Cloud Networking With Cisco Meraki

Cloud Networking?

The cloud is transforming infrastructure and making it possible for all size business to adopt and afford enterprise-class infra, everything without the cost, complexity, and constraints of traditional networks. Cloud networking shares many of the same benefits of other cloud IT services such as rapid deployment, easy administration, no new hardware to buy, no software updates or annual maintenance, pay-as-you-grow subscription pricing, built-in scalability and redundancy, and anywhere access via an Internet connection.


Meraki was a company that provided products for large-scale, distributed wired and wireless networks. The company was started by two MIT PhD students, Sanjit Biswas and John Bicket, along with Hans Robertson. The company was based in part on the MIT Roof net project and became part of Cisco Systems in December 2012

About Cisco Meraki

Cloud Networking provides all the below without the cost and complexity of controller appliances or overlay management software

  • centralized management
  • visibility
  • control

Meraki products are built for cloud management, and come out of the box with centralized management,

  • layer 7 device and application visibility,
  • real time web-based diagnostics,
  • monitoring,
  • Reporting, and much more.

Cisco Meraki deploys quickly and easily, without training or proprietary command line interfaces.

Meraki’s founders invented Cloud Networking while working as graduate students at M.I.T. Cisco Meraki now has a complete line of cloud networking products that power over 20,000 customer networks, including massive global deployments with tens of thousands of devices.



  1. Reliable, high-performance Cisco Meraki wireless APs, switches, and security appliances are deployed in your campus or remote branches.
  2. Cisco Meraki devices automatically connect to the Cisco Meraki cloud over SSL, register with your network, and download their configuration.
  3. You have complete visibility and control over your entire network over the web. Configure thousands of devices, run diagnostics, or view reports with a few clicks.
  4. Tasks such as RF optimization and VPN configuration are automated by the cloud, while firmware updates and application signatures are seamlessly deployed over the web.


1.      Rapid deployment with self-provisioning, self-optimizing hardware

2.      Control applications, users and devices

3.      Built-in multi-site management

4.      Automatic monitoring and alerts

5.      Future proof and always up to date, with seamless over-the-web firmware updates
and new features delivered quarterly


·         Traffic Flow

Cisco Meraki uses an out of band management architecture, meaning that only management data flows through the Meraki cloud infrastructure. No user traffic passes through Meraki’s datacenters, and your data stays on your network.

·         If Cisco Meraki cloud is not accessible

Your network continues to function normally even if you can’t access the cloud. Users can authenticate, firewall rules remain in place, and traffic flows at full line rate. Only management functions – reports, configuration tools, etc. – are interrupted.

·         Firmware upgrades

Meraki provides firmware updates via seamless, over-the-web upgrades. Cisco Meraki releases updates each quarter that contain new features, performance improvements, and other enhancements. Firmware upgrades are delivered securely over the web, which you can reschedule or cancel at any time.

·         Sizing network

The Cisco Meraki cloud architecture provides a feature set that is rich enough for large enterprise deployments, yet is easy enough to be used by IT generalists without training. Cloud based infrastructure provides cost advantages in both small and large networks, and the Cisco Meraki cloud infrastructure scales seamlessly from small branches to large campus environments and distributed networks..

·         Cisco Meraki security compare to traditional network infrastructure

Cisco Meraki has made major investments in the security of its cloud infrastructure, providing safeguards and tools to all Meraki customers. For example, Meraki undergoes daily penetration testing by an independent 3rd party, has received PCI Level 1 certification, and provides numerous security tools to help customers to harden their networks.

Reviews             Product Range 

Wireless Networks: ISM & UNII Bands

Industrial, Scientific, and Medical (ISM) Bands :-

The ISM bands are defined by the ITU Telecommunication Standardization Sector (ITU-T). The IEEE 802.11 standard and the subsequent 802.11b and 802.11g amendments all define communications in the frequency range between 2.4 GHz and 2.4835 GHz. This frequency range is one of three frequency ranges called as the Industrial, Scientific, and Medical (ISM) bands. The ISM bands are as follows:

*902–928 MHz (26 MHz wide)

*2.4000–2.4835 GHz (83.5 MHz wide)

*5.725–5.875 GHz (150 MHz wide)

The 900 MHz band is known as the Industrial band, the 2.4 GHz band is known as the Scientific band, and the 5.8 GHz band is known as the Medical band. All three of these bands are license-free bands and there are no restrictions on what types of equipment can be used in any of them. For example, a radio card used in medical equipment can be used in the 900 MHz Industrial band.

