[VOTING CLOSED] Community Challenge: Which “Meraki+” solution is your Valentine? 💘

MeredithW
Meraki Alumni (Retired)

MerakiCommunity-Valentines-2019.jpg

 

UPDATE: WINNERS ANNOUNCED! Congratulations @BrechtSchamp and @David.

 

In the Meraki Community, we spend a great deal of time discussing the ins and outs of Cisco Meraki products (as you might expect). But when can we take time to share love for other Cisco solutions that might be in our stack?

 

Well, 'tis the season! We want to know: what is the most interesting way you've seen Cisco Meraki solutions paired with other Cisco technologies? What sort of problem did this perfect match 💕 help solve?

 

We're looking for a detailed explanation of a unique marriage 🔔💘 of Meraki and any other Cisco solutions (hardware, software, APIs…) to solve for a problem in an interesting and useful way. Diagrams and pictures are strongly encouraged!

 

How to enter

Submit your contest entry in a comment on this blog post before 11 a.m. PST on Friday, February 22nd 2019. This time around, entries won’t be made public until voting starts. After you submit your entry, you’ll see a message reading “Your post will appear as soon as it is approved.”

 

How to win

Voting begins when submissions close (at 11 a.m. PST on 2/22/2019), and continues into the following work week. Voting closes at 11 a.m. PST on Wednesday, February 27th 2019.

 

We will be selecting 2 winners:

  1. The Community Favorite — chosen by you, our Community members. Cast your vote by giving kudos (image) to your favorite entries. The entry with the most kudos from community members who aren't Meraki employees will win!
  2. The Meraki Favorite — a panel of experts here at Meraki will select the Meraki Favorite prize, judging entries on creativity, completeness, and accuracy.

 

Winners will each receive a Meraki Umbrella.

 

Umbrella 2.JPG

 

 

Complete rules and eligibility can be found here.

12 Comments
ham737
Here to help

My old job I had all standard Cisco. I watched a promo so I could get a Meraki Switch and have it in my office. It allowed for quick setting changes in the IT office to jump on different VLANs quickly. Also gave a good report of devices on my whole network. That's the only time I've had them pared though. Otherwise its been straight Cisco or straight Cisco Meraki.

tiimmaahh
Comes here often

I've only had one - witch Cisco RPS modules and MS225/210's.  It worked, but it was messy.  Our account managed upgraded us to MS250s with secondary PSUs, so the whole experience was worth it!

Siegslayer
Comes here often

I found something interesting.

 

One day I had to swap a meraki MX80 for a meraki MX450.

 

I have a redundant ISP uplink service so in theory I would not have downtime. Unlucky for me when I was going to do this swap my other uplink went down so I was depending only on one.

 

I had to change my firewall anyways because mx80 was on 100% of CPU I thought I was gonna have downtime but for the 5-10 minutes I was doing the swapping I ran a ping to internet to ensure when I get internet access again.

 

BUT I swapped my firewall and I never lost internet access, no packets lost. was it luck? is that how meraki works? I dont know but that was impressive.

 

the fact that all the settings are saved on the cloud and that I only have to register a new firewall to download all the configurations I had is a real life saver.

 

I give you that one Meraki.

CobrittePercy
Comes here often

Ease of plug and play. Check and click

Your network is secure. Done end of discussion.

 

Unless you want the old way using CLI command. 🙂

JMorehouse
Here to help

Cisco Umbrella + MX appliance = a match made in heaven. 

 

Do I get extra points because of the prize? 😉

Binzer
Conversationalist

 

I was happy to find out when we got the MDM Meraki manage our IPads, because Apple is so proprietary, they expected us to touch every machine and update each time manually with 1200 units throughout our division BUT - Cisco decided to get into the Camera Game in a big way.  No appliance needed, and integration into the MDM allows us to use one webased management platform to access all cameras from one place regardless of multiple locations.  On top of that, the cameras have on-board memory - and plug and play setup.  Add the meraki app and you can access your managed cameras in real time from anywhere, anytime.

Fantastic

JBinns

Goldenhills School Divison 75

Alberta, Canada

 

PhilipDAth
Kind of a big deal

I would like to highlight the create.meraki.io solution that uses the "new" Cisco Meraki Webhooks API to get alerts of things going down and then sends them to a Cisco Webex Team.  In this case the sample code uses Zapier to receive the WebHook and then pass it onto Webex.

 

https://create.meraki.io/guides/network-alerting-with-webhooks/

 

I feel some resistance to using an external provider like Zapier, but there is probably no good reason for this.  I tend to be more of an Amazon AWS Lamba kinda person because I can put whatever code I want in - but I guess there is no good reason to persist with doing it the "hard way" when their is another much easier way.  The other thing I don't like is the proliferation of micro-services you end up using from a multitude of vendors.  And then one day it breaks and you have to try and figure out how it worked and using what.  Even harder if the person that set it up has left.

