up/ Down)
• Client Count
Available from
PI 2.2!
Branch 2 Network – Demo
Key Takeaways &
Resources
Why Cisco Meraki – Customer Testimony
- Read Sheard
CIO, Westmont College
- Miles Davis
IT Director, Stanford University
Why Cisco Meraki – Customer Testimony
- Dominic Freeman
Community HealthCare System
Cisco Meraki – Simple, Innovative & Easy!

Cisco Meraki – Part of Enterprise Networking and
compliments the On Prem offering.

Full Stack of Cloud Managed Networking

Integrated hardware and Cloud Management architected to
‘Simply Work’

Try Cisco Meraki for FREE!
Link: meraki.cisco.com/eval
Cisco Meraki – Resources

Cisco Meraki Knowledge Base
https://documentation.meraki.com

Cisco Meraki ISE integration
https://meraki.cisco.com/blog/2014/05/got-ise/

Cisco Meraki VoIP Deployment Guide
http://www.cisco.com/c/dam/en/us/solutions/meraki-branch.pdf
Participate in the “My Favorite Speaker” Contest
Promote Your Favorite Speaker and You Could Be a Winner
•
Promote your favorite speaker through Twitter and you could win $200 of Cisco
Press products (@CiscoPress)
•
Send a tweet and include
Your favorite speaker’s Twitter handle @kvcisco
• Two hashtags: #CLUS #MyFavoriteSpeaker
•
•
You can submit an entry for more than one of your “favorite” speakers
•
Don’t forget to follow @CiscoLive and @CiscoPress
•
View the official rules at http://bit.ly/CLUSwin
Complete Your Online Session Evaluation
•
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner
will receive a $750 Amazon
gift card.
•
Complete your session surveys
though the Cisco Live mobile
app or your computer on
Cisco Live Connect.
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education
•
Demos in the Cisco campus
•
Walk-in Self-Paced Labs
•
Table Topics
•
Meet the Engineer 1:1 meetings
•
Related sessions
Thank you
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising