Remote-access Guide

meraki remote access point

by Sarai Wilkinson Published 3 years ago Updated 2 years ago
image

See more

image

What does a Meraki access point do?

All Meraki MR access points support certain cloud-based features, like stateless firewalling, Layer 3 and Layer 7 application traffic shaping, wireless intrusion detection and prevention, Location Analytics, support for up to 15 unique SSIDs, and automatic RF channel optimization.

Do Meraki access points need a controller?

Every Meraki wireless access point is built with the packet-processing resources to secure and control its client traffic without need for a wireless LAN controller.

What is the range of a Meraki access point?

Barring physical obstruction and radio interference, Cisco Meraki access points equipped with omnidirectional antennas typically reach 100 meters. Directional antennas (sometimes called "panel antennas") greatly extend range by concentrating power in a single direction.

How do I access Meraki access point?

Browse to dashboard.meraki.com and login to Dashboard. Navigate to Wireless > Monitor > Access Points and click the name of the AP you would like to configure. On the device status page, click the Edit icon to the right of the current IP information to expand the configuration for that device.

Is Meraki better than Cisco?

Intuitive Interface: The Meraki cloud interface is more intuitive, easier to configure, and has more enhanced feature functionality than the Cisco WLAN Controller interface.

How many clients can a Meraki AP handle?

Cisco Meraki APs have been deployed and proven in the most demanding environments, supporting more than 100 users per AP and collectively serving hundreds of Megabits per second of user traffic to thousands of devices.

Does Meraki have a wireless controller?

As the world's first hosted wireless LAN controller, the Meraki Enterprise Cloud Controller eliminates the cost and complexity of traditional hardware-based wireless controllers.

How many square feet can an access point cover?

Based on outdoor WiFi signal propagation, an access point can easily cover 10,000 square feet but we are going to use our standard 1600 square feet per access point number from above.

How do I increase Meraki signal strength?

To adjust the power levels on one of these profiles, click the Edit button associated with the relevant profile. Scroll down until you find 2.4Ghz Radio settings and then locate the Radio transmit power range (dBm) slider bar. Adjust both ends of the bar to the desired values.

How do I connect to Meraki?

Adding Devices and LicensesWithin the Meraki dashboard, navigate to Organization > Configure > Inventory using the left-side navigation bar.In the box next to the blue Claim button, enter order numbers, one per line. If this box does not appear, devices were added already. ... Choose Claim.

How does Meraki Wi-Fi work?

In a wireless mesh deployment, multiple APs (with or without Ethernet connections) communicate over wireless interfaces to form a single network. This wireless communication between APs is called Mesh Networking. Meraki's mesh networking functionality is automatic, self-healing and available on all Access Points.

Is Cisco Meraki a router?

The Cisco Meraki MX64 is an integrated router, next-generation firewall, traffic shaper, and Internet gateway that is centrally managed over the web.

Does Meraki have a wireless controller?

As the world's first hosted wireless LAN controller, the Meraki Enterprise Cloud Controller eliminates the cost and complexity of traditional hardware-based wireless controllers.

Can you have both Cisco on premises and Cisco Meraki?

Meraki is cloud-managed. Cisco WLC is on-premise managed. Both are independent and cannot be integrated with each other.

What does Meraki MR42 do?

The Cisco Meraki MR42 is a four radio, cloud-managed 3x3 MU-MIMO 802.11ac Wave 2 access point. Designed for next-generation deployments in offices, schools, hospitals, shops, and hotels, the MR42 offers performance, security, and simple management.

What is the range of Meraki mr36?

5.470-5.600, 5.660-5.725 GHz (UNII-2e)

Give employees access. Give yourself a break

Our best-in-class technologies bring the difficulties of remote work to an end.

IT barriers down. Productivity up

A better remote work experience starts with a better IT cloud platform.

How does a client VPN work?

Client VPN creates a tunnel from the client and forwards all VPN traffic through that tunnel to the MX. The MX will then forward the traffic towards the destination. Each client that connects is placed on the subnet specified for Client VPN devices.

Does SSID work with VPN?

The wireless client will connect to the SSID like a standard wireless network, authenticate if necessary (WPA2-PSK, or 802.1x), and all traffic , or only VPN specific traffic (i.e. Split Tunnel VPN), will be sent through a VPN tunnel to a concentrator.

What is Meraki AP?

A Meraki AP at a remote site establishes a layer 2 connection using an IPSec-encrypted UDP tunnel back to the corporate LAN. Tunnels are established on a per SSID basis, and terminate at headquarters on a Meraki MX security appliance.

What is a VPN for teleworkers?

Teleworker VPN can be used to connect small branch offices (<5 people), teleworker or executive home offices, temporary site offices (eg. construction sites) and traveling employees on the road back to the corporate LAN and provide access to corporate resources back at headquarters.

Can Meraki AP tunnel?

Both wireless and wired client traffic at the remote site can be tunneled. Wired clients connected directly to a Meraki AP can have their traffic tunneled.

Can Meraki Cloud connect to a NAT?

