Here at Meraki, we like to take the traditional network experience (read: complex and expensive) and turn it on its head by making it easier to use and manage while keeping it affordable.  Recently, our engineers have been working on identity-based policy enforcement, a feature set that is typically found in only the most complex and expensive wireless LAN solutions.  Meraki’s new Identity Policy Manager (IPM) offers identity-based policy controls, such as per-user VLAN tagging and per-user access control lists, coupled with the easy-to-use graphical interface that our customers have come to know and love.  We see a lot of higher education organizations use this feature set to create different access policies for the various students, faculty, and guests that access the wireless network.  We also have seen larger businesses use these features to enforce granular access control over multiple sites.

With Meraki, these schools and businesses can implement these same access policies without having to pay dearly for them.  And, if you’re used to having to read bulky administrator manuals to configure features like these, we’re sorry to report that you may have to find some new bedtime reading material: A Meraki wireless network is so easy to configure that you won’t have to read a single configuration guide.  (Feel free to contact us for some good book recommendations.)

Please see our press release about our new IPM product. As you’ll see, MIT’s Computer Science and Artificial Intelligence Laboratory is currently using IPM successfully today.  Others can look for it in a few weeks when it becomes generally available, at no additional cost to Enterprise customers.

- Posted by Jed Lau

Starting in 2003, I led the RoofNet project with Sanjit Biswas, Dan Aguayo and Prof. Robert Morris at the Massachusetts Institute of Technology’s (MIT) Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, MA.  We spent a huge amount of our time in the lab building prototypes, deploying networks ourselves, and working on technology to make wireless more reliable, accessible, and simpler. This work and technology served as the catalyst for Meraki’s formation, and 7 years later we’re proud to have the technology and product deployed across tens of thousands of networks and be the backbone of a company with incredible momentum.

Because CSAIL is the birthplace of Meraki and MIT is the alma mater of myself and Meraki’s two other co-founders, we have always felt a special connection to the university.

The future of networking is in wireless – it’s a requirement in the workplace and something everyone needs to be effective. Given this fact, and our strong ties to the MIT community, you can imagine our excitement in sharing that today, MIT’s CSAIL is now officially a customer of Meraki.  CSAIL made the decision to switch from its primary networking vendor, a well-known provider, because of a growing number of complaints about reliability, performance and manageability. MIT will deploy 80 Meraki MR14 access points to improve reliability and performance throughout the building for more than 800 faculty, staff, and students.

We are incredibly pleased to have partnered with MIT and CSAIL on this project, and look forward to supporting their initiatives with Meraki.

- Posted by John Bicket

Today we are very excited to announce the release of a new free tool for the IT community: the Meraki WiFi Stumbler, the first browser-based wireless scanner.  WiFi Stumbler provides detailed, real-time and continuously updated information about nearby wireless networks (even those with hidden SSIDs), including the type of access point, MAC address, wireless channel, signal strength, encryption type and more.  It also features built-in search, sorting and filtering capabilities to make it easy to quickly find the data that you need when in the field troubleshooting networks.

So what is cool about the fact that it runs in a browser?  This means that there is no need to download and install software, making it a very convenient tool that can you can quickly have up and running whenever you need it.  WiFi Stumbler will run in most browsers on either a PC or a Mac, and it can even be used when you are not connected to the Internet if your browser supports HTML5 offline mode (currently only Firefox 3.5, but Safari and Chrome support should follow soon as well).

You can use WiFi Stumbler to optimize coverage and performance of existing networks, troubleshoot wireless performance issues, find rogue APs and perform basic site surveys when planning deployments.

The Stumbler web page has the same clean, intuitive feel as the Meraki Dashboard that our customers have come to expect from our products.  Here is a screenshot:

We will be adding new features and functionality to Stumbler on an ongoing basis – these features will be available to all users as soon as they are released.  And since the tool is browser-based, there is no need to download and install the latest version of software, or add patches or software updates to get these features.  Just reload the tool in your browser and the updates will “magically” appear.

Check out http://meraki.com/tools/stumbler for more details and to try it out.  WiFi Stumbler is still in beta release, so if you find any bugs or have any suggestions for new features please let us know using the Wish box in the tool.

We hope you find this to be a useful addition to your toolkit!

