Cisco to buy Meraki

networkjutsu

Greg Ferro tweeted it this morning. Later on Meraki decided to make it official.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

MickQ

I'm a silver Meraki partner. I've similar feelings to Malcyblood and it_consultant. It took me by surprise when I saw the news... first thoughts were "there goes the licencing price".
Having worked with Aruba kit (which is nice, and easier to config than Cisco), I still prefer Meraki's approach, for the most part.

rsutton

I've deployed a bunch of Meraki WAP's, switches and firewalls for my clients. Oh god how I love the feeling of replacing a Cisco switch with a Meraki

Corndork2

The one thing Meraki did very well was their Cloud Based WLC. Cisco already has bleeding edge wireless hardware, so I doubt they'll learn anything from Meraki there, however, Id bet that they are considering offering a Cloud Service to manage AP's. Just like Meraki has now. This would allow Cisco to leverage the cost of a WLC to a single customer that only wants to deploy a few AP's.

Im putting my money on a Cisco Cloud Wireless Controller in the near future

Trifidw

The last WLC we bought was very good value for money imo. It's the cost of licences that push it up quickly.

it_consultant

phoeneous wrote: »

What makes you say that?

Meraki devices, all of them, are incredibly simple to set up and easy to manage. For the price of a Cisco (which is already 30% more than it should be) you get enterprise grade hardware which can be managed by an interface which would be comfortable for any Mac user.

rsutton

phoeneous wrote: »

What makes you say that?

I'm not a Cisco guy. Meraki's allow me to deploy solid infrastructure that I do not need multiple certifications just to understand how to administer them.

networkjutsu

Meraki is really easy to administer and no certifications needed. Though, I've only played with their WLC and not the switches but I am pretty sure it'll be as easy as their cloud controller. I have a hard time figuring out how to do stuff with Cisco and Aruba.

Here's an article that says Meraki will be part of the Cloud Networking Group.

NightShade1 wrote: »

Well thats weird where are you looking that? im looking on the partner site... maybe you adding a price you have to pay once for the AP and security licenses... but for the support yearly im not even reach 100 with the most expensive indoor ap... i mean putting it the support of all the licenses... and the ap support and all that.

Here's the link.

NightShade1 wrote: »

I was not telling you that aruba was cheaper i was just telling you that they say you save TONS of money but you dont, you save but its not like they put it...
How much cost you the subscription? thats the question... i got no idea...

In your very first post, you made it sound like it was expensive to use Meraki because you were pointing out (or complaining) about the subscription cost.

Again, the quote that we bought was around $80-90/AP. Not really sure what was included since it has been a while but that's how much we paid for it.

Trifidw wrote: »

An MSE wouldn't go amiss too...

Do you really need it? Genuinely asking since I am really a newbie with enterprise wireless networking. My current employer does not have MSE at all. Just NCS Prime and WLCs, WiSM1 or WiSM2s. There's about 4K APs here serving ~25K clients at peak and around ~2.5K off peak hours.

it_consultant

rsutton wrote: »

I'm not a Cisco guy. Meraki's allow me to deploy solid infrastructure that I do not need multiple certifications just to understand how to administer them.

It won't be simple once Cisco gets their dirty hands on it.

rsutton

it_consultant wrote: »

It won't be simple once Cisco gets their dirty hands on it.

Haha, we will see. IOS is to Meraki what Linux is to Microsoft.

DevilWAH

I don't understand people who say Cisco is complicated. I have always found them the most consistent and logical of the bunch. There are simple solutions that do the basic stuff, but as soon as you want to do some thing bespoke or of the beaten track they very quickly throw up issues and roadblocks.

I am currently looking to replace our aging wireless solution (trapeze / Juniper), strangely enough only a few weeks ago some one called up trying to sell me Meraki and I was discussing it with management as we don't need any of the really fancy stuff so a cloud based solution is a possibility.

