Meraki

ShawnHu · ‎Aug 20 2024

Various users and clients are involved in different Secure Connect use cases, and we have automation in place to continuously generate these access activities. Here is a quick list. Users Group Use Cases UMB Reporting upayup@merakitraining.net Doctors Browser-based ZTA Activity Search bills@merakitraining.net Finance Client-based ZTA Activity Search iheal@merakitraining.net Doctors Remote Access/VPN Remote Access Logs iheal@merakitraining.net Doctors Data Loss Prevention Data Loss Prevention

ShawnHu · ‎Aug 20 2024

In addition to the the existing Remote Access and Browser-based ZTNA deployments(scenarios covered in Cisco Secure Connect Instant Demo), we are introducing the Client-based ZTNA to Meraki Launchpad🚀 for Cisco and partner sellers to demonstrate. Feature Summary: Zero Trust Network Access (ZTNA) is a turnkey-as-a-service solution that provides granular Zero Trust based access to network resources. Cisco Secure Client with the ZTA module or Cisco Zero Trust Access mobile apps (Apple iOS & Samsung Android 14+) enables endpoints for secure private access using Client-based ZTNA. More reading in Community post: Client-based ZTNA. Demo Story: Bill S. (bills@merakitraining.net) from the Finance department needs to access the internal private application with FQDN 'finance.merakitraing.net.' Instead of using a remote access VPN, Meraki Launchpad IT has decided to implement ZTNA, which offers more granular control over access to only the required network resources. The team opted for Client-based ZTNA, as it is well-suited for most modern, client-initiated applications. Bill's client device is not part of this demo, but as you can see below the device has been enrolled with Cisco Secure Client ZTA module and Bill's identity is associated. Now, let's demonstrate how this Client-based ZTNA is implemented and managed. Demo Flow (~15mins): As Cisco employees or partners, access Meraki Launchpad🚀 demo org via https://cs.co/mlp. Navigate to Secure Connect > Users page and verify Bill is part of the Finance Meraki Training group. Review the Finance Home private application on Secure Connect > Resources and Applications page. Highlight that only Client-based is enabled under Access methods section for this application. Review the Secure Connect > Zero Trust Access settings to confirm that the group Finance has the allow permission to access the appropriate resources and applications. Defining access policies by user group is a scalable way to manage your network. However, you can also configure policies at the individual user level. Now, you might be interested in how Meraki Launchpad IT team gains the visibility into Bill's access? First, navigate to Secure Connect > Security Activity to access the Umbrella dashboard. Once there, continue by selecting Reporting > Core Reports > Activity Search on the Umbrella side. Select Client-based ZTA to filter the activity logs, and you will find Bill accesses the application every few hours. To conclude, with Cisco Secure Connect Client-based ZTNA, now Bill who is part of Finance group can efficiently access the internal finance application anytime from anywhere with their ZTNA trusted devices. Also, Meraki Launchpad IT team minimizes the attack surface by reducing unnecessary network access. Resources: Meraki Learning: Introducing Cisco Secure Connect Meraki doc: Cisco Secure Connect - ZTNA Architecture Start Meraki doc: Cisco Secure Connect - Client-based ZTNA Meraki doc: Cisco Secure Connect - Zero Trust Access Policies

ShawnHu · ‎Jul 8 2024

@cmr That's a good question. As my last check-in with product team, unfortunately the current MR31.x beta release doesn't officially support AFC at this moment. Things might change with the future iterations.