-Posted by Greg Williams

We’re happy to share that we’ve launched the Meraki Network Simulator: a free demo version of the Meraki Enterprise Cloud Controller that allows you to try out all of our web-based tools without purchasing or setting up physical access points.  For a long time, we’ve wanted to enable potential customers to test out the Meraki Dashboard without physical hardware.  The Meraki Cloud Controller is the most unique piece of our wireless LAN offering, providing simple centralized management to network administrators any time and any place over the web.  You really have to experience it personally to understand why it’s such a revolutionary way to manage your network.

The Meraki Network Simulator contains several sample networks that allow you to see how Meraki could work for you.  We’ve even populated the Cloud Controller with real-life data that we’ve captured and anonymized, so you can get a realistic picture of how the Meraki Dashboard looks on a live network.  Here’s a taste of what you can do with the simulator:

• Test-drive the Meraki Enterprise Cloud Controller for free, without purchasing hardware
• Experience the complete Cloud Controller configuration UI

• Test-drive Meraki’s network monitoring features

• Try out sample networks for office, university, and conference use cases

• Create your own blank network simulation and set it up from scratch, configuring simulated access points

Try it out and let us know what you think!

- Marie Williams

When you’re investigating mesh wireless issues, it’s important to know which mesh neighbors are seen by each access point (AP).  Here is a quick tutorial of how to best utilize the built-in features in Dashboard that allow you to check out who is talking to whom in the mesh and what the quality of the links are:

1. In the Dashboard, go to Monitor -> Access points.
2. Click an AP in the list.

3. Scroll down to the section Neighbors. (See screen shot below).

The Neighbors section reveals the mesh APs seen by the AP you’re currently looking at. Using the example above, the AP is directly communicating with four mesh neighbors: Outdoor, Indoor, MR14, and MR58. The other columns in the table provide useful information for troubleshooting wireless problems:

Dist (m)
Shows the distance from the AP to each neighbor in meters (Make sure to place the APs on the map accurately in order for these distances to be meaningful).

Radio
Describes which radio (if neighbor is a multi-radio device) of the neighbor is communicating with the AP.

Signal (dB)
Measures the received signal strength indication (RSSI) of the RF signal from the neighbor. This measurement correlates to a value in decibels (dB). For example, an RSSI of 10 is considered a very weak signal. To improve the signal: move APs closer to each other; create a better line-of-sight; consider using a more powerful antenna; eliminate RF interference; or try a different RF channel.

Fwd
Reports the percentage of packets successfully delivered from the AP to its neighbor. For example, 75% means that 3 out of every 4 packets made it to the neighbor from the AP; in other words, there’s 25% loss.  Good quality links typically will show no more than 10-15% packet loss.

Rev
Reports the percentage of packets successfully delivered from the neighbor to the AP. Good quality links will typically have no more than 10-15% packet loss.
If you don’t see a particular mesh AP in the list, that means the AP you’re looking at can’t see it. If it could, that mesh AP would be present in the Neighbors list.

Can you think of other information you’d like to see reported in the Dashboard? Let us know by entering your feedback in the “make a wish” field.

-Posted by Ahmed Akhtar

Last week we upgraded all Standard networks to Pro at no charge. We thought we could provide the best service to our Standard customers by consolidating Standard and Pro to offer the same feature set.

This upgrade means Standard network operators will have the exact same features as Pro, including billing features, captive portal control, and our recently expanded Pro features such as splash pages and encryption on both SSIDs.

We hope everyone enjoys the new features!

I’m happy to announce that PC Magazine has presented us with the coveted Editor’s Choice award for our enterprise wireless LAN solution!  Arriving on the heels of a 4-out-of-5-stars review, which you can read here, the Editor’s Choice award is bestowed upon only the top 17% of products reviewed by PC Magazine.

We are humbled by the glowing review and award.   By receiving them, we further dedicate ourselves to our mission to provide an affordable yet feature-rich wireless LAN solution that is easy to deploy and manage.  It is this benefit that delights our customers and that is clearly resonating in the market.

- Posted by Jed Lau

We’ve got two big announcements today for our enterprise customers – significant new product features, and a lifetime warranty on all indoor enterprise access points!

Lifetime Warranty on Indoor Enterprise APs

We put a lot of care into building solid, high-quality products. We think our APs should last a lifetime, and now we’re putting our money where our mouth is.

Effective immediately, all of our enterprise-class indoor access points – including our most popular model, the MR14 – are covered by a lifetime warranty. This upgraded coverage applies retroactively to existing units as well as to new purchases, and is free of charge.