My only issue would be what happens if it loses its like to the cloud? how autonomous can it be? We run a lot of wireless voice so its important that wireless continues even if all external links have failed so we have internal phones.

rsutton

DevilWAH wrote: »

I don't understand people who say Cisco is complicated. I have always found them the most consistent and logical of the bunch. There are simple solutions that do the basic stuff, but as soon as you want to do some thing bespoke or of the beaten track they very quickly throw up issues and roadblocks.

As a real-time example, I had to do a password reset on a Pix over the weekend (yes I know I'm referring to old hardware) and then create a user account for SSH access. Having to setup a TFTP server to reset the password on a firewall seems needlessly complicated. I don't know if it has gotten better with the ASA line. Creating the SSH user was simple enough "username whatever password whatever priv 15" however since I don't know the Cisco IOS I have to RTFM to do the most basic of tasks. I have better things to do with my time (like playing with my son).

it_consultant

DevilWAH wrote: »

I don't understand people who say Cisco is complicated. I have always found them the most consistent and logical of the bunch. There are simple solutions that do the basic stuff, but as soon as you want to do some thing bespoke or of the beaten track they very quickly throw up issues and roadblocks.

I am currently looking to replace our aging wireless solution (trapeze / Juniper), strangely enough only a few weeks ago some one called up trying to sell me Meraki and I was discussing it with management as we don't need any of the really fancy stuff so a cloud based solution is a possibility.

My only issue would be what happens if it loses its like to the cloud? how autonomous can it be? We run a lot of wireless voice so its important that wireless continues even if all external links have failed so we have internal phones.

Example:

In an aironet, what BS process do you go through to seal off a guest SSID from your internal network while also broadcasting your other SSID? In an aironet, who knows. In meraki there is a checkbox that says "allow this network to talk to your internal network". That is easy. If you want to choke down one SSID but not the other - move the slider for that SSID to the left. That is easy. If you want the 2nd little port on the back of the meraki (say you have configured your APs to be point to point because you don't have a cable run) to bridge into the regular network, simply check that box. If you want it disabled, check disabled. If you want it to be a guest network, check that box. You can do that and more in a Mac style web interface with no need for SSH, putty, wireless controllers, etc.

Will Meraki handle service provider VLANs, QinQ, L2TP, VLAN mapping...probably not. But if they did, there would be a simple toggle switch for it

Unless you are relying on the cloud RADIUS for authentication, if you lose connection to the cloud [your internet would have to be down] you will still be connected to wifi - albeit with no internet. You couldn't add another AP, obviously, but if your internet was down you wouldn't be adding APs.

SteveLord

I've heard good things about Meraki support. Which I guess that means they will lose most of their jobs to India like the rest of Cisco/other tech giants.

NightShade1

DevilWAH wrote: »

I don't understand people who say Cisco is complicated. I have always found them the most consistent and logical of the bunch. There are simple solutions that do the basic stuff, but as soon as you want to do some thing bespoke or of the beaten track they very quickly throw up issues and roadblocks.

I am currently looking to replace our aging wireless solution (trapeze / Juniper), strangely enough only a few weeks ago some one called up trying to sell me Meraki and I was discussing it with management as we don't need any of the really fancy stuff so a cloud based solution is a possibility.

My only issue would be what happens if it loses its like to the cloud? how autonomous can it be? We run a lot of wireless voice so its important that wireless continues even if all external links have failed so we have internal phones.

Get Aruba

Network jutsu i saw your link but i cannot see in there how much its costing you the AP support for one year... what you see there is the 24x7 support with tac... which is different... it looks really different from our tool..
We got a configuration quote tool on our partner site tho.... not really sure that if in our partner site we getting automatically the discount for our level of partnership with them..

rsutton

it_consultant wrote: »

Will Meraki handle service provider VLANs, QinQ, L2TP, VLAN mapping...probably not. But if they did, there would be a simple toggle switch for it

I can confirm that Meraki's handle L2TP and VLAN's quite well actually.

DevilWAH

NightShade1 wrote: »

Get Aruba

..

WHY?