900 MHz ISM Band :- 

The 900 MHz ISM band is 26 MHz wide and spans from 902 MHz to 928 MHz. 900 MHz frequency range has already been allocated to the Global System for Mobile Communications (GSM) cellular phones.

Although the 900 MHz ISM band is rarely used for networking, many products such as baby monitors, wireless home telephones, and wireless headphones make use of this frequency range.802.11 radio cards do not operate in the 900 MHz ISM band, but many older legacy deployments of wireless networking did operate in the 900 MHz ISM band.

2.4 GHz ISM Band :-

The 2.4 GHz ISM band is currently the most common band used for wireless networking
communications. The 2.4 GHz ISM band is 83.5 MHz wide and spans from 2.4000 GHz to
2.4835 GHZ. Use of the 2.4 GHz ISM is defined under the original 802.11 standard as well
as two of the three major 802.11 networking amendments: 802.11 , 802.11b , 802.11g.

The 2.4 GHz ISM band is also used by microwave ovens, cordless home telephones, baby monitors, and wireless video cameras. The 2.4 GHz ISM band currently is heavily used and one of the big disadvantages of using 802.11b/g radios is the potential for interference.

5.8 GHz ISM Band :-

The 5.8 GHz ISM band is 150 MHz wide and spans from 5.725 GHz to 5.875 GHz. As with
the other ISM bands, the 5.8 GHz ISM band is used by many of the same types of consumer products: baby monitors, cordless telephones, and cameras.  The IEEE 802.11a amendment actually defines the use of the 5 GHz Unlicensed National Information Infrastructure (UNII) Bands. Due to the different FCC power requirements, the 5.8 GHz ISM band is a preferred spectrum for long distance wireless bridging.

Unlicensed National Information Infrastructure Bands (UNII) :-

The IEEE 802.11a amendment assigns data transmissions within the frequency space
of the 5 GHz UNII bands. The 802.11a amendment uses three groupings, or bands, of
UNII frequencies, often called as the lower, middle, and upper UNII bands. These three
bands are designated as UNII-1 (lower), UNII-2 (middle), and UNII-3 (upper). All three bands are 100 MHz wide.

The commonly used UNII bands are as follows:

*UNII-1 Lower 5.15–5.25 GHz
*UNII-2 Middle 5.25–5.35 GHz
*UNII-3 Upper 5.725–5.825 GHz



CISCO ISR-AX (Deliver Optimized Application Experience)

  • By the end of 2015 50% of CIOs expect to work on Cloud,90% of organization backhaul traffic through Data center and 2/3 mobile data traffic will be video
  • Current IT trend is more focus on Application, IT simplification and smarter business process

So to achieve all these the network should change from the traditional poor application performance, changing traffic patterns, limited visibility and control, network latency, insufficient resource utilization

Cisco’s Approach : One network with unified Services

  • Visibility
  • Control
  • Optimization
  • Security
  • Routing
  • Switching
  • VOIP

Cisco ISR G2 AX routers can be used for all the above mentioned features.

Cisco ISR-AX: Unified Services

Business Application run better

  • 50-70% bandwidth reduction
  • 2 X VDI sessions
  • Faster document processing

Network-Wide Visibility

  • Probe-less deployment
  • Wired/Wireless view of 1000+ Apps
  • Rapid root cause analysis

Any-to-Any Security

  • Simplified and scalable VPN
  • Comprehensive threat defense
  • Cloud Web security

What is inside?

