Upload
doxuyen
View
257
Download
6
Embed Size (px)
Citation preview
Cisco - Meraki Design Optionsand Guidelines
Krish Venkataraman – Technical Marketing Engineer
PSOCRS-2006
• Introduction to Cloud Networking Architecture
• Cisco Meraki Product Portfolio• MR Access Points
• MS Switches
• MX Security Appliances
• System Manager (MDM)
• Cisco Unified Access and Meraki Branch Design Options
• Cisco Unified Access and Meraki Wireless Guest Network
• Meraki Security with Cisco Campus Network
• Cisco ISE and PI integration with Meraki
• Key Takeaways and Resources
Agenda
Cisco MerakiIntroduction
2013: Cisco Acquires Meraki –Cloud Networking Leader
SAN JOSE, Calif. – November 18, 2012
Cisco today announced its intent to acquire privately held
Meraki Inc., a leader in cloud networking. Headquartered in
San Francisco, Calif., with offices in New York, London and
Mexico, Meraki offers midmarket customers easy-to-deploy
on-premise networking solutions that can be centrally
managed from the cloud.
June 2015: Cisco Meraki Cloud-Managed IT
All Managed from the Cloud
SwitchingIWAN / Routing
Location Analytics
Wireless
Bonjour Gateway
Network Infrastructure Unified Threat Management Mobile Management
Auto VPN
Next-Gen Firewall
Content Filtering
Intrusion
Prevention
Device Management
Application
ManagementUser Management
CONFIGURE MONITOR REPORT
NETWORK | SECURITY | DEVICES | APPLICATIONS
All Managed from the Cloud
SwitchingIWAN / Routing
Location Analytics
Wireless
Bonjour Gateway
Auto VPN
Next-Gen Firewall
Content Filtering
Intrusion
Prevention
Device Management
Application
ManagementUser Management
With Centralized Monitoring and Management
Manage a few sites…
OR…Manage thousands of sites
Increase/Decrease Scale –Based on Needs
Always-On reliability –Connected to Cloud or Not
Fine-Grained Control –Users, Devices & Applications
For Any-Sized Organization
Network Infrastructure
Unified Threat Management
Mobile Management
Delivered Across the Globe
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
Q4F
Y0
8
Q1F
Y0
9
Q2F
Y0
9
Q3F
Y0
9
Q4F
Y0
9
Q1F
Y1
0
Q2F
Y1
0
Q3F
Y1
0Q
4F
Y1
0
Q1F
Y1
1
Q2F
Y1
1
Q3F
Y1
1
Q4F
Y1
1
Q1F
Y1
2
Q2F
Y1
2
Q3F
Y1
2
Q4F
Y1
2
Q1F
Y1
3
Q2F
Y1
3Q
3F
Y1
3Q
1F
Y1
4
Q2F
Y1
4
Q3F
Y1
4
Q4F
Y1
4
Q1F
Y1
5
MORE THAN
50KCUSTOMERS
GREW BY
108% LAST 12 MONTHS
Customers Are Adopting Cloud Networking
Cisco Meraki Customer Growth
Cloud Networking Architecture
• Installation in minutes and management with ease on aCloud Dashboard
• Integrated, always up to date features –Auto update or On Demand
• Scales from small branches to large networks
• Reduces operational costs
Cloud Networking increases IT efficiency
Manageability Scalability Cost Savings
Network endpoints
securely connected to
the cloud
Cloud-hosted
centralized management
platform
Intuitive browser-based
dashboard
Cloud Managed Networking Architecture
Out of Band Cloud Management
• Scalable
• Unlimited throughput, no bottlenecks
• Add devices or sites in minutes
• Reliable
• Highly available cloud with multiple datacenters
• Network functions even if connection to cloud is interrupted
• 99.99% uptime SLA
• Secure
• No user traffic passes through cloud
• Fully HIPAA / PCI compliant (level 1 certified)
• 3rd party security audits, daily penetration testing
• Automatic firmware and security updates (user-scheduled)
Reliability and security information at meraki.cisco.com/trust
Config & Statistics data
~1 kb/s or less/deviceWAN
LAN
Cisco Meraki:Bringing the cloud to enterprise networks
Meraki MS
Ethernet Switches
Meraki SM
(Mobile Device Management)
Meraki MR
Wireless LAN
Meraki MX
Security Appliances
Cisco MerakiProduct Portfolio
MR Series Aps
Indoor Wireless Access Points
Medium Branch / Small Campus
MR18
• 802.11a/b/g/n
• 3 x 3 : 2