Why not CISCO, RUCKUS, Meraki...... For what I am looking at and with discounts I get non of them are out of price range, and all do what I need. If you are going to put down one vendor are suggest another, at least give some factual information. I can just image the budget holders response to "We should get vendor X because some guy on a forum said so"

NightShade1

DevilWAH wrote: »

WHY?

Why not CISCO, RUCKUS, Meraki...... For what I am looking at and with discounts I get non of them are out of price range, and all do what I need. If you are going to put down one vendor are suggest another, at least give some factual information. I can just image the budget holders response to "We should get vendor X because some guy on a forum said so"

It totally depends on your infraestructure... i don tknow what your company does...
For example
In my country there are many companies with mobile offices... or remote sites with a few employees
In this situation Remote AP does reduce LOT of cost savings.
Some clients had private links(which are expensive at lease here), others had point to point firewalls in which the anualy cost of the firewall was high.... also the operation cost was high

Remote APs are a solution that reduce you the operation cost for a lot of money, with their zero touch configuration.... you can even send the remote site in a package the remote AP all brand new. You tell the manager what to do as its really simple its just putting one IP via web browser... he will contact the Wireless controller automatically and totally autoconfigure itselft
On the other End i mean the remote site you will get the SSIDs you getting on your corporate, and also all the security 802.1x without touching anything.... ah yeah you can pass vlans through the IPSEC tunnel and GRE tunnel it does automatically... so if you want you can send the voice vlan to the port 1 of the Remote AP and you can connect an IP Phone if you would like....
With the firewalls you will need to configure them... you will need to do some maintanience to them but with the remote AP you dont have to do it... For example let say you want to do a firmware upgrade to the Firewalls you will need to do it one by one(that if you dont have an extra appliance that can do that) with this you just do the Upgrade to the Wireless controller and all the remote APs will automatically upgrade.
Let say one of your Branch firewall died. you have to go and configgure it again, and in the best of the cases you have to upgrade the firwmare and then upload the backup.. with the remote AP you just send it, put one AP and thats all, you got it configured again...

This is just ONE thing...

Lets talk about another one, when a company is refreshing their swithces for example i mean they got old switches, and they are getting new ones, we tell them that they can save cost with Aruba, doing what we call rightsizing, you can deploy a good wireless infraestructure, as most of the devices in their company are wireless capable... this mean less ports whicih means less switches which means less energy which means less space in the rack which means less money. But yeah you need a GOOD wireless solution that can manage high density enviroments with voice traffic in it... for example Aruba does have application aware which automatically detect voip traffic, prioritize it... all in the same SSID... we dont need a "voice" SSID like other brands because its not needed as we can tag voice traffic if we want. You can do this but good wireless brand, you cannot do this with any....

If you are looking for security this is something Meraki neither cisco can do, in which you can have ONE SSID and you can assign multiple roles to different Active directory user groups.

For example you can have a AD group that is an IT group which will have access to everything inside the network.... but then you get the account guys which you dont want them to have access to most of the servers, you can assign them another role which dont have access to those servers, yeah all that with one SSID, its not like the classic wireless solution that bind the rules with the SSID... you need to have the less possible SSID as it impact in the throughput because of the managment overhead.

IF you need redundancy Aruba has L2 redundancy via VRRP and L3 redundancy via LMS... Rukus for example has no L3 redundancy.

Those last are not saving features but they are nice to have

The remote AP one is a saving feature as well as the rightsizing...

Anyways i cannot tell how you can do saving if i don tknow what your company do... or what is your design or any other information.. You should contact an aruba reseller in there and well lets hope they are good

IF your company is just looking for wireless connection and its not really important its just a plus, for managers to connect and you will not have high density or you don thave remote branches or that kind of stuff then yeah you can use any other cheaper brand i guess. But still you could go with instant APs of Aruba, in which you dont need to pay for the licenses of the firewall, WIPS or anything... its a controllerless solution. Between all the IAP they build a virtual controller.

Cheers.

it_consultant

rsutton wrote: »

I can confirm that Meraki's handle L2TP and VLAN's quite well actually.