Application Visibility and control

  • NBAR2
  • QOS
  • Media monitoring
  • WAN path Selection (PfR)

WAN Optimization

  • Application acceleration
  • TPC Compression
  • Data redundancy elimination


  • VPN encryption
  • IOS Firewall
  • Intrusion prevention
  • Cloud web security

Hardware for ISR-AX

  • SRE or Max DRAM
  • Option for UCS-E series Server

DC Consolidation without compromising Performance

Centralizing at DC -> Change Traffic Patterns + Bandwidth Congestion + Latency

Prioritize Apps

  • AVC shows which apps are impacting bandwidth; QoS policy can prioritize mission critical apps

Optimize path

  • WAN Path Control (Pfr) redirects non-critical traffic over alternative link to free up WAN lease line to the DC

Lower latency

  • WAAS automatically accelerates apps and optimizes traffic to minimize impact on the WAN

Enhance Visibility

  • L4 to L 7 Application monitoring
    • Cisco AVC with NBAR2 Provides Deep Packet Inspection at the Application Level

Isolating and Resolving App Performance Issues

  • View branch traffic using Prime or 3rd Party tools; visualize application traffic using AVC with NBAR2, Netflow and HTTP URL extraction
  • Create QoS policy with Prime to restrict noncritical apps and deploy across all branches with ISR-AX
  • WAAS Natively Accelerates Citrix VDI Zero-touch Deployment, Auto-Interop W/ICA Encryption and Compression

Reduce BYOD Impact On Enterprise WAN

BYOD impact

iCloud      –  2 – 3 X increase in WAN consumption

Email Sent to tablet – Email Sent to Smartphone – Email sent to PC –> Multiple request for same data

Reducing BYOD Traffic On the WAN

Wireless Visiblility

  • AVC with FlexConnect can identify wireless traffic on the WAN

Consistent Policy

  • QoS can minimize impact of non-critical business traffic

Wired/Wireless Optimization

  • WAAS with FlexConnect can optimize BYOD traffic to lower bandwidth traffic and improve user experience


For more details :

For ordering information :  Ordering Guide


RF Components:-

There are many components which contribute to the successful transmission and reception of an RF (Radio Frequency) signal. To understand the function of the components, it is important to know how the strength of the Signal is specifically affected by each of the components.


The transmitter is the initial and important component to create a wireless medium. The computer hands the data off to the transmitter, and it is the transmitter’s work to begin the RF communication.

When the transmitter receives the data, it will begin generating an alternating current (AC) signal. This AC signal determines the frequency of the transmission.

The transmitter will take the data provided and modify the AC signal using a modulation technique to encode the data into the signal. This modulated AC signal is now a carrier signal, containing the data to be transmitted. The carrier signal is then transported either directly to the antenna or through a cable to the antenna.

To generating a signal at a specific frequency, the transmitter is responsible for determining the amplitude, or what is more commonly referred to as the power level, of the signal. The higher the amplitude of the wave, the more powerful the wave is and the further it will travel.


An antenna provides two functions in a communication system.When it connected to the transmitter, it collects the AC signal that it receives from the transmitter and directs, or radiates, the RF waves away from the antenna in a pattern specific to the antenna type. When connected to the receiver, it takes the RF waves that it receives through the air and directs the AC signal to the receiver. The receiver converts the AC signal to bits and bytes.

The important signal that is received is much less than the signal that is generated. This signal loss is analogous to two people trying to talk to each other from opposite ends of a football field. Due to distance alone (free space), the yelling from one end of the field may be heard as barely louder than a whisper on the other end.

The signal of an antenna is usually compared or referenced to an isotropic radiator.

An isotropic radiator is a point source that radiates signal equally in all directions. The sun is probably one of the best examples of an isotropic radiator. It generates equal amounts of energy in all directions. Unfortunately, it is not possible to manufacture an antenna that is a perfect isotropic radiator. The structure of the antenna itself influences the output of the antenna; similar to the way the structure of a light bulb affects the bulb’s ability to emit light equally in all directions.

There are two ways to increase the power output from an antenna:-

* First is to generate more power at the transmitter.

*The other is to direct, or focus, the RF signal that is radiating from the antenna. This is similar to how you can focus light from a flashlight. If you remove the lens from the flashlight, the bulb is typically not very bright and radiates in almost all directions. To make the light brighter, you could use more powerful batteries, or you could put the lens back on. The lens is not actually creating more light. It is focusing the light that was radiating in all different directions into a narrow area. Some antennas radiate waves as the bulb without the lens does, while some radiate focused waves as the flashlight with the lens does.


