Cisco Meraki Network Installation

My favorite networking devices are Cisco Meraki. I would like to share my Cisco Meraki experience with you today. It is user-friendly. You do need to write any code for trunking or change any name. You just need to select trunk option or click on the pen sign on the device you want to edit.

1st Thing to Do

First you need to create VLANS (interface). To do it, please go Switches>>Routing&DHCP.

If you want to make a reserved IP range. First you need to go DHCP settings. Then you will see "Reserved IP Ranges". If you want to put static IP, it is under Reserved IP ranges, it is called Fixed IP Assignments.
Also, I recommend you to search about trunk to understand VLAN connection between the switches.
http://www.myiteducation.org/p/it-at-schools.html

Setup Switches

You need to go Switch, first. If you want to change the name, click on the pencil icon which allow you to edit the switch name. When you click on the port, you will able set up the properties of the port.
  • PoE: Enabled/Disabled
  • Type: Access/Trunk
  • VLANs: which vlan is it? Allowed, native
  • Schedule: You can schedule to run or stop the ports. But you need to create a port schedule, first. To create port schedule. Switches>>Port Schedules under Configure
Also, you also need to set up the IP address of the switch. Click on the pencil icon next to "LAN IP" and put the information such as static or DHCP, IP address, subnet mask, DNS server... etc.
P.S. You can also use add a fixed ip assignment feature to give IP address to any device including switches.

If you setup all ports as native VLAN such as 120, it will be helpful in the future.

If you replacing the broken switch, you can clone switches from the broken one to the new one. https://documentation.meraki.com/MS/Other_Topics/Switch_Cloning

Setup Wireless (SSID)

You can see AP and connected clients to AP by going to Wireless>>Access Points under Monitor.
You can also manage connected devices and make some restrictions for connected clients. If you have a security policy, you can also force it to device. (See above to set up security policy.)

To setup SSIDs; Go to Wireless>> SSID under Configure. You can create one easily over there. (You may click on the ". Show all my SSIDs." ) Don't forget to assign VLAN! The connected devices will get IP accordingly!

If you create a guest network, Splash page is recommended!

Also, don't forget to set up a rule. So, guest users can't go other VLANs so you can save your devices such as server, switches... etc. To do it; navigate to Wireless>>Configure>> Firewall & traffic shaping. You can edit the default Layer 3 firewall by adjusting to deny access.
Also, set up the followings:
  • Add 3 Layer 7 firewall rules to block P2P, file sharing, and gaming services
  • Limit the per-client bandwith to 1 Mbps.

Setup Addressing and Traffic

I would like to point very important point. When you go Wireless>>Access Control (under configuration); you will see Client IP assignment. The devices get IP address from DHCP server (Bridge Mode) or Meraki, wireless SSID (AP-Admin , AP-Student...etc.), can assign IP (NAT mode).

Setting up Security Rules (Policies)

You just need to go Wireless>> Firewall & traffic shaping. You can create the following rules by each SSIDs.
  • Layer 3 rules
  • Layer 7 rules
  • Traffic Shaping rules

You can block BitTorrent or make some restrictions on some websites.

Other advantages:
  • Traffic shaping by enforcing a per-client bandwith limit (uploading or/and downloading) such as 5 Mbps. (I recommend you to enable SpeedBurst! Click i icon for more information.)
  • Setting up a priority rule such as Low. such as you can add a traffic shaping rule for Netflix - ignore network bandwith restrictions.
  • Content Filtering. You can block any website category such as "Adult and Pornography"
P.S. The features may not be available, if the related licence is not purchased! Don't forget to check Meraki website.
https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Traffic_Shaping_Settings#Creating_Shaping_Rules

Also, check the photos below.


A Meraki School Network Setup - Basic

Once I worked in Boston, my school was at temporarily building. So, IT doesn't want to put more effort for the temporarily building. This building was configured as below:

Sonicwall; DHCP Server 192.168.100.X /24
There are no iBoss for filtering but the filtering feature of Sonicwall was purchased.
Cisco Meraki Switch: There were no any VLANs (interface). But there are 4 SSIDs (Admin, Staff, Student, Guest).
  • Admin, Staff was configured as Bridge Mode.
  • Student, Guest was configured as NAT Mode. Cisco Meraki gave IP address to devices connected to student or guest SSIDs. So, they will not able to connect to any LAN devices such as printer. If you deny the access from SSID setting, you will not connect (by entering ip address) to any LAN devices such as printer management console, sonicwall... etc. 
There was no camera but there are IP phones. All ip phones get their ip s from sonicwall like other connected devices to admin and staff SSIDs.

However, once we moved the new permanent building was like below:
P.S. We use some AP in the old building and I don't want to mess up the old building wireless system. I created a new network by clicking "Create a new network" on the main Meraki page. And I move some devices to this network.
I go to Switch>Routing&DHCP. Then create Interface
I choose the switch (the best switch) which I want to use a DHCP server. And set up the settings as below picture:
Then I create SSID (wireless networks).


Please note that Cisco Meraki help is also very helpful. You can submit a case or call directly to them. To reach help; click on the Help on the main dashboard!

Comments

Popular posts from this blog

iBoss Tips&Problems

Synology DiskStation Quick Installation

Sonicwall; Open a port and how to use sonicwall wizard