• 600 Mbps
MR26
• 802.11a/b/g/n
• 3 x 3 : 3
• 900 Mbps
Campus/High Performance
MR34
• 802.11ac/n/a/b/g
• 3 x 3 : 2
• 1.75 Gbps
• 802.11ac/n/a/b/g
• 3 x 3 : 2
• 1.2 Gbps
• Bluetooth LE Radio
MR32
Outdoor Wireless Access Points
• Outdoor environmentsHigh-density deployments
• 802.11n up to 600 Mbps
• Self-configuring, Self-optimizing Mesh
MR66 MR72
• Outdoor environmentsHigh-density deployments
• 802.11ac up to 1.2 Gbps
• Self-configuring, Self-optimizing Mesh
• Integrated Bluetooth Low Energy Radio
MR Access Points – Key Features
Centralized Management
Rapid Deployment with Self-Provisioning
Control Applications, Users, Devices
Automatic Monitoring and Alerts
Automatic RF optimization
AutoRF™ cloud-based performance tuning
High performance mesh routing
Dedicated Radio for Monitoring
Enterprise securityand Guest access
Air Marshal™ wireless intrusion prevention
Secure guest access
802.1x / Active Directory integration
Dedicated Security Radio
Application Visibilityand Control
Deep Packet Inspection
Traffic Shaping
Cloud-Based Application Signatures
MS Series Switches
MS220-8
• 2 x Gig SFP Uplink• 8 Port, PoE+• 20 Gbps Switching Capacity
Small Branch / Teleworker
MS220-24/48
Medium Branch / Large Branch
• 4 x Gig SFP Uplink• 24/48 Gig Port, PoE+• External RPS• 104 Gbps Switching Capacity
MS420-24/48
Layer 3 Fiber Switches
• All 10 Gb SFP+ Ports • 24/48 Port SFP or SFP+• Hot Swappable Redundant
Power, FRU Fans • 960 Gbps Switching Capacity
Large Branch/Campus
MS320-24/48
24/48 Port, Full PoE+
Feature Rich(Layer 3 OSPF, Virtual Stacking,
Packet Capture, AVC)
176 Gbps Switching CapacityAll 10Gb SFP+ Uplinks
Hot Swappable Redundant Power Supplies
Cisco Meraki Switching Portfolio
MS Switches – Key Features
Centralized Management
Rapid Deployment with Self-Provisioning
Control Applications, Users, Devices
Automatic Monitoring and Alerts
Virtual Stacking
Scalable Management Architecture
No Stack Licenses or Cables
Zero-Touch Deployments
Enterprise security
802.1x / Active Directoryintegration
PCI 1.0 and HIPAA Compliant
Access Control Lists
Application Visibility and Control
Deep Packet Inspection
Packet Processing Engine
Cloud-Based Application Signatures
Voice optimization
Routing and Redundancy
Route Redundancy (VRRP)
Dynamic Routing Protocols (OSPF)
DHCP Failover, Relay, Servers
Remote Live Tools and Alerts
Automatic 24x7 Monitoring
Configurable Alerts
Built-in Ethernet Cable Testing
MX Series Security Appliances
MX for Small Branch – Up to 50 Users
MX for Medium Branch – Up to 500 Users
MX for Campus/Large Branch – Up to 10000 Users
MX Security Appliances – Key Features
Centralized Management
Rapid Deployment with Self-Provisioning
Control Applications, Users, Devices
Automatic Monitoring and Alerts
Auto VPN
Auto-provision IPSec VPNs
Flexible Tunnels, Topology and Policies
Automatic VPN Parameter Configuration
Application Aware Firewall
Layer 7 Classification and Control
Intrusion Detection Engine
Identity-Based and Device-Aware Security
Failover and High Availability
3G/4G Cellular and Dual Uplink
Warm Spare Failover
Datacenter High Availability
Content Filtering
Identity-Based Filtering Policies
Scalable Database withSafeSearch Integration
Automatic, Cloud-Based Signature Updates
Cisco Meraki System Manager (MDM)
Central Device Management Enforce Settings and RestrictionsRemote Deployment of Software
Enterprise Connectivity Remote Troubleshooting and Live ToolsAsset and Inventory Management
Fully Integrated with the
Cisco Meraki Network
Cisco Meraki Systems Manager
Dynamic Security Profiling Enterprise Wipe and Profile RemovalDynamic User Enrollment
Meraki Systems Manager – More Features
Application and Data Control 24 x 7 SupportNetwork Group Policy Integration
And even more ….