The receiver is the final component in the wireless medium. The receiver takes the carrier signal that is received from the antenna and translates the modulated signals into 1’s and 0’s. It then takes this data and passes it to the computer to be processed. The job of the receiver is not always an easy one. The signal that is received is a much less powerful signal than what was transmitted due to the distance it has traveled and the effects of free space path loss. The signal is also often altered due to interference from other RF sources and multipath.

Intentional Radiator (IR)

The FCC Code of Federal Regulations (CFR) defines an intentional radiator (IR) as “a device that intentionally generates and emits RF energy by radiation or induction.”

Basically, it’s something that is specifically designed to generate RF as opposed to something that generates RF as a byproduct of its main function, such as a motor that incidentally generates RF noise.

Regulatory bodies such as the FCC limit the amount of power that is allowed to be generated by an IR. The IR consists of all the components from the transmitter to the antenna but not including the antenna. The power output of the IR is thus the sum of all the components from the transmitter to the antenna, again not including the antenna.

The components making up the IR include the transmitter, all cables and connectors, and any other equipment (grounding, lightning arrestors, amplifiers, attenuators, etc.) between the transmitter and the antenna. The power of the IR is measured at the connecter that provides the input to the antenna. Since this is the point where the IR is measured and regulated, we often refer to this point alone as the IR. Using the flashlight analogy, the IR is all of the components up to the light bulb socket but not the bulb and lens. This is the raw power, or signal, that is provided, and now the bulb and lens can focus the signal.

Equivalent Isotropically Radiated Power (EIRP)

>> Read More

Inter-VLAN Routing with cisco Layer 2 Catalyst 2960

A couple of days ago I was looking for information about SDM Templates on Cisco online documentation and to my biggest surprise I saw the following command sdm prefer routing-lanbase. I concluded that the Cisco 2960 can do routing and surprisingly, it works out pretty well.

Now the question is How to enable routing on a 2960 series?

To enable routing we need two things. Firstly activate the functionality sdm prefer lanbase-routing and subsequently enable ip routing.

Switch(config)#sdm prefer lanbase-routing
Changes to the running SDM preferences have been stored, but cannot take effect until the next reload. Use ‘show sdm prefer’ to see what SDM preference is currently active.
Switch#reload                 (save and reload the switch)

System configuration has been modified. Save? [yes/no]: y
Proceed with reload? [confirm]

Note:- after reload the switch dont forget the command “ip routing”

But there’s a notable thing …it does NOT support RIP, OSPF, EIGRP, BGP, or routed interfaces.  It ONLY supports 16 static routes with SVIs.

Now you are ready to configure Inter-Vlan Routing on your  Layer 2 switch.


iSCSI is good – for now

iSCSI is a good transitional technology. The common perception is that it offers a low-cost way to build a SAN on commodity ethernet components and will be successful in the SMB market. This is true but I actually see the biggest benefits in large datacenters that have hundreds and even thousands of nodes on their storage networks.

The problem with Fibre Channel is that it was never finished. The industry built a physical and a data link layer and then never went any higher in the stack (think back to the seven-layer ISO protocol stack). So, with FC you can build small SANs but, once you go beyond a few dozen nodes, and want to do things like reprovisioning and application migration, it becomes a nightmare. Administrators have to work across three or more different namespaces that have to be administered at separate UIs for app servers, switches, and storage servers. Users and applications care about file system and data and server names. Then that has to be mapped to mount points (e.g. /dev/…) and LUNs. Finally, what the poor SAN administrator has to work with are physical node WWIDs that have to be recorded and copied across the management UIs for hosts, switches and servers.

One of the benefits of moving to an IP SAN is you can leverage all the automated and centralized services such as DHCP, LDAP, SLP, etc. These aren’t just aids to help manage the complexity like SAN management SW (which doesn’t scale beyond a hundred nodes or so), these truly automate the complexity through central services. With iSCSI you can plug-in a new compute blade and it can query a DHCP server to not only get an IP address, but also get the location of it’s boot LUN. Then, it can query an LDAP server to get the list of LUNs to mount. No scanning of LUNs, or zoning to restrict the set of visible LUNs. The DHCP and LDAP servers automated the process, are managed centrally, and are configured based on human-readable names.

