Infrastructure Upgrade - The Meraki Cloud

[dalekphalm]

Hey everyone, I just finished an upgrade of my local network infrastructure, and wanted to share my experiences so far.

 

So, what did I change?

 

Short answer: Everything

 

My new setup consists of the following:

Router: Meraki MX64 Security Gateway

Switch: MS220-8P PoE enabled Managed Switch

AP: MR33 Access Point

 

So what is Meraki? Meraki is a Cisco owned range of cloud-based products. It's cloud based, because everything about them is managed through Meraki's cloud Dashboard. The benefit to this is a couple of things:

1. One interface to manage all networking equipment.

2. You can pre-configure all the settings online in the Dashboard, and then when you plug the device in, it automatically downloads the profile and configures the settings. This is especially awesome if you have an equipment failure and you need to swap a new one in, or if you simply upgrade to a newer/bigger/whatever piece of equipment.

3. Little or no CLI required - pretty much every setting is available to change/set via the GUI - this is especially great for the Gateway and the Switches, because no need to CLI program ACL's (Access Control Lists) or Static Routing/Route Tables, etc.

 

These aren't quite as "powerful" as say, a high end Cisco Catalyst product, as there might be the odd thing that those can do, but these cannot - but these are definitely enterprise grade - and are way overkill for my home environment.

 

Why did I choose these pieces of equipment? Simple: It was freeeeeeeeee!

 

Meraki advertises pretty damn heavily. They want everyone in the IT world to know about their products. Due to this, they offer (or were offering - cannot confirm if this is still available) webinars on their various products and services - each approximately 1 hour long. At the time I got my equipment, they were offering free samples to people who signed up and watched the webinars. So I watched a Webinar on each of the above products, and got them for free.

 

However, not just anyone can sign up for the webinar. You need to have a valid business email address. If you do have one, you can check the Meraki website and see if the promo is still available. 

 

Update: Looks like the promo is still available:

https://meraki.cisco.com/webinars?ref=2zN5kSj&gclid=Cj0KCQjwnqzWBRC_ARIsABSMVTMgNl0bwvOqHUb7jXshvdzIsYDKfhIWVe9Q7jdkTfizKzG-D-Ex61waAkApEALw_wcB

https://meraki.cisco.com/tc/freeap

 

The free Switch and Gateway might still be available, I don't know.

 

The main downside is that Meraki operates on a licensed business model. Each of these devices came with a 3 year license for free - after that, they will continue to function, but you won't be able to change any settings, unless you buy a new license. After 3 years, I plan to just put my old TP-Link Archer C9 router back into use.

 

Some people also might be uncomfortable with a cloud based service, but they promise they aren't snooping on your network data (and given they are a huge enterprise supplier, they would lose public confidence - and therefore, business - in the IT sector if they were caught doing so).

 

Anyone else here have any experience with Meraki? We use them at work for managing our iPads (Meraki's MDM), and we'll be buying some switches for a new building soon. We want all our networking equipment to have warranty/service anyway, and we found that the Service Contract for a more expensive switch was the same or more than the license renewal fees anyway, so we decided to try them out.

[brwainer]

We are a certified/approved/whatever guest internet vendor for IHG, and they require 100% of their equipment be Meraki: https://www.cisco.com/c/en/us/about/case-studies-customer-success-stories/ihg-case-study.html

Also some of our Canadian MDU properties have Meraki installs. I haven’t been involved in the setup of a property yet but I’ve played on the dashboard of completed ones. To me it seems similar to both Ruckus SmartZone or ZoneDirector and Ubiquit Unifi. But like every GUI for a controller system, there’s always that one thing that is absolutely maddening because it is so much simpler in the CLI (eg bulk naming APs in Ruckus SZ/ZD, port forwarding in a WatchGuard, almost anything in an Aruba 7005 controller/gateway, ditto in an Extreme controller). I don’t know what common task there is for Meraki like this, but the fact that there is no CLI at all means I don’t want to get too close to it. I remember a few years ago Apple made an iOS update that caused devices to react rather poorly when APs under a controller tried to steer them to a particular node. On the Ruckus systems we found a few things to tweak in the CLI that weren’t visible in the GUI. On the Meraki systems, we made a ticket and waited for about 3’months before Meraki and Apple both released updates that improved things.