Systems Manager FREE up to 100 end points!
Networks with 100 devices or fewer do not require a license
Networks with more than 100 devices do require a license for each device
All networks will receive ongoing feature updates
<= 100 devices > 100 Devices
Cost Free Paid
24/7 Support No Yes
Features Full Set Full Set
Cisco Meraki Software License
Cisco Meraki License –One SKU includes all Support!
Pay as you grow with a subscription based licensing model
One Software SKU covers everything : Software, Support and Warranty
Licenses are available on a 1,3,5,7 or 10 year basis
*Except for Outdoor Access Points
Lifetime Hardware
Warranty*24x7 Support
Advanced NBD
replacement
Meraki Cloud
Dashboard
Unlimited Software
Upgrade
Automatic Patches
and updates
Cisco Meraki License Categories
Content filtering (with Google SafeSearch)
Kaspersky Anti-Virus and Anti-Phishing
SourceFire IPS / IDS
Enterprise License Advanced Security License
Stateful firewall
Site to site VPN
Branch routing
Link bonding and failover
Application control
Web caching
WAN optimization
Client VPN
Geo-based firewall rules
All enterprise features, plus
• MR & MS have one license that supports all features
• MX has two software license categories – Enterprise & Advanced
Cisco Campus &Meraki Branch
On Prem and Cloud Managed Deployment Options
Optimized for Ease of
ManagementOptimized for Ease of Management
Optimized for Ease of Management Optimized for Flexibility and ControlHybrid
Cisco
Meraki
Cloud
Managed Cisco
Meraki Edge
Cisco Enterprise
Core / DatacenterCisco
Enterprise
Datacenter
Cisco Meraki
Branch
Cisco
Enterprise
Mid-Market Business Enterprise and Mid-Market Business
MR32
MS220
MX60
Phone PC
Branch 1
MR32
MS220
MX60
Phone PC
Branch 2
ISR
Internet
VPN Cloud
Access-3850Access-4K
ASR1K
Campus Access-2Ks
L2 MEC
FW NX7K
Cat4
K
VSS
CUCMISE PI
Branch Deployment Meraki in Branch & Cisco in Campus
MS220
MX60
MS220
Campus
MR32 MR26
Branch Deployment – Branch 1Meraki in Branch & Cisco in Campus
Branch 1 – Configuration Notes
MX Appliance manages the VLANs, Subnets and the DHCP Servers
APs are assigned Static IP by the MX
In the Voice VLAN DHCP scope Option 150 pointing to the CUCM should be included
Either ISE or Cloud based Radius can be used for user authentication
VPN tunnel between MX & Campus is necessary to ensure connectivity between IP Phones & CUCM in a Private Network
Cisco VPN peer is added as a ‘Non Meraki VPN Peer’ in the MX60 VPN Configuration. Refer to the Branch Deployment guide for detailed configuration
MS220
MX60
MS220
Campus
MR32 MR26
ISR
Branch Deployment – Branch 2Meraki in Branch + Cisco in Campus
Branch 2 – Configuration Notes
MX Appliance is in Pass-Through mode performing Firewall,Traffic shaping, Security & Content filtering operations.
The Cisco ISR operates as the DHCP Server, NAT toInternet & VPN Peer to Campus.
Either ISE or Cloud based Radius can be used foruser authentication.
No Configuration changes in MS Switches & MR APs.
Refer to the Branch deployment guide fordetailed configuration.