ShawnHu · ‎Jun 28 2024

As the feature announced in 6GHz Standard Power Wi-Fi is now GA with AFC, we are happy to share the both Meraki Launchpad🚀 and Cisco Meraki Platform has incorporate the AFC feature. What is AFC and why Wi-Fi on 6GHz needs it? Automatic Frequency Coordination (AFC) is a system that protects the licensed services on 1,200MHz of spectrum from Wi-Fi interference by coordinating spectrum sharing with these 6 GHz incumbents. In order to effectively coordinate spectrum sharing Wi-Fi 6E APs must operate at either Standard Power or Low Power operation to remain in compliance with the FCC. Since APs on Standard Power mode operate at a higher power level, they can potentially interfere with the licensed 6 GHz services operating within the spectrum. As a result, they are required to operate under the control of AFC provider. The AFC provider serves as an independent central entity that allocates the channel and power levels based on the geolocation of the access points. To demo this feature: Access either Meraki Launchpad🚀 or Cisco Meraki Platform demo environments; Navigate to the network San Francisco - APC and then page Wireless > Access points APs with GNSS tag are either equipped with an external GPS USB module or an internal GPS module. Other APs without GPS module will derive the geolocation info from the neighbor AP with a satellite signal. Select any AP and verify the geolocation information under AFC tab. Resources: Document: Automatic Frequency Coordination For access information of the above demo environments, please refer to our post Introducing Meraki Demo Platforms

ShawnHu · ‎Jun 27 2024

For more information about accessing the demo environment Meraki Launchpad🚀, please refer to this post. We will add the same demo to the customer facing demo environment Cisco Meraki Platform later.

ShawnHu · ‎Jun 20 2024

@alemabrahao is right. The demo environments provide platforms for various use cases and Capture The Flag is one of them. Your activity proctor will help you with the answer validation.

ShawnHu · ‎May 14 2024

Managing the IOS XE software of Cloud Monitored Catalyst switches from the Meraki Dashboard has been featured on both Meraki Launchpad and Cisco Meraki Platform demo environments. Check out the following demo video to see how the image upgrade experience looks like. To run your own demo(without changing anything), visit the above demo environments and navigate to Organization > Firmware Upgrades > Schedule upgrades > Cloud Monitored. For more info, please refer to the documentation IOS XE image upgrades (Cloud Monitoring for Catalyst switches).

ShawnHu · ‎May 13 2024

@Damien2 Unfortunately, we dont currently offer an online lab environment where you can configure and make changes to the dashboard. However, we do provide read-only demo environments. In these environments, you can explore most features and go through the entire configuration process, although you won't have the ability to save any changes. As @alemabrahao mentioned, you can the access to our live read-only demo environment via dcloud.cisco.com. For Cisco partners, here is the short link to the demo. https://cs.co/mlp For Customers, the short url is https://cs.co/cmp To read more details about the demo platform, I would recommend this post.

ShawnHu · ‎May 2 2024

Big congratulations to the team! Well deserved!

ShawnHu · ‎Apr 19 2024

@PhilipDAth I believe you meant -XL. I agree with you that the current naming of the two AMIs is confusing. I have forwarded your feedback to our product team. Appreciate!

ShawnHu · ‎Apr 16 2024

We are excited to introduce the next-gen vMX-XL on AWS, as featured in the recent product blog post, "Introducing the next-generation vMX-XL on AWS." The vMX-XL represents a significant upgrade offering up to 10Gbps VPN throughput, a new software ASIC architecture, and other enhancements. We have integrated an vMX-XL instance into our Meraki Launchpad demo platform for a hands-on experience. Demo Org: Meraki Launchpad🚀 Demo Network: Datacenter-AWS-vMX-XL As a reminder, A vMX-M instance running as Routed mode is available in the same organization for demonstration.

ShawnHu · ‎Apr 11 2024

@Vmadathil That did work for me. Just add a line before the put operation. ssid_config['encryptionMode'] = 'wep' put_response = requests.put(ssid_config_url,json=ssid_config,headers=headers)

ShawnHu · ‎Apr 9 2024

Another GREEN addition to MT40: Sustainability reporting. This reporting offers both daily and annual projections for electricity cost and GHG emissions, giving users enhanced visibility into the environmental footprint of their IT operations. Customers can customize the currency, per kWh electricity cost, and GHG emissions factor based on their specific energy sourcing under the Network-wide > General.