I was referring to QinQ (encapsulating a customers VLAN tags in a SPVLAN) and L2TP in the context of a service provider who is connecting two customer sites together. Not L2TP in a VPN sense. These options are available in Ciscos. I was being a little tongue in cheek because if Meraki supported those features, they would be easier to use in a Meraki!

DevilWAH

NightShade1 wrote: »

If you are looking for security this is something Meraki neither cisco can do, in which you can have ONE SSID and you can assign multiple roles to different Active directory user groups.

For example you can have a AD group that is an IT group which will have access to everything inside the network.... but then you get the account guys which you dont want them to have access to most of the servers, you can assign them another role which dont have access to those servers, yeah all that with one SSID, its not like the classic wireless solution that bind the rules with the SSID... you need to have the less possible SSID as it impact in the throughput because of the managment overhead.

I have done this using CISCO controllers and currently do it with Trapeze/Juniper solution that is 3 to 4 years old. Single SSID with mutiply VLAN's or ACLS applided dependent on credentials used to authenticate (AD intergrate, Local uses on the controller, Radius..... ).

As for the first point I think all solutions I know of has simple AP deployment. For example the Trapeze AP's. All you have to do is Place a DNS entry or the wireless controller (or use a DHCP option). As long as the DNS entry can be resolved from a remote site. Plug in a brand new AP out of the box, it picks up an address from DHCP, does a DNS query to get the controller address and then updates its config and firmware No need for the manage of the remote site to do anything but attach a network lead. The AP's can do either Local or Remote switching (or a mixture).

A lot of the features you have suggested are available in a lot of the vendors, when you are stay they are not.

NightShade1

DevilWAH wrote: »

I have done this using CISCO controllers and currently do it with Trapeze/Juniper solution that is 3 to 4 years old. Single SSID with mutiply VLAN's or ACLS applided dependent on credentials used to authenticate (AD intergrate, Local uses on the controller, Radius..... ).

As for the first point I think all solutions I know of has simple AP deployment. For example the Trapeze AP's. All you have to do is Place a DNS entry or the wireless controller (or use a DHCP option). As long as the DNS entry can be resolved from a remote site. Plug in a brand new AP out of the box, it picks up an address from DHCP, does a DNS query to get the controller address and then updates its config and firmware No need for the manage of the remote site to do anything but attach a network lead. The AP's can do either Local or Remote switching (or a mixture).

A lot of the features you have suggested are available in a lot of the vendors, when you are stay they are not.

You might apply ACLs maybe but you cannot apply QoS to those rules as they are simple ACLs... not a build in firewall

this is what let aruba in a single SSID deploy voice with QoS as far i know Cisco needs another SSID for that.. or at least you could do it but it wont identify the traffic and tag it as voice, he wont recognize which is voice or which is normal data

Anyways im more curious about how cisco does that.
Do you actually return a value of a vlan with the radius and the vlan has a predifined ACLS? and thats how you control them per user group?
Or how is it? i would like to know.
We use multiple vlans mapped to a single SSID its to control broadcast not really for that.... as we can do it with roles.
Anyways can you enlight me in how does cisco do it?

NightShade1

I also forgot to comment that okay they might be able to communicate with the central Wireless controller but im sure they cannot send tags to the ports like the with RAP of Aruba
Which can send VLANs of the corporate site, which is really handy.... it is wired and wireless that bring to the remote office not just wireless
You can even plug a switch and send the tags of your corportate to your swtich on the remote branch through Aruba remote AP

DevilWAH

NightShade1 wrote: »

I also forgot to comment that okay they might be able to communicate with the central Wireless controller but im sure they cannot send tags to the ports like the with RAP of Aruba
Which can send VLANs of the corporate site, which is really handy.... it is wired and wireless that bring to the remote office not just wireless
You can even plug a switch and send the tags of your corportate to your swtich on the remote branch through Aruba remote AP

What?? that makes no sense, what are you saying it can/cant do?

NightShade1

DevilWAH wrote: »

What?? that makes no sense, what are you saying it can/cant do?

