Thursday, September 19, 2013

Meraki MR12 Initial Setup and First Thoughts

I managed to get myself a Meraki MR12 access point after attending one of their webinars simply because I am an IT professional.  For free.  Pretty good deal eh?

http://meraki.cisco.com/lp/free-demo

Since I have a blog I thought I'd post up some thoughts on the MR12, and Meraki in general.  In the interests of full disclosure I do work for a Meraki partner, though to date I'm not aware of any deals we've completed.  And of course, they gave me this AP for attending their webinar. 


The Meraki MR12 is a single band (2.4GHz) 802.11n wireless access point (AP).  As with all Meraki products it is managed via the Meraki Cloud Management platform and does not from what I can tell offer any direct way to configure and manage the unit.  Aesthetically it's a fairly pleasing unit with a low profile, sleek lines, and simple look.  There are a few LEDs along the one edge that are used to display the status of the AP.

Once my AP had shipped I received notification from Meraki that it had, and directions to create an account in the Meraki Dashboard with a link to do so.  As they already had my contact info from the Webinar the phone call afterwards I had with my Meraki rep, most of that info was pre-populated for me, and  I had to do little other than set a password to complete the process.

I won't do the full unboxing nonsense, most because I find that crap boring, but here's a shot of the contents of the box.



Next step was to connect the AP to the my home network, and waited to see what would happen.

At first not a lot did.  The power LED was solid orange, and that was about it. After about 5 minutes the AP still had not appeared in my dashboard.

Off to the documentation I went.

https://docs.meraki.com/display/MR/MR+Getting+Started

2. After powering on, your AP will download the latest software.  This may take up to an hour, depending on the Internet connection speed.  While upgrading, the AP's power LED will flash orange. Once the AP has checked into dashboard, the LED will turn green. Note: A solid orange light indicates that the device has not checked in with the Meraki cloud yet.

 Well at least it agreed that it wasn't talking to the cloud...

After a quick check I found the network cable I used was missing a tab on one end, and it wasn't actually connected.  With a gentle push the cable slid home and in a few seconds the solid orange light started to flash.

Someone remind me to swap that cable out please.

By the time I got from where the AP is to my desk the AP was appearing in my dashboard. Now for the good stuff.

It took me a few minutes to understand the organization of things. There was a preconfigured "network" already, and one SSID configured.  I at first created a new SSID on this network, but after a few minutes I created a new network, created a new SSID to use, applied this network to my AP, and then deleted the stock network.  This was likely a convoluted way of doing this, but whatever, I was just getting used to the interface more than anything.



So the point here really is that an AP can only belong to one network at a time.  Within each network you can have up to 15 SSIDs.  You can within each network specify specific SSIDs that are active only on desired APs as well.  This is done through the use of "tags".  If you're familliar with GMail and labels then you will get what tags are.  You simply apply any sort of meaningful identifier to your APs, and you can then assign SSIDs to all APs that have a given tag.



Tags are actually used for a few other things as well.  Many features can be applied to APs based on the tags they carry. Being a GMail user, and Evernote for that matter, I find this paradigm familliar and quite easy to use.

It was after I got the SSID's up, and moved my phone over to the MR12 that I noticed it was operating in "NAT Mode" as my phone had an IP in a range that wasn't mine.  I quickly found the setting for this under Configure --> Access Control and put this thing into bridge mode. 



I'll note here that this is a per SSID setting. While I haven't tried it yet it does appear that you can have one SSID behind a NAT boundary and another that is bridged right onto whatever VLAN you like.

Since I'm retroactively writing this from when I actually configured it, you'll see that there was a "Be My Guest" SSID that I created for guest access.  I haven't really done much with this yet other than create it as I haven't decided how I really want to do Guest Access with the MR12.

Also within the Access Control page are the security settings options that again can be applied on a per SSID basis.



Yes, there is an option for a RADIUS server in the drop downs that say Meraki Authentication.  I'd say that's a nice option if you really don't want to spin up your own RADIUS server, but that's an option that you'll never catch me using.

But that said, I don't want to really use username/password combos for my Guest network.  What I would really like are One Time Passwords, but that doesn't seem to be available.  If I'm missing something please let me know.

At this point I pretty much had a working AP with multiple SSIDs happily offering WiFi to my devices.  The setup was fairly simple, and the dashboard is easy to use.  I'm still not sure I like the idea of a hosted management console to be honest, but this does work very well.  I'm gong to continue to use the MR12 at home for a while to gauge performance and reliability.  I might firewall it off onto its own segment just because I can.  It'll be interesting to see how much traffic actually goes up to Meraki and back.

And on the note of traffic, one of the other features that's fairly interesting for an AP is the traffic analytics.  The MR12 (and likely many more) actually do NG firewall type application flow analysis.



You can drill into these flows and see what clients they came from, when they occurred, and a bit of info about the application generating the flow.



All the settings to enable these features are under Configure --> Network Wide settings.


The last thing I'm going to mention is that built in to all this is also a Mobile Device Management (MDM) feature.  There's an Android app, and an iOS policy (app appears to be optiona on iOS) that you can apply to phones, etc. to manage them.  I quicky slapped it on my old Samsung Galaxy S (no SIM, wifi only) and my 3rd gen iPod to test it out.  Seems to work reasonable well and I think I'll discuss it more in its own post.  I figured I'd mention it here because for a first thought it's a big feature to just toss in.

All in all I do really like the Meraki interface.  It's clean, and easy to navigate.  If anything I might say that I do forget where certain settings are in the dashboard, and I spend too much time looking for something I've seen before.  Whether that will subside with time as I get more time using it, or is really a problem because things aren't in intuitive places time will tell.  There really is a ton of features in here and I've barely scratched the surface.  One can hope they all work well, or as advertised, but again as I get more familiar with them we'll see how that goes. I haven't yet played with the packet capture feature, or Air Marshal to name a few.

I admit the whole cloud managed thing does bother me, but I'm not sure I really have a good reason for that. I do need to look a bit more at the documentation around that.  I'm sure this is one of the biggest questions Meraki is asked about so there must be some good answers around it.  I know if I'm going to sell this stuff to my customers then I'm going to have to have those answers.




8 comments:

  1. Thanks for posting this. I attended a webinar this week and just received notice that my Meraki AP has shipped. The cloud management solution looks very nice! Looking forward to exploring it more.

    ReplyDelete
    Replies
    1. Right on. It is a pretty sweet deal from Meraki. I wonder how many of these things they've given away...?

      Delete
  2. Mine did not come with a power adapter. Did yours?

    ReplyDelete
    Replies
    1. Yup. Meraki did include an AC adapter with mine.

      Delete
  3. Thanks For this walkthorugh. A question though, If I have an AP from a different vendor(Ubiquiti Rocket M2 attached to an airMAX Omni in my case) connected to the LAN behind my Meraki MR12, , how can I get the configured SSIDs on my meraki MR12 out and rebroadcasted by the Ubiquiti Rocket M2 attached to an airMAX Omni?

    Thanks in Advance,
    David.

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. Hi, can it be pposible to configure this AP as Repeater? I mean without conecting it with a router by wired??

    ReplyDelete