Cisco Meraki Network Installation

-
My favorite networking devices are Cisco Meraki. I would like to share my Cisco Meraki experience with you today. It is user-friendly. You do need to write any code for trunking or change any name. You just need to select trunk option or click on the pen sign on the device you want to edit.

1st Thing to Do

First you need to create VLANS (interface). To do it, please go Switches>>Routing&DHCP.

If you want to make a reserved IP range. First you need to go DHCP settings. Then you will see "Reserved IP Ranges". If you want to put static IP, it is under Reserved IP ranges, it is called Fixed IP Assignments.
Also, I recommend you to search about trunk to understand VLAN connection between the switches.
http://www.myiteducation.org/p/it-at-schools.html

Setup Switches

You need to go Switch, first. If you want to change the name, click on the pencil icon which allow you to edit the switch name. When you click on the port, you will able set up the properties of the port.
  • PoE: Enabled/Disabled
  • Type: Access/Trunk
  • VLANs: which vlan is it? Allowed, native
  • Schedule: You can schedule to run or stop the ports. But you need to create a port schedule, first. To create port schedule. Switches>>Port Schedules under Configure
Also, you also need to set up the IP address of the switch. Click on the pencil icon next to "LAN IP" and put the information such as static or DHCP, IP address, subnet mask, DNS server... etc.
P.S. You can also use add a fixed ip assignment feature to give IP address to any device including switches.

 If you setup all ports as native VLAN such as 120, it will be helpful in the future.

If you replacing the broken switch, you can clone switches from the broken one to the new one. https://documentation.meraki.com/MS/Other_Topics/Switch_Cloning

Setup Wireless (SSID)

You can see AP and connected clients to AP by going to Wireless>>Access Points under Monitor.
You can also manage connected devices and make some restrictions for connected clients. If you have a security policy, you can also force it to device. (See above to set up security policy.)

To setup SSIDs; Go to Wireless>> SSID under Configure. You can create one easily over there. (You may click on the ". Show all my SSIDs." ) Don't forget to assign VLAN! The connected devices will get IP accordingly!

If you create a guest network, Splash page is recommended!

Also, don't forget to set up a rule. So, guest users can't go other VLANs so you can save your devices such as server, switches... etc. To do it; navigate to Wireless>>Configure>> Firewall & traffic shaping. You can edit the default Layer 3 firewall by adjusting to deny access.
Also, set up the followings:
  • Add 3 Layer 7 firewall rules to block P2P, file sharing, and gaming services
  • Limit the per-client bandwith to 1 Mbps.

Setup Addressing and Traffic

I would like to point very important point. When you go Wireless>>Access Control (under configuration); you will see Client IP assignment. The devices get IP address from DHCP server (Bridge Mode) or Meraki, wireless SSID (AP-Admin , AP-Student...etc.), can assign IP (NAT mode).

Setting up Security Rules (Policies)

You just need to go Wireless>> Firewall & traffic shaping. You can create the following rules by each SSIDs.
  • Layer 3 rules
  • Layer 7 rules
  • Traffic Shaping rules

You can block BitTorrent or make some restrictions on some websites.

Other advantages:
  • Traffic shaping by enforcing a per-client bandwith limit (uploading or/and downloading) such as 5 Mbps. (I recommend you to enable SpeedBurst! Click i icon for more information.)
  • Setting up a priority rule such as Low. such as you can add a traffic shaping rule for Netflix - ignore network bandwith restrictions.
  • Content Filtering. You can block any website category such as "Adult and Pornography"
P.S. The features may not be available, if the related licence is not purchased! Don't forget to check Meraki website.
https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Traffic_Shaping_Settings#Creating_Shaping_Rules

Also, check the photos below.


A Meraki School Network Setup - Basic

Once I worked in Boston, my school was at temporarily building. So, IT doesn't want to put more effort for the temporarily building. This building was configured as below:

Sonicwall; DHCP Server 192.168.100.X /24
There are no iBoss for filtering but the filtering feature of Sonicwall was purchased.
Cisco Meraki Switch: There were no any VLANs (interface). But there are 4 SSIDs (Admin, Staff, Student, Guest).
  • Admin, Staff was configured as Bridge Mode.
  • Student, Guest was configured as NAT Mode. Cisco Meraki gave IP address to devices connected to student or guest SSIDs. So, they will not able to connect to any LAN devices such as printer. If you deny the access from SSID setting, you will not connect (by entering ip address) to any LAN devices such as printer management console, sonicwall... etc. 
There was no camera but there are IP phones. All ip phones get their ip s from sonicwall like other connected devices to admin and staff SSIDs.

However, once we moved the new permanent building was like below:
P.S. We use some AP in the old building and I don't want to mess up the old building wireless system. I created a new network by clicking "Create a new network" on the main Meraki page. And I move some devices to this network.
I go to Switch>Routing&DHCP. Then create Interface
I choose the switch (the best switch) which I want to use a DHCP server. And set up the settings as below picture:
Then I create SSID (wireless networks).


Please note that Cisco Meraki help is also very helpful. You can submit a case or call directly to them. To reach help; click on the Help on the main dashboard!

Comments

Post a Comment

Popular posts from this blog

MCAS ProctorCache Setup

-
Image
I would like to share my experience with MCAS proctorcache computer. If you need to setup second precaching computer;  You need to add a precaching computer after choose your school on MCAS PAN website. (Setup>TestNav Configurations>Search(Show All Results) >Choose your school>Select Task(Create/Edit TestNav Configurations)>Press Start button. To precache of the test; Login PAN website! Navigate Testing>Session>Search(Show all results)> Choose your test> See picture below> and the new page. Click on the Precache. The protoctorcache computer's firewall's port 4480 and 4481 should be opened! If you couldn't open those ports, just turn off the precaching computer's firewall. How to open a port on a computer?  http://www.myiteducation.org/2018/03/general-computer-tips.html Don't forget to change the proctor cache sleeping time  to never. The proctor cache password is  t35t1n6 =====================================
Read more

My CCNA Useful Links

-
Summary of All Topics-1 Click on the "Sections (Theory)" part. Summary of All Topics-2 Summary of All Topics-3 Cisco Networking All-in-One Cheat Sheet GENERAL INFO&TERMS IPv4 IPv6 ROUTING OSPF Explanation Video OSPF Lab - 1 OSPF Lab - 2 EIGRP Explanation Video EIGRP Lab - 1 EIGRP Lab - 2 Troubleshooting: Check AS, networks must be configured under eigrp (check the interface ip to see there is any missing network), metric values must be same. Static and Default Route Lab HSRP Vs VRRP Vs GLBP Redundancy Protocols How to Break Cisco Routers Password Using Rommon Mode Don't forget to go rommon mode back and start your router with default register value which is 0x2102. This part is not in the video. SWITCHING STP VTP STACKABLE SWITCH ETHERCHANNEL VLAN HOW TO CONFIGURE ROUTER ON A STICK - 802.1Q TRUNK TO CISCO ROUTER How to Confi gure Port Security on a Cisco Switch   OTHER ACL Router1(config)#access-list 101
Read more