@Meraki #CMNA

Certified Meraki Networking Associate

Technical Training Program, 2015

© 2015 Cisco and/or its affiliates. All rights reserved. 1

About Cisco Meraki

© 2015 Cisco and/or its affiliates. All rights reserved. 2

 IT should be simpler to
monitor and manage

© 2015 Cisco and/or its affiliates. All rights reserved. 3

Single pane of glass management for the enterprise

Cloud Managed WiFi Cloud Managed Network Cloud Managed Enterprise

(2006) (2010) (2015)

?
Cisco Meraki MR Cisco Meraki MS Cisco Meraki MX Cisco Meraki SM (future)
Wireless LAN Ethernet Switches Security Appliances MDM

© 2015 Cisco and/or its affiliates. All rights reserved. 4

Changing landscape driving common challenges

Explosion of devices

Need fast, reliable access to mission critical applications in the cloud

24/7 support for global operations, distributed sites, access everywhere

Rapidly changing security and threat landscape

New applications, features, business needs coming online quickly

© 2015 Cisco and/or its affiliates. All rights reserved. 5

Meraki value proposition
Deploy and grow networks at branch locations or large campuses easily and rapidly

Manage and monitor those networks with robust analytics from a single pane of glass

Reduce administrative overhead with simple all-inclusive licensing model and tools

For the SMB For the campus For the distributed enterprise

© 2015 Cisco and/or its affiliates. All rights reserved. 6

Better Together – Full Stack Integration

End-to-end visibility &

Unified group policies Network summary reporting
troubleshooting

See everything, from the firewall Configure group policies that Get a comprehensive view of
to the mobile devices, to apply to both wired and wireless wired and wireless clients and
facilitate remote troubleshooting clients traffic across your entire network

© 2015 Cisco and/or its affiliates. All rights reserved. 7

Cisco Meraki cloud architecture

© 2015 Cisco and/or its affiliates. All rights reserved. 8

Cloud-managed networking architecture

Network endpoints securely

connected to the cloud

Cloud-hosted centralized
management platform

Intuitive browser-based
dashboard

© 2015 Cisco and/or its affiliates. All rights reserved. 9

Benefits of a cloud-based solution
Scalable
Unlimited throughput, no bottlenecks
Add devices or sites in minutes

Reliable
Highly available cloud with multiple datacenters
WAN Management Network functions even if connection to cloud is interrupted
data (1 kb/s)

Secure
No user traffic passes through the cloud
Fully HIPAA / PCI compliant (level 1 certified meeting DSS v3.1)
3rd party security audits, daily penetration testing
*Reliability and security information at meraki.cisco.com/trust

Future-proof
New features pushed through firmware, guided by customer feedback
Automatic firmware and security updates (user-scheduled)
© 2015 Cisco and/or its affiliates. All rights reserved. 10
 N
et
w
or
k

JUL 2014
re
D po
2014 - 2015
H rti
n
CP g

© 2015 Cisco and/or its affiliates. All rights reserved.

Se by
rv ta
er g

MX Security
H an
ot
sp d
ot Fa
2. ilo
0 ve
1:
m for rL
an W 3
y i-F
N io
St AT ffl
an oa
da d
lo
Rapid feature velocity

ne
N Si
te
et
w Su
or rv
k

MS Switching
To ey
O po
ne lo
Sy gy
ste
m
sM
M an
R3 ag
2 er
80
V 2.
11
PN ac
ta
gg w
ith
MR Wireless

in
Po g BL
rt E
Is
ol
at
io
N n
et
flo
w
In
Sy te
gr
ste at
m io
sM n
Ph an
ys ag
ic er
al Se
St nt
ac ry
IW ki
A ng
N
JAN 2016

Systems Manager MDM

?M
ak
e aw
ish
11

…
Expanding product portfolio
2014 2015 2016

MX Security
MX64 MX64W MX84 MX65 MX65W

MS Switching
MS350 family MS410 family

MR Wireless
MR18 MR26 MR32 MR72 MR42

SM MDM
Systems Manager

© 2015 Cisco and/or its affiliates. All rights reserved. 12

Simple, all-inclusive licensing
A Meraki solution includes a 1:1 ratio of hardware and licenses

Licensing is required and includes:

