ciscomeraki产品介绍与技术原理资料
Meraki MS390 交换机数据手册说明书
MS390 DatasheetOverviewThe Meraki MS390addresses the most demanding enterprise applications by combining the simplicity of the Meraki dashboard with powerful switching hardware. To satisfy high-bandwidth applications and the deployment of high-speed802.11ax/wifi-6access points,the MS390provides multigigabit ports,480G stacking, and modular10/40G uplinks.The MS390delivers resiliency with fast stack convergence and StackPower.The MS390provides Adaptive Policy using an over-the-wire tag which segments traffic into security groups to deliver scalable security.The MS390is integrated under the Meraki dashboard to provide a simply powerful solution to the most demanding wired access applications.Adaptive Policy provides simple&scalable security policies to segment traffic using Security Groups.Security Groups are created in the dashboard using natural language such as“IOT device”&“Guest.”The security policy intent(e.g.,Permit or Deny)is then simply provisioned between Security Groups which results in the segmentation of each group’s traffic.By making security policy management intuitive and scalable relative to legacy IP-address based Access Control Lists, Adaptive Policy empowers operators to confidently secure their network traffic independent of future network changes.By pooling&distributing power across MS390s using a series of StackPower cables,StackPower provides simple and resilient power distribution across the stack.ModelsNumber of Ports Model DescriptionMS390-24-HW24-port GbE switchMS390-24P-HW24-port GbE PoE+ switch24 Ports MS390-24U-HW24-port GbE UPoE switch MS390-24UX-HW24-port mGbE UPoE switch48 Ports MS390-48-HW48-port GbE switchMS390-48P-HW48-port GbE PoE+ switchMS390-48U-HW48-port GbE UPoE switchMS390-48UX-HW36-port 2.5GbE+ 12-port mGbE UPoE switch MS390-48UX2-HW48-port 5GbE UPOE switchFeaturesCategory FeaturesHighlights •Layer-3•40G or 10G modular uplink options on all models •mGig support•Dual Dedicated 120G Hardware Stacking Ports•PoE+ and UPoE Support•StackPower in a ring topology supporting upto 4 switchesManagement •Managed via Cisco Meraki Dashboard•Zero-touch remote provisioning (no staging needed)•Basic configuration capability via local management page•Detailed historical per-port and per-client usage statistics•Operating System, device, and hostname fingerprinting•Automatic firmware upgrades with scheduling control•SNMP and SYSLOG support for integration with other network management solutions*Remote Diagnostics •Email, SMS and Mobile push notification alerts1•Ping, traceroute, cable testing, and link failure detection with alerting •Remote packet capture•Dynamic and interactive network discovery and topology •Combined event and configuration change logs with instant searchStacking •Physically stack up to 8 switches with 480 Gbps of stacking bandwidth on all models•Virtual stacking supports thousands of switch ports in a single logical stack for unified management, monitoring, and configuration•Faster convergence•StackPower in a ring topology supporting upto 4 switchesEthernet Switching Capabilities •802.1p Quality of Service, 8 queues (w/ 6 configurable for DSCP-to-CoS mapping)•802.1Q VLAN and trunking support for up to 4,094 VLANs (1000 active VLANs with STP enabled)•Single Instance of 802.1s Multiple Spanning Tree Protocol (interoperable with RSTP, STP, PVST, RPVST)•STP Enhancements: BPDU guard, Root guard, Loop guard, UDLD•Broadcast storm control•802.1ab Link Layer Discovery Protocol (LLDP) and Cisco Discovery Protocol (CDP)•802.3ad Link aggregation with up to 8 ports per aggregate, Multichassis aggregates supported on stacked switches •Port mirroring•IGMP snooping for multicast filtering•MAC Forwarding Entries: 32KLayer 3•Static routing, OSPFv2•Multicast routing (PIM-ASM)•Warm Spare (VRRP) *•DHCP Server, DHCP RelaySecurity •Integrated multi-factor authentication for Dashboard management•Role-based access control (RBAC) with granular device and configuration control •Corporate wide password policy enforcement•IEEE 802.1X RADIUS and MAB, hybrid authentication and RADIUS server testing •Single-Host/Multi-Domain/Multi-Host/Multi Authentication•Port security: Sticky MAC, MAC whitelisting *•DHCP snooping, detection and blocking, Dynamic ARP Inspection•IPv4 and IPv6 ACLs•Secure Connect *•Adaptive Policy *MS390 LicensingMS390license structure includes two feature tiers:Enterprise and Advanced. The MS390 also introduces a new and simpler license to hardware mapping, specifically 24-port or 48-port licenses. As with all MS, every MS390 license is available in 1, 3, 5, 7, and 10 year terms.MS390 License Structure24-Port Model48-port ModelAdvanced Features LIC-MS390-24A LIC-MS390-48A* Available in a future software releaseEnterprise Features LIC-MS390-24E LIC-MS390-48EThe features available with advanced licensing are:•Adaptive policy *•Greater than 1,000 routes for OSPFContext and Comparisons24 Port Models48 Port ModelsDescriptionMS350-24XMS355-24X2MS390-24UXMS350-48FPMS355-48X2MS390-48UX21GbE RJ4516--4824-mGbE RJ4582424-244810GbE SFP+44Modular 44Modular 40GbE QSFP+n/a 2Modular -2Modular Hardware Stack Port 2x 40G 2x 100G2x 120G2x 40G 2x 100G2x 120GManagement Interface 111111Hot Swap PS Yes, Dual Yes, Dual Yes, Dual Yes, Dual Yes, Dual Yes, Dual Hot Swap Fans Yes, 2x Yes, 3x Yes, 3x Yes, 2x Yes, 3x Yes, 3x Layer 3 Routing Yes Yes Yes YesYes Yes UPoE CapableYes, 740W Yes, 740W Yes, 560W No, 740W(only PoE/PoE+)Yes, 740W Yes, 645W Max Switching Capacity 176 Gbps 640 Gbps 640 Gbps 176 Gbps 688 Gbps 640 Gbp Max Stacking Bandwidth160 Gbps400 Gbps480 Gbps160 Gbps400 Gbps480 Gbps* Available in a future software releaseIn the Co-term licensing model (most existing Organizations), an Organization must either have all MS390 Enterprise or all MS390 Advanced licenses - they cannot be mixed. In the Per-device licensing model, a mix of Enterprise and Advanced can be added to a single Organization, but certain features may require all devices in a Network to have Advanced licenses, e.g. Adaptive Policy.For more information on licensing, refer to Meraki Licensing Models article .Technical Breakdown Interfaces SpecificationsModel InterfacesUplink10/40GbE(SFP+, QSFP+)120G HardwareStack PortDedicatedManagementInterfacePoE/UPoECapabilitiesMS390-24-HW24 x1GbE RJ45Modular21n/a MS390-24P-HW24 x1GbE RJ45Modular21PoE MS390-24U-HW24 x1GbE RJ45Modular21UPoEMS390-24UX-HW 24 x 100M/1G/2.5G/5G/10G RJ45Modular21UPoEMS390-48-HW48 x1GbE RJ45Modular21n/a MS390-48P-HW48 x1GbE RJ45Modular21PoE MS390-48U-HW48 x1GbE RJ45Modular21UPoEMS390-48UX-HW36 x100M/1G/2.5G +12 x100M/1G/2.5G/5G/10GModular21UPoEMS390-48UX2-HW48 x100M/1G/2.5G/5G Modular21UPoE Physical