cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MR20 vs MR33 => Security and Scanning Radio, Blue Tooth

Highlighted
Here to help

MR20 vs MR33 => Security and Scanning Radio, Blue Tooth

I have a small office, maybe 600 sq ft.  Need internal and guest WLANs.  Internal is about 6 HP 1102 w wireless printers (2.4 only I think) and probably never more than 3 laptops and rarely any  (Clients are on Ethernet).  External is all the user PDAs (6-10) and a rare outside customer who needs internet access. Our old Buffalo wireless HP-54G has served well with no user complaints, but seems to be failing. 

 

Can someone please help me understand what the Security and Scanning Radio and Blue Tooth bring to the table, and maybe more important what if any security and control aspects may be lacking in the MR20? 

 

I do not see radio tuning an issue, at least where I'm coming from (other similar posts).  More concerned about intrusion monitoring, identifying who is connected and can I kill\ban them, controlling transmitter power (distance the signals can reach), etc.

6 REPLIES 6
Highlighted
Getting noticed

Re: MR20 vs MR33 => Security and Scanning Radio, Blue Tooth

The security radio allows the AP to continuously scan for rogue SSIDs. Without it the AP would have to drop clients in order to scan OR only scan whenever no clients are present. The Bluetooth BLE radio adds the ability to do advanced analytics and Beacon advertising. I'm actually not surprised your Buffalo HP-54G lasted this long, those things were amazing it its day!

Highlighted
Head in the Cloud

Re: MR20 vs MR33 => Security and Scanning Radio, Blue Tooth

Hi @RangerZ 

 

The following document contains good information about Meraki Air Marshal (WIPS/WIDS). Do check this if already not.

https://meraki.cisco.com/lib/pdf/meraki_datasheet_airmarshal.pdf

Most of your concerns can be addressed by MR33.

I understand MR33 shall be a better investment in comparison to MR20.

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
Here to help

Re: MR20 vs MR33 => Security and Scanning Radio, Blue Tooth

Thanks for your quick response, but I could use some more help please. (Not a network guru, I know just enough to be dangerous)

 

Did a quick Google on rogue AP.  Other than someone trying to spoof my legit AP will i not ferit these out pretty quick and be able to blacklist same.  Will these include my wireless printer's internal radios and PCs set up to share connections (should be disabled on the device already but...) As for Spoofing, if my users are set to auto connect to the "real" AP how practical an issue is this.

 

Regarding BT\BLE, read this and we have none of this tech in our business nor plan to.  If the advanced analytics has to do with IOT then I'm not interested, but if its wireless usage, then maybe.

Highlighted
Kind of a big deal

Re: MR20 vs MR33 => Security and Scanning Radio, Blue Tooth

If you're in the United States, I would not blacklist rogue APs. If you run afoul of the FCC's good neighbor policy, they can fine you. Ask Marriott. 

Highlighted
Here to help

Re: MR20 vs MR33 => Security and Scanning Radio, Blue Tooth

Ajit

 

The document indicates Airmarshall is available on all MR routers, which I assume means the MR-20. 

 

My concerns are that I have simple mitigations and would rather go the other way, especially if the MR-20 can do this function.  We are about 10 people and whitelisting devices is fairly easy. 

Highlighted
Kind of a big deal

Re: MR20 vs MR33 => Security and Scanning Radio, Blue Tooth

@RangerZ go for the MR33.  I would only use the MR20 for guest environments I don't care about.

 

That additional scanning radio in the MR33 is also used for mapping out interference and other issues in your environment.  It lets the system reconfigure its way around problems without you having to touch anything.

 

If you want something that just works without you having to touch it - go with the MR33.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.