Centralized management and network-wide
+ visibility and control
Seamless firmware and security updates
Phone support and lifetime warranty (except
hardware license outdoor APs)

© 2015 Cisco and/or its affiliates. All rights reserved. 13

Cisco Meraki positioning

© 2015 Cisco and/or its affiliates. All rights reserved. 14

Identifying a Cisco Meraki Opportunity

CUSTOMER REQUIREMENTS CISCO MERAKI VALUE

Rapid network deployment Single pane of glass management
End-to-end visibility Robust analytics and usage statistics
Network management at scale Fast and efficient guest access
High availability and redundancy Configuration templates
Creating new value from the network
All inclusive licensing
Managing endpoints
Integrated MDM
Reduced IT overhead
Integrated location analytics

© 2015 Cisco and/or its affiliates. All rights reserved. 15

Cisco On-Premises and Cisco Meraki positioning

Cisco On Premises Cisco Meraki

Flexible deployment and configuration options Easy to deploy and manage over the web

Highly customizable and advanced feature sets Out-of-the-box optimized feature sets

Advanced professional services, extended support Ongoing managed upgrades and enhancements

Extensive integration capabilities Optimized for lean IT and pulling value from the
network

Both portfolios offer significant professional services opportunities

© 2015 Cisco and/or its affiliates. All rights reserved. 16

A Cisco solution for every use case

Cisco On Premises Hybrid Cisco Cloud Managed

Aironet MR

Catalyst MS

ISR / ASA MX

ISE / PRIME Systems Manager

© 2015 Cisco and/or its affiliates. All rights reserved. 17

Partnering with Cisco Meraki

© 2015 Cisco and/or its affiliates. All rights reserved. 18

Positioned to generate partner revenue

PRE-SALES & SALES DEPLOYMENT ONGOING MANAGEMENT

Differentiated product enables Cloud model enables faster, Remote monitoring and
access to new markets cheaper installation and management reduces operating
deployment costs for managed service
Cloud license model creates providers
ongoing revenue

All sales and services are done through the Channel

© 2015 Cisco and/or its affiliates. All rights reserved. 19

Tools and resources built for our Partners

Cisco Meraki Partner Portal

A one-stop shop for Partner tools and resources
merakipartners.com

Deal registration Lead gen tools Free trials Ongoing training

Register an opportunity for Use your customized Get your customers to fall Sign up for technical
additional margin potential referral link to refer a in love with Cisco Meraki webinars to stay up to date
customer to a webinar – by starting them with a on the newest Meraki
qualified attendees will free trial releases and competitive
receive a free AP! positioning

In the US only, Meraki products are now sold through Cisco CCW/GPL.

© 2015 Cisco and/or its affiliates. All rights reserved. 20

Getting Started

© 2015 Cisco and/or its affiliates. All rights reserved. 21

Cisco Meraki for the SMB

© 2015 Cisco and/or its affiliates. All rights reserved. 22

Meraki for the SMB

Deploy inherently secure networks utilizing

cloud based services and intuitive
configurations
Fast and efficient guest access UTM

Simple splash page deployment with billing

Access
Cloud-based user authentication

Cloud CMX analytics

Guest PCI Office
Integrated MDM

Customize security feature sets

Out-of-the box WIPS and Auto RF

© 2015 Cisco and/or its affiliates. All rights reserved. 23

Demo

© 2015 Cisco and/or its affiliates. All rights reserved. 24

Cisco Meraki Product Portfolio

© 2015 Cisco and/or its affiliates. All rights reserved. 25

 Cisco Meraki MX Security Appliances
Product Overview

© 2015 Cisco and/or its affiliates. All rights reserved. 26

MX Security Appliance
Feature highlights

Security
NG Firewall, Client VPN,
Site to Site VPN, IDS/IPS

Networking
I-WAN, 3G/4G Cellular,
Static Routing, Link Balancing

Application Control
Traffic Shaping, Content
Filtering, Geo Firewall Rules

A complete unified threat management solution

9 models scaling from teleworker and small branch to campus / datacenter

© 2015 Cisco and/or its affiliates. All rights reserved. 27

MX Security Appliances: Models
Firewall
Users Unique features throughput
Small branch Teleworker

