Meraki Can Be Enterprise

Tom, aka Networking Nerd, recently made a post about Meraki not being a large enterprise solution so as a fan of the “Tenth Man Rule” I’ve decided to write about why Meraki CAN be used in a large enterprise.

What defines a large enterprise network? Is it 10 infrastructure devices? 20? 30? 100? It’s hard to tell what truly defines an enterprise network as large and part of this discussion so let’s just discuss this in terms of ANY enterprise network shall we?

Outer Edge

At the edge of Meraki we have UTM devices with very similar features to that of Watchguard and even ASA devices. We have a pretty strong firewall device with port forwarding rules, geo based rules, hot standby, pretty sweet site to site VPN that I personally feel outshines DMVPN solutions, client VPN solutions, and an easy to use configuration platform.

Core / Distribution

Meraki has switch options as well, ranging from small 8 port desktop switches up to 48 port L2/L3 switches as well as 24/48 port aggregation switches. These switches feature LACP support, MAC whitelist, 802.1X authentication, port schedules, and Voice VLAN support. I could potentially support a fairly large building with the agg switches in the MDF, and L2 distribution switches in each closet. The switches can also provide PoE  for Access Points, IP Phones, IP Cameras, etc.

Wireless

Now we get to the part of the network that is dear and near to me: wireless. I think Meraki takes a lot of flak when it comes to wireless because of their simple to use mentality. At the end of the day Meraki supports a lot of what we need to successfully deploy an enterprise grade network. In the past I was critical about not having external antenna support, I was always directed to use the outdoor APs which were not as aesthetically appealing as their indoor brothers. This has changed with the MR72 which is an 802.11ac outdoor AP that closely mimics the MR32/34 body style but has a little more junk in the trunk to support the external antenna connectors. Meraki supports additional roaming standards such as 802.11r as well which is a key feature to high density enterprise grade networks.

What Doesn’t it Do?

OK, no article would be complete without pointing out the statements that yes I have made and others do as well. When it comes to wireless we are very limited in what we can do with the data rates for example. We don’t have as precise control as we do on a Cisco solution for example. There is no “physical” switch stacking, only the virtual which logically combines in the dashboard. A clear lack of support for IPv6.

Does That Matter?

Honestly, I think it just means you need to design your infrastructure slightly different. When it comes to the physical stacking aspect we just need to allocate our switch ports differently when doing counts. We have the ability to reduce some of the lower data rates which helps, the rest is just properly designing an RF solution around your requirements and your device limitations, something we always have to do anyways. And finally IPv6 (Ed Horley is going to hate me if he reads this) doesn’t matter! I fully agree that IPv6 support is getting to a critical point on UTM / outer edge devices, but I could care less about IPv6 inside the network. I have only had 1 customer ever ask me to design a network that FULLY supports IPv6. This will change in a year or two and by then I’m sure Meraki will support it.

Finally, My Take…

Go for it. I’ve seen a lot worse deployed in enterprise networks! At the end of the day it comes down to design. We as network architects, engineers, consultants, whatever, are hired to help create the best network we possibly can within the parameters we are given. Would I lead with a traditional Cisco solution? Most likely, but I will certainly always entertain the idea of using Meraki. After all, the Meraki HQ is running off of their own hardware and their building would qualify as a large enterprise in my eyes.

1 Comment

  1. Welles8080 July 13, 2015 at 2:01 pm

    You nailed it …. “Honestly, I think it just means you need to design your infrastructure slightly different”

Leave a Reply