Since most corporate LANs are located behind a firewall and NAT, the Meraki Cloud can negotiate a connection between the remote AP and the MX across a NAT, or a manual port-forwarding method can be used to establish a connection.

How to remotely access a desktop?

Navigate to Systems manager > Monitor > Remote desktop, or select the client from the Monitor > Devices page and select 'Remote desktop' from the live tools section .

What is remote desktop?

The live tool version of the Remote Desktop tool uses Websockets over HTTPS to the Dashboard backend. The traffic from the backend to the device uses a second SSL tunnel alongside the main SSL tunnel used for regular agent/backend communication. On the client itself, there is a connection between the VNC server and the tunnel (bound to localhost and therefore only accessible on the local computer) that is using plain VNC, which is unencrypted except for the initial password handshake.

What is AP.meraki.com?

Both ap.meraki.com and my.meraki.com are locally-hosted sites useful for configuring an AP when it cannot reach the Meraki Cloud. This is often seen on a static, non-DHCP network or when there are strict firewall rules. After a Cisco Meraki access point (AP) has lost its connection to the Internet but is still receiving power, it will broadcast a default service set identifier (SSID) that can be connected to for administrative tasks.

What is the Meraki status page?

Most Cisco Meraki devices have a local status page that can be accessed to make local configuration changes, monitor device status and utilization, and perform local troubleshooting. This article provides instructions on how to access the local status page, functions/information available on it, and how to manage access.

How to access MR devices?

To reach MR devices, the client must be wirelessly connected to the AP (using a configured SSID or the "meraki-setup" SSID), but MS and MX devices can be accessed by any device with access to their LAN IP. This is done by entering the LAN IP address in the URL bar of a web browser. Additionally, each device can be accessed by DNS name from a client whose traffic passes through it by browsing to the following URLs from the client. This can be useful for determining which AP/switch/firewall a client's traffic is going through to reach the internet.

What is the status page of a device?

Every device's status page includes useful information about the status of the device, limited configuration options (such as setting a static IP), and other tools. This section will cover what is available for each device.

Does MS390 have a dedicated port?

Note : MS390 does have a dedicated management port however, in the scenario where you are not able to access the local status page, please configure the above static settings on your device to get to the local status page. Most MX models have a dedicated management port used to access the local status page.

Does a physical management port stay active?

Note: If your device has a physical management port, it will always remain active regardless of the value of this setting.

Can you switch SIM card on MG41?

The MG41 also provides an option to switch the SIM slot. If there is more than one active SIM card, its possible to set the APN settings for the standby SIM card in advance. If the primary SIM card needs special/private APN settings which is different from what the MG41 is currently using, then the override primary SIM setting can be used to override the necessary APN.

Meraki vMX100

Consider standing up a virtual firewall appliance like the Meraki vMX100. Most organizations have compute resources available in the data centers. An organization can stand up a Meraki virtual MX100 security appliance as a new virtual machine in their data center in hours and start serving remote access VPN users almost immediately.

Meraki Systems Manager Push Button VPN (Sentry)

Meraki customers who have deployed Meraki MX security appliances, with the addition of Meraki Systems Manager, can have everything needed to build a turnkey VPN solution. Pairing an MX with Systems Manager adds a number of powerful security features Meraki calls Sentry.

What is SSID for Teleworker VPN?

An SSID that is configured for teleworker VPN can be configured in two different traffic handling modes Full Tunnel and Split Tunnel. The split tunnel feature can route selected traffic over the VPN and route all other traffic to the local network upstream (and to the Internet).

What port does MR use?

In an example, MR dynamically chooses UDP source port 39199 with source IP 192.168.2.3. MR then sends a Registry-Request packet to the VPN registries. The source IP gets of packet gets rewritten to the upstream NAT firewall's outside IP which is 76.126.47.131.

What happens after SSID is configured to tunnel traffic to an MX concentrator?

1. After an SSID is configured to tunnel traffic to an MX concentrator, both the MR and MX send Register-Request packets to Meraki VPN registries.

What is 802.1x authentication?

WPA2-Enterprise uses 802.1x to secure the wireless network. There are three pieces to 802.1x authentication; a supplicant , an authenticator, and an authentication server. Other operating modes like Bridge Mode and NAT Mode, the AP assumes the authenticator. SSID configured for VPN Concentrator and concentrated Layer 3 roaming SSIDs will pass the authenticator role to the VPN Concentrator.

How to configure SSID on VPN?

1) Configure the SSID on the Access Control Page to either Layer 3 Roaming or VPN Concentration. 2) Select the MX security appliance concentrator that exists within the same Dashboard organization . 3) Optional: Configure a specific VLAN to terminate the SSID on at the VPN concentrator.

When this first UDP packet sent by the MX reaches the MR's NAT firewall, is it?

When this first UDP packet sent by the MX reaches the MR's NAT firewall, it is allowed because it matches a previously established outbound session (established in #3) in the NAT table, so it is forwarded to the MR on the LAN.

Can a second MX be paired with a HA?

To increase reliability, a second MX security appliance can be paired in HA mode. In the case that the primary MX becomes unreachable from the Meraki Cloud, the Access Points will failover to the HA standby MX.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9