MX64/W ~50 - 802.11ac Wireless (MX64W) 250 Mbps Z1

- 802.11ac Wireless (MX65W) - 1-5 users

MX65/W NEW ~50 250 Mbps
- Built-in PoE+ (2 ports) - Dual-radio wireless

Medium branch - FW throughput: 50 Mbps

MX84 NEW ~200 - Gigabit uplinks 500 Mbps

MX100 ~500 - Gigabit uplinks 750 Mbps

Large branch / campus

- High-speed uplinks
MX400 ~2,000 - Built-in redundancy 1 Gbps
- Modular interface

- High-speed uplinks
MX600 ~10,000 - Built-in redundancy 1 Gbps All devices support 3G/4G
- Modular interface
© 2015 Cisco and/or its affiliates. All rights reserved. 28
Licensing that fits the business’ needs

Enterprise License Advanced Security License

Stateful firewall All enterprise features, plus

Site to site VPN Content filtering (with Google SafeSearch)

Branch routing Kaspersky Anti-Virus and Anti-Phishing

Link bonding and failover SourceFire IPS / IDS

Application control Geo-based firewall rules

`
Web caching

Client VPN

© 2015 Cisco and/or its affiliates. All rights reserved. 29

 Cisco Meraki MS Switches
Product Overview

© 2015 Cisco and/or its affiliates. All rights reserved. 30

MS Switches

Feature highlights

Voice and video QoS

Layer 7 app visibility
Virtual and physical stacking
PoE / PoE + on all ports
Enterprise security
Remote packet capture, cable testing

21 models scaling from access to campus aggregation

Enterprise-class performance and reliability including non-blocking Gigabit

performance, Gigabit & ten-Gigabit uplinks, and voice and video QoS

© 2015 Cisco and/or its affiliates. All rights reserved. 31

MS Switches: Models
Port configurations Power supplies & fans Feature highlights
Layer 2 Access

- Integrated power & fans - Gigabit SFP uplinks

MS220 family 8, 24, 48 port models
- Power redundancy w/ RPS 2300 - Virtual stacking

Layer 3 Access

- Dual hot-swappable power supplies - 10 Gb SFP+ uplinks

MS320 family 24, 48 port models
- Fans integrated into power supplies - Virtual stacking

- Dual hot-swappable power supplies - 10 Gb SFP+ uplinks

MS350 family NEW 24, 28 port models
- Dual field-replaceable fans - Virtual and physical stacking

Layer 3 Aggregation

- Gigabit SFP interfaces

- Dual hot-swappable power supplies
MS410 family NEW 16, 32 port models - 10 Gb SFP+ uplinks
- Dual field-replaceable fans
- Virtual and physical stacking

- 10 Gb SFP+ interfaces
- Dual hot swappable power supplies
MS420 family 24, 48 port models - Virtual and physical stacking
- Four field-replaceable fans
- Management port

© 2015 Cisco and/or its affiliates. All rights reserved. 32

Cloud-managed physical stacking

Physical stacking
World’s first cloud-managed physically stackable
switches MS350
family
Exceptionally fast throughput
Spatial reuse provides up to 160Gb/s aggregate stack
bandwidth

Cross-stack LACP MS410

Aggregate links across multiple switches for up to
8x10Gb/s uplink to your core or aggregation switch
family

Stacking Configuration
Configure all stacking configurations from Dashboard in
a simple and intuitive interface MS420
family

© 2015 Cisco and/or its affiliates. All rights reserved. 33

 Cisco Meraki MR Wireless Access Points
Product Overview

© 2015 Cisco and/or its affiliates. All rights reserved. 34

MR Wireless Access Points
Feature highlights

BYOD policies
Application traffic shaping
Guest access
Enterprise security
WIDS / WIPS
Location analytics

7 models including indoor / outdoor, high performance and value-priced

Enterprise-class silicon including RF optimization, PoE, voice / video support
Lifetime warranty on indoor APs

© 2015 Cisco and/or its affiliates. All rights reserved. 35

MR Wireless Access Points: Models

Indoor NEW
APs
MR18 MR32 MR34 MR42
2 Stream Triple-Radio 2 Stream Triple-Radio 3 Stream Triple-Radio 3 Stream Triple-Radio
802.11a/b/g/n 802.11ac 802.11ac 802.11ac Wave 2
600 Mbit/s 1.2 Gbit/s 1.75 Gbit/s 1.75 Gbit/s

