Wednesday, January 8, 2014

Cisco Meraki MX60W review



1)Intro
2)Features
3)Key Feature Tour
4)Setup
5)Wireless configuration
6)Throughput tests (Wireless/Wired)
7)Mixed connections stress test
8)Closing Notes

Intro: The Meraki MX60W is a enterprise level office security appliance that is a robust full featured enterprise router/firewall that is affordable for small to medium businesses, has lots of features, is cloud managed so it can be controlled and administrated from any computer with an internet connection, and can tolerate a lot of heavy usage that enterprises require. 

Features: The MX60W features the following:

1) Stateful firewall supporting 20 concurrent users @ 100Mbps
2) Layer 7 firewall controls with tons of site blocking presets to help block against P2P, sports, social media, video streaming sites and more as well as custom hostnames and expressions.
3) 4 wired Gigabit LAN ports
4) 3 x 3.5dBi  dual band external SMA antennas with 30dBm (1W!) output power for great wireless coverage and can also be upgraded for even better range.
5) Up to 4 WLAN SSIDs with configurable VLANs for each one providing more security then standard guest networks
6) Dual band 2.4Ghz or 5Ghz operation with 3 x 3 MIMO connectivity at up to 450Mbps
7) Full VLAN configuration that’s easy to do and you can easily define firewall and bandwidth shaping policies to each one. 
8) Per port VLAN
9) Full and extremely detailed traffic shaping (QoS) and firewall controls
10) Full client connectivity details and monitoring. You can even see what websites or applications the client has used in real time. You can even check signal strength and the Operating System of each client. 
11) Network wide bandwidth monitoring. You can see how much bandwidth all clients in the network are using as well as the WAN interface. 
12) Fixed and DHCP client address assignments
13) Cellular 3G/4G failover via the USB port with seperate firewall and traffic shaping
14) Fully customizable user/group policies so you can configure SSIDs to use Meraki authentication instead of WPA2 keys. 
15) With group policies you can define per-user limits such as firewall rules, traffic shaping, etc. 
16) Self configuring site-to-site VPN
17) WAN uplink selection based on traffic type
18) Automatic firmware upgrades
19) SNMP and you can monitor it with PRTG as well. 
20) And lots more


Key Features Tour:



Let's take a look at the really helpful status page that tells us all our connected client status as well as total WAN bandwidth on one handy screen:

Please click image to enlarge

Next, you can drill down on each of those links to get very detailed info on each client:
You can even setup port forwarding and firewall options from here!



Please click image to enlarge
Let's take a look at the really helpful Traffic report page that tells us what uses the most traffic on the network:

Please click image to enlarge

This area you can hunt down rouge access points where people use to steal logins, and other data masquerading as one of your access points. From this screen you can take action against this:


Please click image to enlarge
Robust firewall controls that are easy to configure:

Please click image to enlarge






Setup: The Meraki MX60W was very easy to setup and you can actually configure it before you even get it! When you order one you are given a claim code. You would then create an account on meraki.com and then when you add the device to the inventory you enter the claim code and you can dive right in and configure your network before the MX60W arrives and all you gotta do is plug it right in and it configures itself! Very nice!

1) Power brick was very thoughtfully designed. It has the brick inline like a laptop’s power connector rather then it being on the plug itself so you don’t have to block an outlet on your power strip/UPS!
2) It took a while for it to configure itself over the WAN. It took about 4 to 5 minutes and it restarted itself a few times. 
3) It had no issues with our cable modem connection and configured itself well.
4) Since the setup was pre-done over the cloud our network picked right back up and there was no delay in accessing our stuff due to having to redo IP configs.
5) Setting up stuff like guest networks is different then consumer class routers. Those are done by creating VLANs so this was done later and not before the router arrived. I did create an SSID before the router arrived though so some clients can connect right away. 






Wireless Configuration: The MX60W has a very different wireless configuration then consumer class routers. Guest networks are handled by creating a VLAN for the Guest SSID. Go to “Configure>Addressing and VLANs>”enable VLANS>Apply changes> Then I would title it “Guests” and then assign it a different IP range and subnet. I configured mine to 10.0.0.0/24 so it gets the 10.0.0.x IP range and the appliance address should be inputted as 10.0.0.1.  Then you would go to “Wireless settings”>enable the 2nd SSID and assign the VLAN ID to the “Guests” one>Apply settings. This is how you isolate the guest SSID from the main one to prevent guests from accessing your internal LAN. 