What part does not make sense?

Okay let me explain you
The aruba remote AP there are a few models that got like 4 ports in each port i can assign VLANS from the central site let say on the central site i got
VLAN10
VLAN 20
VLAN 30

Throught the internet via IPSEC and inside that IPSEC a GRE Tunnel
I can bring those vlans to my remote site. I can have for example if my voice vlan is vlan 20
I can bring that vlan 20 to one of my remote AP ports and plug in my ip phone, just like if i were on the central site.

I can bring all the vlans if i want let say
For example
On one port of the remote AP i can make it trunk and put on it switchport mode trunk
trunk allowed vlan add 10, 20, 30

With your APS of your other brands you will be able to bring the SSID of the corporate like you said but i don tthink you will be ABLE to bring VLANS like im explaining you up.

Now you understood my point?

Also can you explain me the part i was asking you?

it_consultant

Well - you can do this with any equipment. I wonder though, since that is a routed link, all you are really doing is recreating the VLAN tags on either side of the link. Unless that is a L2 link the tags are stripped at the router. This occurs no matter what kind of device you are using. Are you creating a L2 link with the L2TP tunnel and encapsulating all the traffic with a QinQ set up?

NightShade1

it_consultant wrote: »

Well - you can do this with any equipment. I wonder though, since that is a routed link, all you are really doing is recreating the VLAN tags on either side of the link. Unless that is a L2 link the tags are stripped at the router. This occurs no matter what kind of device you are using. Are you creating a L2 link with the L2TP tunnel and encapsulating all the traffic with a QinQ set up?

IT does it with the GRE tunnel... which is created automatically to pass L2 traffic
im making a layer 2 Tunnel between the controller and the remote AP

DevilWAH

NightShade1 wrote: »

What part does not make sense?

Okay let me explain you
The aruba remote AP there are a few models that got like 4 ports in each port i can assign VLANS from the central site let say on the central site i got
VLAN10
VLAN 20
VLAN 30

Throught the internet via IPSEC and inside that IPSEC a GRE Tunnel
I can bring those vlans to my remote site. I can have for example if my voice vlan is vlan 20
I can bring that vlan 20 to one of my remote AP ports and plug in my ip phone, just like if i were on the central site.

I can bring all the vlans if i want let say
For example
On one port of the remote AP i can make it trunk and put on it switchport mode trunk
trunk allowed vlan add 10, 20, 30

With your APS of your other brands you will be able to bring the SSID of the corporate like you said but i don tthink you will be ABLE to bring VLANS like im explaining you up.

Now you understood my point?

Also can you explain me the part i was asking you?

umm yes with a 4 year old trapeze controller you can do it..

All my remote sites have only 2 or 3 vlans configured on the local switches. all the guest vlans and voice vlans are only configured at the central site If I put an AP at the remote site I can either get it to use the local VLAN at the site if available or if not tunnel back to the central site. either way I can present any VLAN at the remote AP/SSID that I want. And no configuration is needed. you tell the system what VLANS are available at what sites and the WLAN controller tells the AP where it is an if it can get to the vlans direct or needs to tunnel during the AP boot and download of config. every single one of my remote sites uses a single VLAN configured at the main site.

AP are autonomous units so only need the controller when booting, config changes, and authenticating users if security is set.

NightShade1

DevilWAH wrote: »

umm yes with a 4 year old trapeze controller you can do it..

All my remote sites have only 2 or 3 vlans configured on the local switches. all the guest vlans and voice vlans are only configured at the central site If I put an AP at the remote site I can either get it to use the local VLAN at the site if available or if not tunnel back to the central site. either way I can present any VLAN at the remote AP/SSID that I want. And no configuration is needed. you tell the system what VLANS are available at what sites and the WLAN controller tells the AP where it is an if it can get to the vlans direct or needs to tunnel during the AP boot and download of config. every single one of my remote sites uses a single VLAN configured at the main site.