Outdoor APs

MR62 MR66 MR72

Single-Radio Dual-Radio 2 Stream Triple-Radio
802.11b/g/n 802.11a/b/g/n 802.11ac
300 Mbit/s 600 Mbit/s 1.2 Gbit/s

© 2015 Cisco and/or its affiliates. All rights reserved. 36

 Systems Manager
Enterprise Mobility Management
Product Overview

© 2015 Cisco and/or its affiliates. All rights reserved. 37

Systems Manager enterprise mobility management
Feature highlights

Centralized app deployment

Device security
Rapid provisioning
Backpack™ file sharing
Asset management

Multi platform MDM support - OS X, iOS, Windows, Windows Mobile, Android, & Chrome OS
Cloud-based - no on-site appliances or software, works with any vendor’s network
More information available at meraki.cisco.com/sm

© 2015 Cisco and/or its affiliates. All rights reserved. 38

Systems Manager Licensing
A complete Enterprise feature set in a single product: SM

Network size

≤100 devices >100 devices

Annual cost Free $40 / device

Complete feature set with

ongoing updates ✓ ✓

24/7 phone and email support ✓

No change is required for existing free SM users with networks with ≥100 devices. They can continue to add unlimited devices, and will
continue not having access to new features or phone support.

© 2015 Cisco and/or its affiliates. All rights reserved. 39

Cisco Meraki for the Campus

© 2015 Cisco and/or its affiliates. All rights reserved. 40

Meraki for the campus
Enterprise class features for the campus with a MX600
NGFW
single point of configuration, management, and VPN Conc.

troubleshooting
Core Core
Centralized management

Virtual stacking
MS420 MS420
Network topology

SM Sentry

AD Integration
MS320 MS320 MS320
Port NAC and WPA-2 Enterprise RADIUS

Syslog and Netflow exports MR34 MR34 MR34

ISE and Prime integration SM Access Devices

© 2015 Cisco and/or its affiliates. All rights reserved. 41

Virtual Stacking
Scalable management architecture
Able to manage one or many switches at once
regardless of their location

Flexible deployment configurations

Manage all
switches simultaneously with no hidden cost

Zero- touch deployments Leverage

the power of centralized cloud management to
pre-stage before they are even deployed

© 2015 Cisco and/or its affiliates. All rights reserved. 42

Meraki Stacking: Virtual and Physical
Benefits of virtual stacking apply equally to standalone or physically stacked switches

San Francisco
Apply Access Policy Standalone
on ports 1-10 London
switches
Sydney

Step 1: Select ports to edit

Step 2: Configure multiple ports as desired

Step 3: Save, you’re done! Stacked

San Francisco
switches

© 2015 Cisco and/or its affiliates. All rights reserved. 43

Network Topology: Live end-to-end network visibility
Dynamic discovery
CDP/LLDP support provides end to end discovery including
non-Meraki devices.

Intelligent updates
Hands free, live rendition of current network topology.

Seamless network navigation

Directly navigate to devices and statistics.

Further customization
Download as an SVG for increased topology flexibility in
Visio or any SVG supported program.

© 2015 Cisco and/or its affiliates. All rights reserved. 44

Layer 3 Switching Functionality
OSPF
Dynamic routing with intuitive, browser-based configuration

IPv6 visibility and tracking

Usage statistics for IPv6 address now in Dashboard

DHCP server
Integrated DHCP service to help prevent single points of network failure

IPv4 Access Control Lists (ACLs)

Granular security boundaries configurable by subnet, protocol, port range, or host.

Switched Virtual Interfaces (SVIs)

Providing Inter-VLAN routing and eliminating potential single points of failure

Addressing evolving customer needs around redundancy, campus connectivity, and reducing
complexity

© 2015 Cisco and/or its affiliates. All rights reserved. 45

Systems Manager enterprise mobility management
Apply restrictions
Utilize the web portal or your AD infrastructure to apply restrictions.

Deliver apps in bulk

Utilize tags to easily deploy apps to Apple and Android devices.

Monitor security
Quickly identify and mitigate mobile security threats.

Track assets
Geofence devices and apply profiles based on location.