[Blake]

7 hours ago, dalekphalm said:

Anyone else here have any experience with Meraki? We use them at work for managing our iPads (Meraki's MDM), and we'll be buying some switches for a new building soon. We want all our networking equipment to have warranty/service anyway, and we found that the Service Contract for a more expensive switch was the same or more than the license renewal fees anyway, so we decided to try them out.

Licensing is the biggest issue, if the equipment was included as a subscription model, then great, I can move everything to opex. Unfortunately, I still have to justify the Capex. We ended up sticking to the standard Cisco's 2900 series, same cost, same features that we require, no recurring subscription fee, can be deployed where there is a requirement for 0 network connectivity outside. 

 

I'd like to look at the cost /benefit of moving off a MPLS network and using the multi spoke VPN, don't think we'd be able to get it done without something like this.

 

[leadeater]

7 hours ago, dalekphalm said:

At the time I got my equipment, they were offering free samples to people who signed up and watched the webinars. So I watched a Webinar on each of the above products, and got them for free.

Aww man and you didn't tell me, I like free stuff too 

[Lurick]

3 hours ago, Blake said:

Licensing is the biggest issue, if the equipment was included as a subscription model, then great, I can move everything to opex. Unfortunately, I still have to justify the Capex. We ended up sticking to the standard Cisco's 2900 series, same cost, same features that we require, no recurring subscription fee, can be deployed where there is a requirement for 0 network connectivity outside. 

 

I'd like to look at the cost /benefit of moving off a MPLS network and using the multi spoke VPN, don't think we'd be able to get it done without something like this.

 

Maybe check out the ISR4K platforms and 4G backup?

I know they have licenses too for throughput but it gives you the option to say "we only need X amount of throughput" so you don't have to pay for extra if you don't need it.

 

Edit:

Also for anyone interested I still have my bundle of Meraki gear (I think I've got all three bits). If anyone wants it shoot me a PM and we can work out the details

[dalekphalm]

9 hours ago, Blake said:

Licensing is the biggest issue, if the equipment was included as a subscription model, then great, I can move everything to opex. Unfortunately, I still have to justify the Capex. We ended up sticking to the standard Cisco's 2900 series, same cost, same features that we require, no recurring subscription fee, can be deployed where there is a requirement for 0 network connectivity outside. 

 

I'd like to look at the cost /benefit of moving off a MPLS network and using the multi spoke VPN, don't think we'd be able to get it done without something like this.

 

Licensing is definitely an issue - but the cost of the actual devices tend to be cheaper, compared to Cisco ones.

 

If you're not getting multi-year support contracts for the Cisco equipment, then it's probably better to just go Cisco. But if you're getting support either way, the Meraki devices come w/ support contracts built into the subscription.

 

It's a pick your poison kind of situation. We're only a 3-man IT team, so when shit hits the fan, we don't always have time to deal with everything ourselves - we need to be able to rely on expert support to get a building or a critical piece of infrastructure back up and running ASAP.

8 hours ago, leadeater said:

Aww man and you didn't tell me, I like free stuff too 

Haha sorry, didn't even think about it until last night when I was installing the equipment and getting the post written up.

 

You should check out my links though, the free AP still seems to be valid - the Switch and Gateway might still be available too. Granted, my links are likely from the Canadian site, but I'm pretty sure they're doing the free devices promos internationally.

 

We just upgraded our WIFI at 2 of our branches - and unfortunately we didn't go Cisco or Meraki. We went with Mikrotik. The AP's themselves seem pretty rock solid, and are a damn fast upgrade from the old 2.4G only Cisco AP's - but the WIFI Controller is fucking terrible. The UI is balls backwards and simply not setup well at all. I didn't find the Cisco WIFI controller particularly good, but by comparison, it's vastly better than the Mikrotik one.

[brwainer]

1 hour ago, dalekphalm said:

Licensing is definitely an issue - but the cost of the actual devices tend to be cheaper, compared to Cisco ones.

 

If you're not getting multi-year support contracts for the Cisco equipment, then it's probably better to just go Cisco. But if you're getting support either way, the Meraki devices come w/ support contracts built into the subscription.

