It’s not often that I use technology that is an actual pleasure to work with. #Equallogic is at the top of that list, but now I have a new one: #Meraki
So, they first suck you in with their very nice (free!) MDM. MDM stands for mobile device management (i.e. visibility/management into your iPhones/pads/andriods etc…)
Then just for watching a webinar they will send you a free Access Point. So we pull it out of the box and have that sucker configured in about 20 minutes! We did run into an interesting hiccup though, the AP is able to provide multiple SSID’s so you can have one for an internal network, and another for a guest network that can just get to the Internet Etc… We configured the guest network and choose the setting to disallow access to the local LAN… well we have a very screwy ip scheme so the default “LAN Isolation” Link didn’t work for us,
When your turn on the option labled ” Prevent users from accessing your LAN?”, which enables a feature sometimes referred to as “LAN Isolation”, the following configuration is applied to your Meraki network:
- Any traffic from a client to the following IP ranges is silently dropped: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
- The above applies to all traffic except DNS requests – they are passed regardless of the destination IP address
Note that the above configuration does suggest some situations in which Meraki users might be able to access your LAN – for instance, if devices in your LAN are configured with IP addresses that are outside the above ranges, the Meraki network will route traffic to those destinations.
So to fix it, I just added an additional Deny Policy on the layer 3 firewall rules, and used CIDR notation to specify the Destination.
The meraki interface is very clean and mainly logical. You can feel the google heritage (especially the nicely added two factor authentication!)
I look forward to the iphone app since I am assuming this will provide much better GPS location data for the devices.