Cisco Meraki: Robust networking stack
Want to push the easy button on your network?
I recently attended a Cisco partner training for Cisco Meraki. The highlights were walking through a workbook of tasks to configure a full Meraki stack. The stack includes the security appliance, ethernet switches, and a wireless access point. I have used a Meraki wireless device since February 2014. I thought I knew a bit about Meraki and the configuration interface. Because my only device was an old the capabilities and simplicity Meraki brings to networking surprised me.
In traditional networking when you get a new device you pull it out of the box, plug it in, and connect a console cable. Then you either push down a configuration you have already created or worse you just configure it on the fly. While this method works and has for years it does have problems of its own.
The first is that it is time consuming. Follow the process above we haven't yet racked the device, cabled it up, or tested connectivity. All those tasks are yet to come once we have a safe config. The second issue is that in some scenarios you have to get the configuration right the first time. This means you need to understand all the protocols and nuances of the hardware you are working with. In an ideal world we are all experts. But this is not an ideal world and you might have a junior engineer setting up devices. Remember what used to happen with Cisco switches and VTP? The third is that after the initial configuration you are still stuck with a command line interface (CLI). Which isn't a bad thing but why hasn't the configuration process evolved? With Cisco Meraki it has changed and here are my thoughts.
The first thing you notice about Meraki is that you don't configure via a console port. All configuration is done with a web interface. This is breath of fresh air compared to traditional CLI configuration. The first task is to add devices you have purchased via their serial number. This opens up the areas relevant to the device types you own (security, switching, wireless). Here are a few screen shots of the user interface.
AP Summary View
The changes are saved within the cloud management platform as you configure the network. Once a device boots and has an IP address it will connect over the internet to the could management platform. Based on the serial number the device will pull a configuration and apply the configuration. This sounds remarkably easy and it is. Meraki has done an amazing job with their product suite. The great part though is that once a device is working it returns information back to the cloud management platform with relevant device statistics. Think about the data you normally get via SNMP. This is all pushed to the cloud management platform and viewable either in summary reports, client based reports, or individual device and configuration reports.
What does Meraki offer?
I have included links because I don't intend to give a thorough overview of each product line. Meraki does a better job of that.
Meraki began as a wireless company. This is their most mature platform. The offer the standard features you'd expect 802.11 a/n/ac with support for legacy protocols. Their interface allows for configuring multiple SSID's, enabling security, splash pages, etc. In addition to that you can configure both Layer 3 and Layer 7 access control. As well as throttling and rate limiting of individuals our groups.
On the ethernet switching side, the MS product, they again bring the standard features you'd expect to see. Support for RSTP. All access ports are GigabitEthernet. The aggregation switch only has 10 GbE ports. And they have a switch model for either Layer 2 or Layer 3 depending on your needs. And of course they support power over ethernet to power phones and access points. These also provide data back to the management platform to identify neighbors and hosts over switch ports, DHCP, etc.
The MX line are security appliances. What I didn't realize is how easy it is to set up site to site VPNs. Once you have configured your LAN networks you simply choose which will be used with VPN. Then you can choose hub and spoke or site to site. Networks are other locations are automatically included in the VPN. Doing this manually with CLI would require connecting to each remote router and applying a new configuration. Depending on the size of your network that could be a large undertaking that only requires a few clicks on the Meraki interface.
Meraki has a feature rich mobile device management (MDM) platform. It is free up to 100 users and supports a variety of popular devices (iOS, Android, Windows Phone, Windows, OS X, and Chrome OS). If you want to manage corporate owned devices on a budget this is a great place to start. I know I sound like a broken record but all the standard features are here and it is easy to use.
Ok. You must be thinking is there anything wrong with the Cisco Meraki solution? It isn't perfect. Having used the CLI my entire career there times when I felt like it would be nice if I could bulk import a text file to apply config. There is a bulk config input but it is hidden from the initial interface. There are many things that can be done in bulk with the proper knowledge of the interface. The other problem is troubleshooting if you lose a box and/or you are without internet. If the device can pull down its configuration it stays in a permanent search cycle for the cloud management platform. Console access would be a nice feature.
Those problems aside I feel as though Cisco Meraki has a robust networking stack. It is certainly in competition to their existing switch line on the access and distribution side. That also means it works well as a replacement for traditional Cisco in those areas. The customers I think would benefit the most from a Cisco Meraki solution are retail, small to medium business, and education customers.
If you would like to see a full walk through of setting up the full stack. Todd Nightingale, Cisco VP of Strategy & Systems Architecture, did a demo at Cisco Live 2014 in San Francisco. Click here.
Also, my full disclosure is available.