ShawnHu · ‎Apr 9 2024

Interesting. I was testing with Postman and everything was fine. But when using your code, I actually can reproduce the 400 error. You can edit the following line to get the error details. print( f"Failed to update SSID configuration for {ssid_config['name']}. Status code: {put_response.status_code}. Errors: {put_response.text}" ) The error I got was "{"errors":["'encryptionMode' must be one of: 'wep' or 'wpa'"]}" There were some discussions about this. https://community.meraki.com/t5/Wireless/API-problems-with-update-SSID/m-p/199648 https://community.meraki.com/t5/Wireless/quot-Update-the-attributes-of-an-SSID-quot-AP-endpoint-broken/m-p/61491 Looks like the solution is to modify the 'encryptionMode' to either 'wep' or 'wpa'. Not sure why your script works in the sandbox environment. If there are further questions, I would suggest file a support case.

ShawnHu · ‎Apr 8 2024

Agreed with Philip that there might be something unexpected in the ssid_config from the GET call. In your case, as you are updating the RadiusServers only, a more efficient way is to just include the updated RadiusSevers parameter in the json body instead of including the entire ssid_config. For example, if I want to update the SSID name, I can only have one parameter in the json body in the API PUT operation. Those other parameters not in the body will remain unchanged. Hopefully, this is helpful.{{baseUrl}}/networks/:networkId/wireless/ssids/:number { "name": "UPDATED-SSID-NAME" }

ShawnHu · ‎Apr 2 2024

And, it's now supported with the MT1.6 or greater. And we have the demo environment for a gander. Check this out.

ShawnHu · ‎Apr 2 2024

I hope everyone is excited about the brand new layout design of the Meraki Community. We've introduced an exciting sensor feature MT40 Power Saving Schedules that allows administrators to schedule power-off windows for their infrastructure, supporting organizations in achieving their sustainability goals. Personally, I can now optimize my home lab by offloading the holiday light decorations automation from my on-prem Raspberry Pi to the Meraki cloud. Look forward to hearing your use cases and happy demoing. Power control event log How to access: Login to the demo platforms: Meraki Launchpad🚀 or Cisco Meraki Platform, navigate to the San Francisco > Sensor , locate a MT40 > Settings. Documentation: MT40 Power Savings Schedules

ShawnHu · ‎Mar 28 2024

Yep, that's where the 404 not found came from.

ShawnHu · ‎Mar 28 2024

@Hex The endpoint getNetworkDeviceLldp_cdp reminds me that you probably were using V0 API instead of V1. Meraki dashboard API V0 has been end of support. In V1, the endpoint is getDeviceLldpCdp. https://developer.cisco.com/meraki/api-v1/get-device-lldp-cdp/

ShawnHu · ‎Mar 11 2024

Indeed! I also look forward to the future iterations.

ShawnHu · ‎Mar 8 2024

And we have the demo environment on this feature for Cisco and partners. Check this post.

ShawnHu · ‎Mar 8 2024

Supporting more than two functional uplinks on the MX platform has been asked for a while. We are happy to share that MultiWAN is supported on MX75, MX85, MX95, and MX105 with MX18.2 or higher firmware required. This iteration of MultiWAN support enables a third link as a backup link which remains in standby mode until both primary and secondary uplinks are down. The demo resource is available on Meraki Launchpad🚀 for Cisco partners. Demo network/page: Datacenter-SA and Sydney This screenshot from the demo environment shows the third uplink takes over when both primary and secondary uplinks fail. We are scheduling a daily event to simulate this failover behavior. For more details about this feature, please refer to the MultiWAN Backup Uplink documentation.

ShawnHu · ‎Mar 7 2024

@Johnmon This wasn't designed specifically for the MT lab. But you will find an RO API key of our demo environment in the eLearning module Node-RED: Module 2 - Introducing the Meraki Dashboard Node(cisco.com login required). Please be aware that we rotate the key as necessary.

ShawnHu · ‎Mar 5 2024

This has been fixed. We share the API Key through the GitHub repository making life easier in case of future key rotation.

ShawnHu · ‎Mar 5 2024

Yes, you can achieve this by combining the organizations > Organization Devices (set device model as mt10)and sensor > Organization Sensor Readings Latest calls (with the targeted devices selected) The reason you will need the Organization Devices is in the sensor reading returns there is no device names but serial numbers.

About ShawnHu

ShawnHu

Community Record

Badges