We’re also offering free advanced shipping – a first in our industry. This means that if your access points need replacement, we’ll ship out new units immediately, rather than waiting to receive your APs before sending out replacements.

Since we’ve seen very few failures, these new policies won’t affect the vast majority of you.  But we hope that these policies will make infrastructure budget planning easier for some, and add peace of mind for all.

New Enterprise Features

We’ve been working hard on new features for our enterprise products and we’re excited to announce that they’re available for you to use on your networks today.

Network Analytics

We now automatically generate periodic analytics reports of the activity on your wireless network. These reports show the usage and reliability of the wireless network, bandwidth trends, device popularity, mobility, and more. These are great for network operators, as well as their staff and management. We’ve even had beta users post parts of the reports to their blogs. Wondering which operating systems are most popular on the Stanford Computer Science department’s wireless network? See here. (Hint – Apple is taking over the world.)

Check out a complete sample, from Stanford’s Computer Science Department:

Rogue AP Detection

This feature protects against 2 kinds of security risks.  In one, a hacker can place an access point near your network that broadcasts the same SSID as your legitimate device.  If users inadvertently connect to it, they could enter sensitive information (like their network login) into the malicious device.  In the second case, one could plug a wireless access point into the wired LAN, without the appropriate encryption and access control – providing an opening into your network.  More often than not, this is done by an employee who does not know that he is putting the network at risk.

These two types of “rogue APs” can be detected with dedicated software tools – provided you physically walk around your coverage area with a laptop.  We’ve integrated rogue AP detection into our access points and monitoring software, so the Meraki network can continually monitor the airwaves for you and alert you upon signs of trouble.

Here at Meraki’s San Francisco office, our engineers plug in test devices left and right, giving a fertile testing ground for this feature:

Event Logging

We now expose fine-grained event logs in the Meraki Cloud Controller, giving precise visibility into where, when, and how devices are connecting to the network, and aiding in troubleshooting and device tracking.

Support for 16 SSIDs

We’ve upped the maximum number of SSIDs from 4 to 16.  While most customers have one SSID for their secure corporate network, and another open network for guests, some of our users have dedicated virtual networks for specialized equipment and devices, SSIDs with different bandwidth limits, etc.  Westmont College, one of our customers whom we’ve mentioned on the blog before,  has an SSID for their WiFi-controlled HVAC system, and Stanford’s Computer Science department has a dedicated SSID for their experimental robots!  Now that we support 16 SSIDs, you can have a dedicated SSID for your wireless toaster oven and not run out.

Availability (and the beauty of SaaS)

Since the Meraki Cloud Controller is a cloud-based software service, these features (and many other improvements) are available immediately – with no upgrades to purchase, and no software to download or install.

Within the next few days and weeks, we’ll dive deeper into some of these features here on the blog – exploring use cases, tips, and tricks.  In the mean time, give them a spin on your networks!

-Posted by Kiren Sekar

Frequently when using my Meraki Dashboard account, I find that I’m interested in more information than is displayed by default on the Dashboard. This may be true for Access Points, Clients, or Logons. The “Display options” link on these pages is a little button with big value to help me learn more about my network.

Here is the link on the Access Points page:

Click on the link to discover the fields that you can display:

Add those fields that are most helpful to you and hide the fields that you don’t need.  This way you can display the information that provides the most value to you while eliminating unnecessary clutter.

There are plenty of great ways to use this data to trouble shoot. For example, when there is a connectivity issue on a portion of a network, I add the Gateway field and sort the APs by gateway. Frequently I discover that the outage is associated with a single gateway… that tells me to look at the wired network and ISP service supporting that particular gateway. There are many other ways to sort these fields that can help you to better understand your network performance and behavior.

We hope this helps make your Dashboard experience even better.  We’ll periodically share our favorite Dashboard features with you to help you make the most of the troubleshooting tools at your disposal.

-Posted by Jeff

With so many different types of wireless devices out there today, you’re probably experiencing radio frequency (RF) interference in your wireless network whether you know it or not. RF interference is ubiquitous and there is no way to completely avoid it; the best you can do is identify sources of interference and take them into account when designing your network.  Meraki has introduced a new tool in Dashboard to determine whether interference is affecting your network adversely and to help you optimize your network for the local RF environment.