The increased scaleability of IP SANs is especially beneficial for data centers that are moving to scaleable rack servers. In addition, many of these blade/rack servers have enough IP ports built-in that they are ready to connect right out of the box. The Sun/AMD blades come with four ethernet ports. There is no need to buy and install a separate SAN adapter. For server vendors, the percent of users who attached to FC has never justified putting FC HBAs on the motherboard they way they do with SCSI(SAS) and ethernet.

A benefit of using iSCSI on this IP SAN is it requires the minimum servers changes from what is used on today’s SANs. SAN admins can still run their favorite local filesystem, volume manager, and multipath driver. Admins can get comfortable with the changes in the transport before making these changes in the server stack. BUT, eventually the benefits of new versions of NFS, and the ability to perform critical data management in the centralized storage servers become too compelling. This is why iSCSI is an important technology, a big improvement over Fibre Channel, but still another step in technology evolution and anyone moving to iSCSI should do so as part of a long-term plan towards NAS.


Build Your Cloud with Cisco – OpenStack

Cisco also offers a collection of installation and deployment packages to simplify configuration and operation of OpenStack on UCS B-Series and C-Series hardware. These open source packages and scripts install all OpenStack components and configure them automatically using a centralized configuration controller (Cobbler) executing Puppet automation scripts. Additional monitoring is provided through the use of Nagios, Collectd and Graphite.

Cisco OpenStack Installer is a packaged reference version of OpenStack provided by Cisco free of charge and as open source software for the community. Cisco OpenStack Installer provides automated deployment of:

  • Core OpenStack Components: Cisco OpenStack Installer generally provide unmodified OpenStack code. Cisco generally follows the latest community stable releases, but may opt to provide more recent patches that have been accepted into the OpenStack stable branches but have not yet become part of an OpenStack stable release. Cisco OpenStack Installer provides all OpenStack core components.
  • OpenStack Client Libraries: Cisco OpenStack Installer generally provides the most recent release of each OpenStack client library (e.g. python-quantumclient, python-novaclient, etc) unless doing so causes testing to fail. In such cases, we will generally back down to the latest release that doesn’t cause problems in testing.
  • Cobbler: Cisco OpenStack Installer installs and sets up Cobbler in order to provide baremetal provisioning of physical servers in the OpenStack cloud.
  • Puppet modules for deployment and configuration management: Cisco OpenStack Installer installs and configures OpenStack components and their related underpinnings via Puppet. Our core OpenStack Puppet modules are generally point-in-time versions of those found on StackForge, where Cisco actively contributes code and reviews. Our policy is to contribute code upstream to StackForge first and absorb patches into Cisco OpenStack Installer after they have been accepted upstream. We generally deviate from this policy only when patches are unlikely to be reviewed and accepted upstream in time for a release or for a customer deadline (in such cases we apply the patches to our repositories, submit them upstream, and back the local change out in favor of the upstream version when it becomes accepted). We also use and contribute to modules from other upstream sources including Puppet Labs.
  • Open source monitoring tools: In order to provide a system that can be managed once installed, Cisco OpenStack Installer provides simple open source monitoring tools as a reference monitoring system. These include NagiosCollectd, and Graphite. Each tool provides simple health monitoring or trending information on the physical nodes and important software services in the OpenStack cloud.
  • Storage Systems: As an option, users may choose to have Cisco OpenStack Installer deploy the Ceph storage system. Ceph can be used as a backend for Glance, a backend for Cinder, or as a standalone storage service. Ceph support was initially introduced in Cisco OpenStack Installer g.1 and was improved in g.2. Swift object storage is also available.
  • High Availability tools: As an option, users may choose to have Cisco OpenStack Installer deploy their OpenStack cloud with active/active HA for all major functions and important underpinning components. When deploying the high availability reference architecture, Cisco OpenStack Installer provides additional components such as MySQL WSREP and GaleraHAProxy, and Keepalived.


The Cisco OpenStack Installer is qualified on:

  • Ubuntu 12.04 LTS serves as a base operating system.
  • KVM serves as the hypervisor.
  • Cisco UCS C-Series and B-series Servers serve as physical compute/storage hardware.
  • Cisco Nexus Switches provide physical networking.
  • OpenStack Quantum provides the network services for the OpenStack cloud. Users may select a variety of Quantum setup options, including support for OVS in GRE tunneling mode, OVS in VLAN mode, the Cisco Nexus plugin, and provider networks.

