Cisco Cloud Networking Workshop...Cisco Meraki: a complete cloud-managed networking solution –Wireless, switching, security, WAN optimization, and MDM, centrally managed over the

Cisco Cloud Networking Workshop Session 1

Jay Bradford CNG Systems Engineer

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Agenda

Welcome and Introduction

Dashboard Demo

Local MX, MS and MR configuration

MX | Security Appliances Lab

MS | Access Switches Lab

MR | Wireless Access Points Lab

SM | System Manager Demo

Q&A and Wrap-Up

3

About Cisco Cloud Networking


Cisco Cloud Networking Overview

5

Cisco Meraki: a complete cloud-managed networking solution

– Wireless, switching, security, WAN optimization, and MDM, centrally managed over the web

– Built from the ground up for cloud management

– Integrated hardware, software, and cloud services

Leader in cloud-managed networking

– Among Cisco’s fastest-growing portfolios: over 100% annual growth

– Tens of millions of devices connected worldwide

Recognized for innovation

– Gartner Magic Quadrant, InfoWorld Technology of the Year, CRN Coolest Technologies

Trusted by thousands of customers worldwide:


Bringing the Cloud to Enterprise Networks

6

Meraki MS

Ethernet Switches

Meraki SM

Mobile Device

Management

Meraki MR

Wireless LAN Meraki MX

Security Appliances


Cloud and On-Premise Deployment Configurations

Cisco

Cloud Managed

Mid-Market Business Enterprise and Mid-Market Business

Optimized for Ease of Management Optimized for Flexibility and Control Hybrid

Cisco Cloud

Managed Edge

Cisco Enterprise

Core / Datacenter Cisco Enterprise

Campus & WAN

Cisco Cloud

Managed Branch

Cisco

Enterprise

7


Out-of-Band Management in Every Product

8

Management

data (1 kb/s)

WAN

Scalable – Unlimited throughput, no bottlenecks

– Add devices or sites in minutes

Reliable – Highly available cloud with multiple datacenters

– Network functions even if connection to cloud is interrupted

– 99.99% uptime SLA

Secure – No user traffic passes through cloud

– Fully HIPAA / PCI compliant (level 1 certified)

– 3rd party security audits, daily penetration testing

– Automatic firmware and security updates (user-scheduled)

Reliability and security information at meraki.cisco.com/trust

http://meraki.cisco.com/trust


Cloud Licensing Model is Simple

9

Simple Cloud Licensing model

No per-feature or per-user licenses

Licensing options: 1 Year, 3 Year, 5 Year, 7 Year & 10 Year

Cloud License price is all inclusive

Cloud Management UI

24 x 7 phone support

Automated software updates

Advanced hardware replacement (NBD in US)

All features built on the platform

All new features

Dashboard Demo


Hands-on Labs

11

dashboard.meraki.com username: [email protected] password: Meraki! X is on front of printout


Your Individual Lab Lives in San Francisco

12


Lab Network Overview

“X” is your lab station number

VLAN1 (Corp)

Subnet: 10.0.[x].0/24

Gateway (MX LAN IP): 10.0.[x].1

VLAN30 (Voice)

Subnet: 10.0.[30+x].0/24

Gateway (MX LAN IP): 10.0.[30+x].1

VLAN100 (Guest)

Subnet: 10.0.[100+x].0/24

Gateway (MX LAN IP): 10.0.[100+x].1

Username: [email protected]

Password: Given by facilitator

YOU

MX60

MS220-8P switch

MR34

LAN IP: 10.0.X.1

LAN IP: 10.0.X.n2

LAN IP: 10.0.X.n1

WAN IP: (DHCP)

13


MX Security Appliance Lab

14


MX Security Appliances

15

Zero-touch site to site VPN

WAN optimization

NG firewall

Content filtering

WAN link bonding

Intrusion detection

Feature highlights

7 models scaling from small branch to campus / datacenter

Complete networking and security in a single appliance


About Cisco Cloud Networking

16


Scenario: Configure VPN, Content Filtering and Group-Based Policies for Remote Branch Location

17

Verify that your MX is operational (i.e. WAN uplink is healthy, MX is viewable in

dashboard, etc.)