In the Meraki Dashboard, go to the access points list under the Monitor tab, and click on any active access point.  The channel utilization graph shows the percentage of time the access point has seen RF interference on its channel.  For example, if the access point is operating on channel 1 in the 2.4 GHz band, then the graph will show the amount of time channel 1 has seen interfering RF energy.

The percentage of utilization on the channel proportionally affects the peak performance that access points will be able to achieve.  Percentages higher than 30% can cause considerable connectivity issues. Here are some suggestions for reducing or coping with high levels of interference:

1.  Perform an RF site survey before deploying your network.  You can use the Real-Time Spectrum Analysis tool found on the Client Survey Tool tab of my.meraki.com with a battery-powered access point or a 3rd party spectrum analyzer to get an overview of the RF environment in your chosen place of deployment before installing your APs.
2.  Remove interfering devices from the area.  Common culprits are 2.4 GHz cordless phones, Bluetooth gadgets, microwaves and wireless video cameras.  A 3rd party packet sniffing tool can be very helpful to identify and locate interference sources.
3.  Ensure adequate wireless coverage to avoid weak spots; a weak signal from your access points is more easily degraded by local RF interference compared to a strong signal.
4.  Avoid using the same channel as neighboring wireless networks.
5.  Turn on channel spreading in Dashboard (go to the Configure tab and click on Network-wide settings) so access points can individually pick their own channel based on the RF interference they detect.
6.  If you are using Meraki 802.11n hardware, consider using the 5 GHz band to avoid the often congested 2.4 GHz band.

Using this new tool and following these simple tips will help you minimize RF interference effects in your Meraki network and optimize performance.

-Posted by Ahmed Akhtar

We want Meraki Dashboard to be the most functional, intuitive, and beautiful network administration system available. As of today, you can check out Dashboard’s next evolutionary step: a new layout, and new functionality, that organizes Dashboard’s appearance, makes some common tasks easier, and adds power to common pages.

The new features include:

• More of your screen real estate is used for content—for instance, maps are bigger.
• Go between pages with one click by hovering over the left-hand “tabs.” (They aren’t really tabs any more; we’ve been calling them “pills,” but you can probably come up with something better!)

• Use checkboxes on the access points page to act on many access points at once.
• Shift-click markers on the maps page to select multiple access points, then drag them as a group. Adding access points to Enterprise Edition custom maps is also easier.

We’ll be adding even more in the coming weeks. The new interface is beta for now—click the “Test drive” link in the upper right to try it out. And as always, let us know what you think!

- Posted by Eddie Kohler

Have you ever been out there troubleshooting a wireless issue and wishing you had more diagnostic tools at your disposal?  Check out http://my.meraki.com when you’re wirelessly associated to a Meraki network.  This web site provides useful information about your wireless environment and the specific Meraki access point (gateway or repeater) to which you are connected.

Check out the screen shot below to see all of the cool tools available on the different tabs of my.meraki.com.

The Access Point Status tab reveals basic information about the access point:

-    MAC address
-    Name
-    The network it’s a member of
-    Connectivity to Internet
-    Connectivity to the cloud controller
-    Firmware

The Client Survey Tool tab shows real-time spectrum analysis and client signal strength. The spectrum data comes in handy when you’re researching potential interference from other RF sources, e.g. non-Meraki access points, 2.4 and 5 GHz cordless phones, leaky microwaves, etc. Use the signal strength data to calculate the RF propagation and coverage area of the access point. Perform a quick and easy site survey with these tools by powering the access point with a battery pack:

1.  Wirelessly connect to the Meraki network from a laptop.
2.  Browse to http://my.meraki.com.
3.  Walk around with the battery-powered access point, closely watching the spectrum analysis and signal strength readings in the web browser.

You can even run a quick speed test from the access point to the laptop. In this test, the access point creates and sends data packets to the laptop from itself; these data packets are not coming from the wired network. For example, if you’re experiencing speed problems, but you get blazing speed during this wireless test, then you know the RF side is not contributing to the problem, allowing you to focus on the wired network instead.

The Mesh Neighbors tab displays a table containing data about each of the nearby Meraki access points:

-     Name
-     MAC address
-     Signal Strength
-     Percentage of packets successfully forwarded (transmitted)
-     Percentage of packets successfully received
-     Distance from the neighbor to the access point to which are you connected

If you happen to be looking at a gateway, you can also see the repeaters in its mesh route(s).  This information is very helpful when optimizing network design to maximize coverage and link signal strength.

Finally, the Static IP Configuration tab let’s you configure the IP address settings for the access point.