Branch 1 & 2 – VoIP Configuration Notes
The MS switch is compatible with IP phones that can receiveLLDP-MED or CDP, and will automatically distinguish voice traffic from computer data traffic behind the IP phone into their respective VLANs
QoS for the Voice VLAN is set as follows
Refer to the VoIP deployment guide for detailedconfiguration information
UA & Cisco MerakiGuest Network
• MR Access Points providing only Guest Network Service
• CDP & Auto Smart Ports features in Catalyst can be enabled
• All Guest Network configuration done in the Dashboard
Campus
Access
VSS Core
MR 34 MR 34 MR 34
UA & Cisco Meraki Guest Network
Wireless Guest Network Configuration
DHCP for Guest SSID enabled in the Dashboard
Wireless Guest Network Configuration
RADIUS server integrated in the Cisco Meraki Dashboard is a scalable solution for Wireless Guest Network
Wireless Guest Network Configuration
User names need to be created in the Dashboard.
Network-wide -> Configure -> Users
Cisco Meraki Security Option for Teleworker
Access
Access-3850Access-4K
Distribution
CoreASR1K
Campus Access-2Ks
L2 MEC
FW
Cat6
K
Cat4
K
VSS
CUCMISE PI
Internet
VPN Cloud
Z1
Phone
Home/Office
MX600
Corp PC
Guest iPad
Secure Teleworker Connectivity – Auto VPN
Teleworker Gateway Configuration
Auto VPN (patent pending) for Site-to-Site VPN connectivity.No special configuration required.
Teleworker Gateway Configuration
Supports 4 SSIDs for Personal & Guest users
ISE and PI integration
ISE and PI integration with Cisco Meraki
Flexibility Simplicity
Cisco
ONE Architecture
Cisco OnPrem
ISR / ASA
Catalyst
Aironet
CLI, SNMP,
Embedded GUI
Cisco Meraki
MX
MS
MR
Cloud ManagementCisco ISE
Policy and Control
Cisco Prime
Management
and Analytics
Who are connected to my
Network – 802.1x ✔ ✔ ✔Who are connected to my
Network – MAB ✔ ✔ N/A
What is connected to my
Network ✔ ✔ N/A
Who are connected to my
Network – LWA ✔ ✖ ✖Are my Devices Complaint –
Posture Assessment Limited Limited Limited
How do I handle Guests to
my companySponsored accounts Guest VLAN ✖
Identity Services Engine integration with Cisco Meraki
CISCO ISE 1.2 Meraki MR Access Points Meraki MS SwitchesMeraki MX Security
Appliance
Cisco Meraki
ISE Guide
Cisco tested and validated
Demonstrates compatible ISE use cases
Refer to the Blog post for details
https://meraki.cisco.com/blog/2014/05/got-ise/
Cisco Meraki & ISE Guide Available
• Single Pane of Glass Visibility for Cisco and Cisco Meraki Devices
• Includes
• Discovery
• Reachability (Up/ Down)
• Client Count
• Contextual Cross
Launch for control
Available from
PI 2.2!
PI Integration with Cisco Meraki
Branch 2 Network – Demo
Key Takeaways &Resources
Why Cisco Meraki – Customer Testimony
- Read SheardCIO, Westmont College
- Miles Davis
IT Director, Stanford University
Why Cisco Meraki – Customer Testimony
- Dominic Freeman
Community HealthCare System
Cisco Meraki – Simple, Innovative & Easy!
Cisco Meraki – Part of Enterprise Networking and compliments the On Prem offering.
Full Stack of Cloud Managed Networking
Integrated hardware and Cloud Management architected to ‘Simply Work’
Try Cisco Meraki for FREE!
Link: meraki.cisco.com/eval
Cisco Meraki – Resources
Cisco Meraki Knowledge Basehttps://documentation.meraki.com
Cisco Meraki ISE integrationhttps://meraki.cisco.com/blog/2014/05/got-ise/
Cisco Meraki VoIP Deployment Guidehttp://www.cisco.com/c/dam/en/us/solutions/meraki-branch.pdf
Participate in the “My Favorite Speaker” Contest
• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)
• Send a tweet and include
• Your favorite speaker’s Twitter handle @kvcisco
• Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin
Promote Your Favorite Speaker and You Could Be a Winner
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you