 

It's a pick your poison kind of situation. We're only a 3-man IT team, so when shit hits the fan, we don't always have time to deal with everything ourselves - we need to be able to rely on expert support to get a building or a critical piece of infrastructure back up and running ASAP.

Haha sorry, didn't even think about it until last night when I was installing the equipment and getting the post written up.

 

You should check out my links though, the free AP still seems to be valid - the Switch and Gateway might still be available too. Granted, my links are likely from the Canadian site, but I'm pretty sure they're doing the free devices promos internationally.

 

We just upgraded our WIFI at 2 of our branches - and unfortunately we didn't go Cisco or Meraki. We went with Mikrotik. The AP's themselves seem pretty rock solid, and are a damn fast upgrade from the old 2.4G only Cisco AP's - but the WIFI Controller is fucking terrible. The UI is balls backwards and simply not setup well at all. I didn't find the Cisco WIFI controller particularly good, but by comparison, it's vastly better than the Mikrotik one.

The Mikrotik CAPsMan solution is definitely an odd duck - that’s what I have at home. It works for me because I’m also using the APs (hAP AC) as part of the backbone, and the 5 port switch chip with normal managed switch functions is a nice combo. I would really think twice before installing it as a solution when you’re using it as a normal AP system. Why Mikrotik and not Ubiquiti?

 

Edit: also, are you using CAPsMan forwarding or Local Forwarding?

[dalekphalm]

1 minute ago, brwainer said:

The Mikrotik CAPsMan solution is definitely an odd duck - that’s what I have at home. It works for me because I’m also using the APs (hAP AC) as part of the backbone, and the 5 port switch chip with normal managed switch functions is a nice combo. I would really think twice before installing it as a solution when you’re using it as a normal AP system. Why Mikrotik and not Ubiquiti?

Ubiquiti was never in the books unfortunately.

 

Due to local government policies, we're not allowed to request specific products for a capital project (Projects costing over $5000). We have to create a "RFP" - request for proposal. We lay out our requirements (Eg: centralized controller, seamless handoff, Wireless AC, whatever), and then we open the RFP to submissions from vendors.

 

The vendors that came back were either Cisco or Mikrotik. The Mikrotik solution was quite a bit cheaper, and promised the same, so we went with that.

 

The only way we can get specific brands is if we put something only that brand offers into the RFP - and that's somewhat frowned upon unless that feature is somehow critical.

 

I would have preferred Ubiquiti over Mikrotik, certainly, but it wasn't to be.

[Lurick]

1 hour ago, dalekphalm said:

We just upgraded our WIFI at 2 of our branches - and unfortunately we didn't go Cisco or Meraki. We went with Mikrotik. The AP's themselves seem pretty rock solid, and are a damn fast upgrade from the old 2.4G only Cisco AP's - but the WIFI Controller is fucking terrible. The UI is balls backwards and simply not setup well at all. I didn't find the Cisco WIFI controller particularly good, but by comparison, it's vastly better than the Mikrotik one.

Just curious, is the Cisco controller you mention the Meraki based one or the dedicated WLC like the 3504?

[dalekphalm]

1 minute ago, Lurick said:

Just curious, is the Cisco controller you mention the Meraki based one or the dedicated WLC like the 3504?

We have the dedicated Cisco controller - I can't tell you the model number off the top of my head, but I'll look it up tomorrow when I'm back in the office.

 

We currently don't have any Meraki devices in production - though we're getting a bunch of Meraki switches for our new branch location (opens up mid-summer, equipment should be installed shortly). The new branch will still have a Catalyst switch as the main core switch, along with an HPE switch that acts as the fibre interconnect between locations (We're part of a consortium that shares a private fibre network).

 

We do have a Meraki Gateway, Switch, and AP in the office for testing purposes though - same model numbers as the ones I'm using above. We're just using them in the IT office to give us WIFI (our IT office is a cinder block and concrete room, and all the other AP's in the building get signal blocked - so ironically there's no WIFI in IT).

[Lurick]

1 minute ago, dalekphalm said:

-snip-

Ah, I do know what you mean about the interface being less than ideal then on the controller. Several things I don't like about it and the contrast between the nice pretty login screen and the backend configuration part is just a bit off-putting too, or the hover over the drop-down arrow instead of clicking bugs me.