Create VLANs 1, 30, and 100 (per diagram) for your network

Create global policies to block BitTorrent, traffic shape online backups and software

updates and restrict adult websites.

Create a group-based policies for guest users to add rate limiting and additional blocked

categories.

Apply group policy to VLAN 100.

Enable network alerts if the MX goes offline for more than 5 minutes and if the switch

goes offline at any point.

Enable split-tunnel, mesh site-to-site VPN, check VPN health & status


MS Switch Lab

18


MS Edge and Aggregation Switches

19

Layer 2 & 3 Gigabit switches in 8, 24, and 48 port configurations with available PoE

Enterprise-class performance and reliability including non-blocking Gigabit performance, 802.3at/af PoE on all ports, 10GbE uplinks, and voice and video QoS

Voice and video QoS

Layer 7 app visibility

Virtual stacking

PoE / PoE + on all ports

Enterprise security

Remote packet capture, cable testing

Feature highlights


MS Switching Portfolio

20

MS220 MS320

• Layer 3

• 10Gb SFP+ uplinks

• Hot-swappable, redundant PSU (with

integrated fans)

• 24, 48 port models

• Layer 2

• Gigabit SFP uplinks

• Supports rack-mounted RPS 23001

• Integrated fans

• 8, 24, 48 port models

• Layer 3

• 10Gb SFP+ interfaces

• Hot-swappable, redundant PSUs

• Field-replaceable fans

• Management port

• 24, 48 port models

Ideal for:

— Access switching at branch sites

— Deep visibility into clients, applications

— Energy savings (PoE/PoE+ models)

Ideal for:

— Mission critical access switching

— Fast uplink requirements

— High availability environments

— Next-generation 802.11ac wireless (MR34)

— Deep visibility into clients, applications

— Energy savings (PoE/PoE+ models)

Ideal for:

— Campus aggregation switching

— Unified management from

access to aggregation layer

— Space-constrained locations

MS420


Scenario: Configure Ports for VoIP Phone Use, Perform a Cable Test and PCAP, Set an Energy-Saving Port Policy

21

Verify that your MS switch is operational (green status, passing traffic)

Name your MS switch, and tag it with useful descriptors (e.g. “VoIP” or “Phone”)

Configure ports 4 and 5 for VoIP phone access

Create an energy-saving port schedule to turn off ports during off hours

Search for VoIP switch ports by tag, and then apply port schedule

Find live client device (e.g. MR16) and perform cable test, then perform a packet capture to

CloudShark


MR Access Point Lab

22


MR Wireless Access Points: Models

23

Indoor

APs

Outdoor

APs

3 Stream Triple-Radio

802.11ac

1.75 Gbit/s

MR12 MR18 MR26

Single-Radio

802.11b/g/n

300 Mbit/s


802.11a/b/g/n

600 Mbit/s


802.11a/b/g/n

900 Mbit/s

MR62 MR66

Single-Radio

802.11b/g/n

300 Mbit/s

Dual-Radio

802.11a/b/g/n

600 Mbit/s

MR34


Scenario: Create Isolated Guest SSID With Splash Page

24

Verify that your AP is operational (green status, passing traffic)

Create two new SSIDs —one for corporate, one for isolated, secure guest access,

On your corporate SSID, use a PSK and attach it to your data VLAN.

On the guest SSID, ensure users sign on via a splash page that refreshes every half hour (customize and

preview your splash page). Attach to your guest VLAN. Use group policy to block all Android devices.


Systems Manager: Mobile Device Management

25


Systems Manager Overview

26

Device Management controls iOS, Android, Mac, and Windows devices

Cloud-based - no on-site appliances or software, works with any vendor’s network

100% free - available at no cost to any organization, sign up at meraki.cisco.com/sm

Centralized app deployment

Device security

Rapid provisioning

Backpack™ file sharing

Asset management

Feature highlights

meraki.cisco.com/sm

Systems Manager Demo

Q&A

Documents

Cisco Cloud Networking Workshop...Cisco Meraki: a complete cloud-managed networking solution –Wireless, switching, security, WAN optimization, and MDM, centrally managed over the