BrechtSchamp
Kind of a big deal

We were migrating a client from Cisco traditional to Cisco Meraki. The client already had Cisco ISE running in their network so it made sense to integrate Cisco ISE with the new Meraki networks. Meraki is used for LAN/WLAN. Some sites still run traditional Cisco.

 

Meraki's support for Cisco ISE has been steadily growing and hopefully this will only get better with time. It solved the challenge of having to redo the whole .1X setup. Unfortunately we ran into an issue where Meraki doesn't support ISE returning named VLANs to dynamically drop users into their VLAN so we had to work around that.

 

ISE is used for:

  • Allowing corporate laptops to the wireless network (WPA2-Enterprise)
  • Allowing wired corporate computers to the wired network, some of which are connected to an IP phone (802.1X, LLDP)
  • Guest LAN and WLAN using LWA and self-registration
  • BYOD's are treated like guests and use home working techniques to reach corporate resources
  • IOT devices are dropped into the IOT VLAN, sometimes having to resort to MAB to make it work as a lot of IOT devices don't support .1X

 

Possible improvements:

We're not using posturing yet, but it would make a nice addition to the architecture and it seems to be supported. Another thing that would be nice is to interface between ISE and the firewall using pxGrid. We could also go a bit further in the BYOD concept.

 

The schematic looks somewhat like this:

ISE+Meraki.png

 

For those interested, more info about how to configure this can be found here:

https://community.cisco.com/t5/security-documents/how-to-integrate-meraki-networks-with-ise/ta-p/361...

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Configuring_the_MS_Access_Switch_for...

 

Disclaimer so you guys don't sue me Smiley LOL: I'm not the engineer who configured all this so there might be some inaccuracies and I also don't necessarily know about every hurdle encountered.

 

PhilipDAth
Kind of a big deal

I have an interesting project I am about to start working on with a retail customer.  They have MV12's monitoring their POS terminals.

 

We are going to use the new MV Sense API to count the queue depth at the POS lanes for people waiting to pay for their goods.  We are going to use WebEx Teams on the managers responsible for opening and closing up more POS lanes.  The idea is once the queue depth exeeds a certain value a message will be sent warning that customers are waiting too long to pay for their goods and then open up new POS lanes.

 

As a second project, they are considering using this data to more appropriately schedule in the number of POS lanes that need to be open for a given day and time based on these measurements.  POS data alone does not provide this information - because it doesn't show how many people are waiting.

redsector
Head in the Cloud

Meraki Heart Cisco ISE

 

Bildschirmfoto 2019-02-20 um 09.26.31.png

Cisco ISE is our Radius for all Meraki MS and MRs.

David
Here to help

We have a customer that recently completed the build out of new office space in a new HQ facility. Over the next year they will be migrating all operations from the old HQ facility to the newly constructed space in the new building. This particular customer has traditional Cisco enterprise infrastructure deployed for edge, wireless, and data center utilizing catalyst at the edge, unified wireless, and Nexus in the data center deployed in typical collapsed core architecture. Having recently adopted Cisco Meraki as the primary solution to be deployed at 3500 small remote locations across the country it was decided to implement Meraki for the access layer at the new HQ facility while maintaining Cisco Nexus and enterprise products in the data center and at the internet edge. Additionally Cisco ISE was implemented to handle Identity services and authentication for wireless across the organization.

 

One of the unique challenges that was encountered with the migration to the new HQ was that three separate guest wireless networks were deployed at the legacy HQ location that had to be replicated at the new HQ facility. Internet connectivity for each of these guest networks is provided via separate cable modem connections for each network. This proved to be problematic at the new HQ office as cable provider network facilities were not set to be built out for several months. An additional factor complicating this was that connectivity between the old and new HQ buildings was being provided as two separate 10Gb ethernet links and the customer wanted these links to be Layer 3 links to enable more deterministic control over the routing of traffic between the two sites. This L3 connectivity requirement made it impossible to simply bridge the internet connectivity for the three isolated guest networks from the old HQ to the new.

 

To address this issue we implemented a unique solution. At the old HQ location we implemented an MX in concentrator mode to anchor tunnels from each of the three Guest SSIDs at the new HQ site dropped off to separate vlans. Each of these vlans was bridged onto an isolated L2 vlan in the Nexus environment that connected each Guest SSID to the respective isolated cable modem connection. This is depicted in the attached diagram. This solution provided the customer with a couple of benefits. First it provided the required isolated connectivity for each of the guest networks without waiting months for the new cable modem network facilities to be built out at the new HQ building. Secondly the traffic in these tunnels can be identified at layer three allowing custom routing and QoS policies to be implemented to balance and prioritize traffic flows between the two facilities. In concert with this the new ISE implementation was leveraged to provide authentication services for the non-guest corporate and voice SSIDs serviced buy the Meraki wireless infrastructure at the new HQ.


While nothing about this solution is particularly earth shattering at a technical level it does provide a great example of how real problems can be solved utilizing the marriage of traditional Cisco Enterprise products and the simple and flexible capabilities of the Meraki cloud managed platform.

 

Wireless SSID Bridge Design.jpg

MeredithW
Meraki Alumni (Retired)