AP are autonomous units so only need the controller when booting, config changes, and authenticating users if security is set.

so this mean you can use a voip phone(not wireless) i mean wired phone on the remote site using the voice vlan you got on your central site with the same subnet and all? using your remote AP to make this tunnel so your remote local switch can get these vlans? or do you mean you just can use wireless ip phones?

because those scenarios are different.

Could you please answer me that one

as im learning new stuff

DevilWAH

ahh interesting.. now i see what you mean.

I will have to try that one out. as some Trapeze AP do have inbuilt switches and multiply ports. But I have to say this is not a wireless technology, so not some thing I would list as something i need from a wireless solution.

I understand what you are saying that they support wired as well as wireless functions, and are clearly one of the leaders in wireless. but the features you point out are quite niche and not needed by many people.

For some one like me, cost aside who already has a CISCO wired network and management set up, why would I want to introduce a new vendor, CISCO lead the Field in wired/wireless networks where as Aruba have slipped over the last year. So far I haven't seen any good arguments for Aruba for the main stream user.

NightShade1

Hello again
Yeah sorry im sure you didn't understand what i mean because my English sucks hehe but well at the end you got the idea!

Yes this is not something that everyone will use but its pretty handy at least for some clients that we got that got mobile office or small offices

For example in event like cars expo there are many stand of different car brands... some of them got this, they got with one remote AP which cost them maybe like 200 bucks and one internet connection Access to the corporate, a port to connect a IPphone(while using the same vlan of voice of yhour corporate) so you he can do calls or anything if he needs, and 3 other laptops that can connect through wireless, all with 802.1x protection.

IF you want and you got biggers Remote APS you can SEND roles to those ports for example you can set 802.1x onwired if you want, and do role derivation based on AD groups.

If you want you can plug a switch behind this remote AP and bring all the vlans of your corporate.

Like you well said this is not something everyone will use but i can tell you everytime i tell the client it can do that he goes like WOW Really??? and i show them with a small remote AP i got on my computer bag, and well how easy is to set it up if i factory default it(with a button like a linksys router)

Okay explaining about the wired solution from Aruba ill try to explain why you would want their switches.

The idea behind their switches is not competing with them... their swithces are just Access layer swithces.. knowing that those switches are NOT distribution switches neither CORE switches

Now taking that in mind.
IF you got Aruba wireless solution and you got also Aruba swithces solution you will get in one console unified the security.
You can set up switches from the wireless controller, just like you provision an AP. You can use the same roles you using on the wirelses on the wired... so you can easily deloy 802.1x on wireless and wired on the same console. The idea behind of this is unifying the administration and the security of wireless and wired on the same box. Not having like a wired administration and wireless administration separately or also the security.
It give you also the advantage of the Zero touch config, as i said before you can provision the Switch like an Access point, i mean its like a plug and play deployments...
Also now you mention that Cisco lead the wired and wireless is true on the gardner quadarnt Cisco is on the leader quadrant on the last Wired and wireless lan access infraestructure but also on that leader quadrant if you see Aruba is there... i mean if aruba is there is because its good! it does not have all the years in the market like cisco because cisco was founded in 1984 if i remenber well and aruba was founded on 2002...

Just take those things in mind... not telling you that you should change it

cisco is great but as you know its not cheap, and yes its expensive than aruba.

it_consultant

If I understand what you are saying correctly, you are talking about the extra ports on the back of the wireless devices, correct? Meraki supports this function, you specific which role the extra port(s) will fill. If it is an internal port, all the same VLANs at the remote location will be available which are available to the traditional wired network.

This is important if you are hooking two sites who have line of site together. You connect the two sites with a 5GHz patch antennae and you plug in your switch to the other port on the Meraki to give wired connectivity. This works exactly the same as the GRE tunnel since the wireless P2P link is logically the same as a GRE tunnel.

Although they will likely kill the firewall and switch products, Meraki does currently offer the entire networking line which is cloud controller based. This means you can configure the Meraki switch exactly the same as you would configure the wireless access point.

Meraki Cloud Managed Switches
Meraki Cloud Managed Security Appliances