Android for work

Containerize apps for work/personal isolation

© 2015 Cisco and/or its affiliates. All rights reserved. 46

Integration into existing environments

Cisco ISE & Prime

RADIUS & CMX API
SNMP

CMX analytics

Meraki Dashboard
Provisioning Syslog/Netflow
API

Provisioning system Logging platform

© 2015 Cisco and/or its affiliates. All rights reserved. 47

Demo

© 2015 Cisco and/or its affiliates. All rights reserved. 48

Cisco Meraki for the Distributed
Enterprise

© 2015 Cisco and/or its affiliates. All rights reserved. 49

Meraki for the distributed enterprise
Efficient scalable services with tools and DC/HQ
features designed for distributed enterprises
VPN
Configuration templates VPN

Automatic VPN/I-WAN

Intuitive Multi-site management UTM

Single pane of glass visibility

Access
Simple security policy compliance

Automatic summary reports

Guest PCI Office
Robust alerting for remote sites

Network cloning

Zero touch deployment API

© 2015 Cisco and/or its affiliates. All rights reserved. 50

Configuration Templates
Configuration templates can allow many Cisco Meraki devices to be deployed following a single
base configuration

Site-to-Site VPNs
Easily and quickly configure hundreds of sites for full mesh
or hub and spoke VPN deployments

WLAN Settings
Common SSIDs and Access control policies across
thousands of sites

Security & Application Control

Manage common security and application control policies
across the entire organization

Single Source of Truth

Avoid misconfigurations and conflicting policies by using a
single configuration template
© 2015 Cisco and/or its affiliates. All rights reserved. 51
Designed for High Availability and Redundancy
Redundancy & availability Multi-hub VPN and an always available cloud
Uptime needs driving demand for warm
failover techniques and management management solution
availability

I-WAN Transport independence, application optimization,

Provide the security and resiliency of an
MPLS network without the cost and intelligent path control, and security connectivity
complexity

Warm Spare Failover

Mitigating downtime in the event of
Gateway redundancy for continuous forwarding
an MX or MS failure in the event of a hardware failure

© 2015 Cisco and/or its affiliates. All rights reserved. 52

New IWAN features for the MX

Dual-active path:
Active-active VPN

Dynamic Path Selection

Ensures the best uplink is used based on latency and WAN 1 WAN 2
loss metrics Secure VPN tunnel (active) Secure VPN tunnel (active)
Latency / loss > threshold Latency / loss < threshold

Policy-based routing (PbR):

Allows uplinks to be intelligently assigned based on
traffic protocol, subnet, source, destination, etc.

Based on L3 / L4 categorization, this data

normally travels out WAN 1 (PbR), but MX
Data detects optimal path is WAN 2 based on
latency / loss on WAN 1 (PfR).

© 2015 Cisco and/or its affiliates. All rights reserved. 53

Easy customer engagement
Connected Mobile Experience (CMX)
See how customers and clients are using your network to better engage with them

Facebook Login
Create brand awareness while still providing valuable services to customers

Bluetooth Low Energy (BLE)

Provide better customer experience with opt-in mobile app integration
Track beacon-tagged assets with Bluetooth scanning and location
estimation

Adding value to any network. Customer engagement made easy.

© 2015 Cisco and/or its affiliates. All rights reserved. 54

MR 3rd radio tames hostile RF environments
Air Marshal
Full-time WIPS scanning
User-defined attack policies
Tweaked alarming system
Updated signatures pushed from cloud
Meraki Dashboard
Classify and filter attacks
Shoot down rogue APs
View forensic data
Auto RF
Intelligently spread channel use across all APs in the
Meraki network
802.11 APs
Reduce client stickiness and mobbed APs
Rogue Other Malicious Packet Frequent Tx power adjustment enabled by 3rd radio
SSIDs SSIDs broadcasts floods

© 2015 Cisco and/or its affiliates. All rights reserved. 55

Sentry
Sentry Policies
Network policy enforcement based on posture

Sentry Enrollment
Integrated self service MDM onboarding

Sentry Wi-Fi Security

EAP-TLS WLAN authentication made easy

Sentry VPN Security

Auto provision mobile client VPN

Sentry Wi-Fi Settings

Auto configure WLAN settings for mobile devices

Sentry VPN Settings

Auto configure VPN settings for mobile devices

© 2015 Cisco and/or its affiliates. All rights reserved. 56

Demo

© 2015 Cisco and/or its affiliates. All rights reserved. 57