These tools are very useful when you’re deploying and/or troubleshooting Meraki wireless networks. They can be used to resolve a number of problems, including connectivity, speed, interference, signal quality, and coverage.

What other tools do you think we should include on this page? Let us know!

-Posted by Ahmed Akhtar

Since releasing enhanced voice and video capabilities earlier this year, we have seen growth in the number of video and voice applications running over Meraki wireless networks.  Physical security and voice/data convergence have been implemented broadly over wired networks in the last decade, but providing these applications over wireless networks is a more recent trend.  Our customers have been able to deploy these applications easily and reliably by utilizing a number of features in the Meraki solution:
1.       WMM and Power Save capabilities enable wireless devices to obtain quality of service (QoS) and conserve battery power, respectively, when associated to a Meraki wireless network.  With these features, wireless surveillance cameras and VOIP handsets can stream audio and video content with the best performance available, and at the same time, spend less time docked in battery chargers.
2.       Offline mode allows multimedia devices to continue operating in the LAN, even if connectivity to the Meraki Cloud Controller is not available.  Surveillance cameras can still stream to monitoring stations on the LAN, and mobile handsets can continue to place or receive calls, regardless of network changes outside the LAN.
3.       Bridge mode provides seamless connectivity between wireless and wired devices.  With this feature, surveillance cameras, DVRs, VOIP phones, monitoring stations, and any other networked devices that send or receive multimedia data can discover and connect to each other without any network barriers.
4.       VLAN tagging helps ensure that wireless multimedia traffic gets QoS prioritization over the wired network.  Wireless surveillance cameras and VOIP handsets can associate to Meraki over a dedicated SSID, whose traffic can be VLAN-tagged to get VIP treatment by the upstream switches and routers.
5.       Meraki’s mesh networking technology just works, without any additional configuration.  Meraki access points communicate with neighboring Meraki access points to provide wireless coverage in areas where Ethernet ports are not available.  In this way, an administrator can deploy a video monitoring environment or a wireless VOIP network quickly and easily.

All of these features work in concert to provide a superior multimedia experience over the Meraki wireless network.  As an illustration of this capability, below is a screenshot that one customer sent us, depicting 15 wireless surveillance cameras streaming video across a Meraki network to a DVR on the LAN.

We are excited about this convergence in voice, video, and data over the wireless LAN, and we will continue to invest in features that make this convergence easier and more reliable for enterprise customers.

-Posted by Jed Lau

WPA-Enterprise encryption with 802.1X authentication is the method of choice for providing secure access in an Enterprise WLAN environment.  Unfortunately it’s also notoriously tricky to configure, with a range of possible configuration issues involving the three key players in the system (client devices, access points, and the RADIUS authentication server itself).

We’re pleased to announce a handy diagnostic tool in our Enterprise Cloud Controller which helps identify many problems with a custom 802.1X setup.

After configuring your RADIUS server for 802.1X, you now have the option of testing your setup directly from Meraki Dashboard:

Enter the username and password for a test user and click the Test button. The system initiates a test from each of your Access Points to your RADIUS server using 802.1X authentication with PEAP and MS-CHAPv2. Each AP in the network is individually tested; this enables us to detect network issues or RADIUS server configuration problems that might affect only a few of your APs.

If all goes well, you’ll see results like this:

If there are test failures, however, you’ll see results like these:

In this example there was a timeout while attempting to reach the server from one out of five APs tested. This error often results from forgetting to add an AP’s IP address to the whitelist on your RADIUS server, and it’s usually a very difficult error to discover and debug.

We think this is a useful tool that makes it super easy to troubleshoot the security of your WLAN.  In addition, this tool provides peace of mind that each AP can authenticate users correctly.  Automated testing is especially valuable in large, 100+ AP environments, where testing each AP manually could literally take days.

We look forward to hearing your feedback about it!

-Posted by Ben Chambers

Meraki network admins can now block or whitelist many client devices in one easy step.  Go to the usage page, select some checkboxes, and select Actions > Whitelist (or Block, or Normal).

Want to block all Apple devices?  Try searching for “mfr:apple”, then Select: All and Block.  Or shift-click to select many checkboxes at once.  Many of our customers have requested better tools for managing many client devices; we think this is another great step in that direction.

Enterprise customers get an additional feature: the usage graph shows you how much the checked clients have transferred over time.

Want more features?  Make a wish!