This will be a quick guide on configuring your Meraki Wireless Access Point to tag users in specific VLANs according to what AD group they are in.
In this example I will assume the following:
- You have a department called Sales (VLAN 10)
- You have a department called Technical (VLAN 20)
- These VLANs are already set-up
- You are using Windows Server RADIUS/NPS (Network Policy and Access Services) – if you have not configured a RADIUS server for the Meraki AP, watch this blog for an update in the near future as I will post a how-to for this)
The Cisco Meraki range of products are really quite cool and changes the way you, as a sysadmin, think about network connectivity, management, troubleshooting and configuration in your organisation.
Meraki products are managed (almost) completely via Meraki’s Cloud Controller platform via the web. What this means is that 99% of the management can be done where-ever you have access to the internet; including the mobile app which in its current state, allows you to perform basic troubleshooting steps and analytics of the network.
That means you can be sitting at home whilst configuring your office network’s closet switches.
Any configuration changes made in the Meraki Cloud Controller (MCC) are immediately pushed down to the device via SSL as soon as the device has network connectivity. This means that you could even start configuring the devices as soon as you have ordered them, plug them in when they arrive and they will immediately fetch the config – in fact this is how I configured the access points I deployed at my organisation.
Also, an important note to make here – the Meraki range of products will continue to run on it’s existing config even if the product loses internet connectivity or is otherwise unable to contact the MCC.
The MCC interface is the heart of all config management, troubleshooting and network analytics. You can do a lot from this interface – from looking at Layer 7 application analytics per user to packet capture exports to scheduling over the air firmware updates. I definitely recommend looking at the training material as a lot of what I have said above is demonstrated graphically via webinars at the following URL:
In summary, I believe sysadmins need to watch this area for rapid development as I believe this type of management and deployment of network connectivity is only just the beginning of something very interesting.
Cisco Meraki is a whole new game changer for sys admins – it adds a completely different perspective to ‘Cloud’ managed devices. I will be trialling out the Meraki suite of devices & services for my organisation and hopefully blog about it in the near future!
In the mean time, if you want to try out a Meraki WAP, see below!
IT professionals can receive a FREE Cisco Meraki access point (AP) with a 3-year cloud management license.
While Cisco Meraki webinars are open to all audiences and while APs may be offered at live events, to be eligible for a free AP, participants must:
Attend the live event or the live webinar in its entirety
Enter a valid company name
Be an IT professional
Register with a shipping address in the US, CA, UK or the rest of the EEA, Croatia, Switzerland, Australia, New Zealand, or Puerto Rico. We cannot ship free APs outside of these regions, and cannot ship to post office boxes.
European countries require a valid VAT ID for shipment
Register with their organization’s email address
Confirm eligibility and shipping address with a Cisco Meraki representative by phone
If you are unable to accept your AP due to restrictions, (e.g., Erate), we will be happy to provide you with a trial AP, which can be returned following your evaluation of our solution
As APs are provided as an educational tool to those new to the Cisco Meraki platform, individuals and organizations who have received a free access point through other promotions are not eligible. Limit one free AP per organization and per individual. Due to abuse, we cannot provide free access points to individuals who register with yahoo, gmail, hotmail, and other similar email addresses.
This weekend we had an electricity inspection so all equipment in the office needed to be powered down. Fast forward a few hours after I had gracefully shutdown all the servers and network devices, the inspection was complete and it was time to power everything back on again.
So I started to power on the virtual machines one by one in the correct sequence and once I thought I was done, I took a little break.
Very recently out of no where I couldn’t log on to my WordPress Blog and was presented with an ‘Invalid Integration’ error.
I noticed this happen soon after the automatic WordPress upgrade from 3.8 to 3.8.1 so I am suspecting the upgrade as the cause but have no evidence to back that up.
Luckily there is a very easy fix to this problem. Simply FTP (or whatever protocol you desire) in to your server and locate the blog/wp-content/plugins folder and rename the duo-wordpress folder to something else (like duo-wordpress-old)
You should now be able to log-in.
Now, rename the folder back to what it was before and on the WordPress web interface,uninstall the plug-in completely.
Unfortunately, as of this post (28/1/2014), re-installing & integrating the plug-in does not actually fix the issue so you may need to live without 2FA for a while (or alternatively, use another provider)
The problem may be something specific to my set-up but just in case others are having the same/similar issues, I hope this helps you!