Please click images to enlarge
Step one: Creating the Guest policy:


Step two: Create the VLAN:


Step three: Assign VLAN to Guest SSID:



The MX60W supports WPA/WPA2 and supports PSK and Enterprise authentication types that can be different for each SSID. Selecting “Enterprise” allows you to use Meraki Authentication, which allows you to define a username and password rather then a static key, allowing for more fine control over your wireless network. User based controls allow you to define limits PER USER so that if let’s say, they get fired, you just delete thier user account and not have to change the ENTIRE NETWORK’S encryption key! To create the user you would go to Configure>Users>Add New User>and then configure to your needs.

One thing I do wish the MX60W had was simultaneous dual band operation. The operation is either 2.4Ghz OR 5Ghz and NOT both. However, it runs at 40Mhz allowing for higher throughput. 

Throughput Tests: (Wireless)


I will be using LAN Speed test for the throughput tests and PRTG to generate the graphs. It also is a comprehensive enterprise level network monitoring software and it can record uptime, transfer rates, errors, etc. 

Test environment: (Set 1)

Specs of Building: This is going through about 32 ft through 2 walls, a solid all-wood dresser, and a chimney. The room has plaster walls in some places. 

Specs of server :(my machine in the same room as theMX60W): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC

Specs of client: (remote machine in other room): AGNXAndrakon/AMD Phenom 9650/4GB Corsair XMS2 DDR2 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Amped Wireless ACA1 USB WLAN connection:USB3 via a PCI-Express addon card.


5Ghz 802.11n mode: Channel 161 -62dBm

LAN speed test: 25 stream 6GB file: 12Mbytes/sec or 96Mbits/sec



2.4 GHz 802.11n mode: Channel 11 -71dBm

Sensor Note: I created a separate 2.4Ghz sensor on PRTG to differentiate the two frequencies and also keep track of them separately. 

LAN speed test: 25 stream 6GB file: 8Mbytes/sec or 64Mbits/sec





Test environment: (Set 2)

Specs of Building Test Run 1: 16Ft away thru a wood door hallway right outside the office where the MX60W is located. 

Specs of server (my machine in the same room as theMX60W): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC

Specs of client: Toshiba/AMD A8 APU-4500M/6GB DDR3/ATI Radeon HD 7640G/600GB HDD/Windows 7 Home Premium 64 bit SP1/WLAN connection via a Realtek RTL8188CE PCI-E card

2.4 GHz 802.11n mode: Channel 11 -58dBm

LAN speed test: 25 stream 6GB file: 7Mbytes/sec or 56Mbits/sec





Throughput tests (Wired):

Specs of server: (my machine in the same room as theMX60W): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC

Specs of client: GrumpyCat/AMD Phenom 9550/4GB DDR2 RAM/500GB SSHD /Nvidia Geforce 8800GT/Windows 8.1 Enterprise 64 bit /NVIDIA nForce Networking Controller

LAN speed test: 25 stream 6GB file: 117Mbyes/sec or 936Mbits/sec





Mixed Connection stress tests:

IxChariot tests 2.4 Ghz Mode: Please click images to enlarge

Note: All these were done in 2.4Ghz mode, as the laptop does not have a dual band WLAN chipset
Large throughput test download link: https://www.dropbox.com/s/kzcfet4p61wy1z5/LT-Test1-2pair-2.pdf

Large_Test_Throughput.scr Result for Server+ACA1(Red line) WLAN+Toshiba laptop(Green line) WLAN


IxChariot Tests 5 Ghz Mode: Please click images to enlarge

Note the 2nd device I am using for this test is a Galaxy Nexus phone in 5Ghz mode in the same room as the MX60W

Large_Test_Throughput.scr Result for Server+ACA1(Red line) 


Large_Test_Throughput.scr Result for Server+ACA1(Red line)+GNEX(Green line)




Wired tests: Please click images to enlarge
Large_Test_Throughput.scr Result for Server+GRMPY(Grumpycat)(Green line)



Wired ETH vs 5Ghz WLAN comparison
Large_Test_Throughput.scr Result for Server+ACA1(Red line)+GRMPY(Grumpycat)(Green line)












Conclusion: 

The Meraki MX60W Security Appliance is highly recommended for a branch office with high connectivity demands and it has a great level of control. Excellent stability, great throughput, and set it and forget it controls. The price is high, however the reliability and ease of controls and peace of mind you get is worth every penny of the cost keeping in mind you don’t need to know commands, be a high level network engineer, or sacrifice control. 

Pros:
Ø Ease of setup from pre-configuring online to plugging in
Ø Very high performance throughput 
Ø Powerful wireless transmitter power
Ø Excellent management software
Ø Very robust security controls and options
Ø Cloud configurability anywhere
Ø 3G/4G failover via USB dongle

Cons:
Ø Pricey
Ø No USB storage
Ø Not concurrent dual band WLAN. Must be 5 or 2.4Ghz and not both at the same time. 


Rating: 9.8/10 
Recommended: Yes









No comments:

Post a Comment