A step by step installation & Configuration guide can be found here –

NAT failover with DUAL ISP on a router with Policy Based Routing


WAN Failover and Load Balancing allows you to designate the Router interface or one of the user-assigned interfaces as a Secondary or backup WAN port. The  secondary WAN port can be used in a simple active/passive setup, where traffic is only routed through the secondary WAN port if the primary WAN port is down and/or unavailable.

This is an generic example of how to configure NAT when there are multiple ISP’s for internet connectivity and we want proper Failover we can say that when Primary ISP goes down then Secondary takes over with correct NAT happening using the secondary ISP’s public ip address.  For dia-gram please go through this url

Small business with a single router (i.e Cisco 1900/2800/2900 ISR), has two ISPs, and would like to use one ISP as the main provider, and the second ISP as a backup in case the first one fails.


Here i am going to post only Home Router confiugation which is used in Lab invironment as HOME.RTR for detail click on mentioned url.

1) Configure each WAN interface to connect to each ISP, respectively:

interface FastEthernet0/0
description Primary-Wan
ip address
ip nat outside

interface FastEthernet0/1
description backup-Wan
ip address
ip nat outside

2) Create the Route Maps that will be used for NATting traffic:

route-map backup permit 20
match ip address internet
match interface FastEthernet0/1
route-map primary permit 10
match ip address internet
match interface FastEthernet0/0

3) Configure Lan interface

interface FastEthernet1/0
ip address
ip nat inside

Note: ACL internet allows traffic from the LAN.

ip access-list extended internet
permit ip any any


4) Configure the two NAT statements required so that either interface can provide NATting, out each respective WAN interface:

ip nat inside source route-map backup interface FastEthernet0/1 overload
ip nat inside source route-map primary interface FastEthernet0/0 overload

5) Update your static routes:

ip route 10
ip route 20

6) Create an EEM Script for automatically clear ip nat translatoin :

Introduction Embedded Event Manager

Cisco IOS Embedded Event Manager (EEM) is a powerful tool integrated with Cisco IOS Software for system management from within the device itself. EEM offers the ability to monitor events and take informational, corrective, or any desired action when the monitored events occur or when a threshold is reached. Capturing the state of the router during such situations can be invaluable in taking immediate recovery actions and gathering information to perform root-cause analysis. Network availability is also improved if automatic recovery actions are performed without the need to fully reboot the routing device.

For example if we talk about our topology there are two ISPs which configured on router as f0/0 and f0/1 these are natted suppose traffic is going through f0/0 (primary) if it becomes down or unavialable so our router will take much time to switch over to another interface f0/1 (secondary) to avoid this we have to configure EEM and have to specify when interface will goes down this EEM script will automatically run a command “clear ip nat translation *”

Commands will be

event manager applet CLEARNAT1
event syslog pattern “LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down”
action 1.0 cli command “enable”
action 2.0 cli command “clear ip nat translation *”
event manager applet CLEARNAT2
event syslog pattern “LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down”
action 1.0 cli command “enable”
action 2.0 cli command “clear ip nat translation *”





Overlay Networking

How to integrate Overlay Networking and the Physical Network An overlay network uses modern tunneling protocols to connect software Network Agents in Hypervisors or Operating Systems. Today, these Network Agents are little more than “robot patch panels” (you probably call … Continue reading

More Galleries | 1 Comment

Why is Data Leak a Concern?

Why is Data Leak a Concern? This is what customers are telling us about Data Leaks.
• Loss of Sensitive Information
“I don’t know how we can control data from being sent in email or uploaded to the Web.”
• Inadvertent Misuse
“Most of our policy violations and information breaches are accidental!”
• Collaboration Risk
“I think some of my employees are posting and sharing confidential information on Social Networking Site like Facebook.”
• Context Sensitive
“My current Data Leak Prevention System causes a lots of false positive and block data as it is unable to understand the Web application.”
• In-depth Visibility
“Need in-depth visibility on the sensitive data that my employees are uploading. Would be wonderful, if it could give this information in a readable format.”
• Data Leak outside Network Perimeter
“What happens when my employees carry their laptop while travelling. Need to control and prevent leaks even when they are out of office.”