SpecificationsModelDimensions(h x w x d)Weight Mount Type Hot Swap Fans Operating Temperature HumidityAll models are available with modular uplinks that have been listed under the Accessories list. For supported SFP modules please refer the SFP Datasheet.Cabling Best Practices for Multi-Gigabit operations:While Category-5e cables can support multigigabit data rates upto 2.5/5 Gbps, external factors such as noise, alien crosstalk coupled with longer cable/cable bundle lengths can impede reliable link operation. Noise can originate from cable bundling, RFI, cable movement, lightning, power surges and other transient event. It is recommended to use Category-6a cabling for reliable multigigabit operations as it mitigates alien crosstalk by design.W/ Default Power Supply1.73” x 17.5” x17.7”MS390-24-HW16.03 lb (7.27 kg)1U Rack Mount Yes, 3x-5°C to 45°C 5 to 90%(4.4 x 44.5 x 44.9cm)1.73” x 17.5” x17.7”16.33 lb (7.4 kg)1U Rack Mount Yes, 3x-5°C to 45°C 5 to 90% MS390-24P-HW(4.4 x 44.5 x 44.9cm)1.73” x 17.5” x 19.2”16.63 lb (7.54 kg)1U Rack Mount Yes, 3x-5°C to 45°C 5 to 90% MS390-24U-HW(4.4 x 44.5 x 44.8cm)1.73” x 17.5” x 20.2”MS390-24UX-HW18.18 lb (8.25 kg)1U Rack Mount Yes, 3x-5°C to 45°C 5 to 90%(4.4 x 44.5 x 51.3cm)1.73” x 17.5” x17.7”16.43 lb (7.45 kg)1U Rack Mount Yes, 3x-5°C to 45°C 5 to 90% MS390-48-HW(4.4 x 44.5 x 44.9cm)1.73” x 17.5” x17.7”16.73 lb (7.59 kg)1U Rack Mount Yes, 3x-5°C to 45°C 5 to 90% MS390-48P-HW(4.4 x 44.5 x 44.9cm)1.73” x 17.5” x 19.2”MS390-48U-HW17.03 lb (7.72 kg)1U Rack Mount Yes, 3x-5°C to 45°C 5 to 90%(4.4 x 44.5 x 48.8cm)1.73” x 17.5” x 22.2”20.50 lb (9.34 kg)1U Rack Mount Yes, 3x-5°C to 45°C 5 to 90% MS390-48UX-HW(4.4 x 44.5 x 56.4cm)1.73” x 17.5” x 22.2”20.05 lb (9.09 kg)1U Rack Mount Yes, 3x-5°C to 45°C 5 to 90% MS390-48UX2-HW(4.4 x 44.5 x 56.4cm)PerformanceSwitching Capacity Stacking Bandwidth Forwarding rateModelMS390-24-HW208 Gbps480 Gbps154.76 MppsMS390-24P-HW208 Gbps480 Gbps154.76 Mpps MS390-24U-HW208 Gbps480 Gbps154.76 Mpps MS390-24UX-HW640 Gbps480 Gbps476.19 Mpps MS390-48-HW256 Gbps480 Gbps190.48 Mpps MS390-48P-HW256 Gbps480 Gbps190.48 Mpps MS390-48U-HW256 Gbps480 Gbps190.48 Mpps MS390-48UX-HW580 Gbps480 Gbps431.54 Mpps MS390-48UX2-HW640 Gbps480 Gbps476.19 MppsPower Options and SpecificationsModel Default PowerSupplyHot Swap PowerSupplyAvailable PoE W/Primary PSAvailable PoE W/ SecondaryPS***Power Load(idle/max)MS390-24-HWMA-PWR-350WAC**Yes, Dual n/a n/a79.2 / 99 WMS390-24P-HWMA-PWR-715WAC**Yes, Dual445W720W84.1 / 554.4WMS390-24U-HWMA-PWR-1100WACYes, Dual830W1440W85.4 / 990.3WMS390-24UX-HWMA-PWR-1100WACYes, Dual560W1440W162.7 / 809.9WMS390-48-HWMA-PWR-350WAC**Yes, Dual n/a n/a83.9 / 109.9WMS390-48P-HWMA-PWR-715WAC**Yes, Dual437W1152W92.6 / 555 WMS390-48U-HWMA-PWR-1100WACYes, Dual822W1800W145 / 844.9WMS390-48UX-HWMA-PWR-1100WACYes, Dual490W1590W218.5 / 785.5WMS390-48UX2-HWMA-PWR-1100WACYes, Dual645W1745W157.9 / 843.8W** Upgrade options to715W and 1100W PSU are available.*** The PoE values are provided considering the secondary PS to be the default power supply of the respective model.What's includedModel Package ContentsMS390-24-HW 1 x Power Supply (MA-PWR-350WAC), Rack mount brackets and screw kit,3 x Pre-Installed Fans, Cable guide MS390-24P-HW 1 x Power Supply (MA-PWR-715WAC), Rack mount brackets and screw kit, 3 x Pre-Installed Fans, Cable guide MS390-24U-HW 1 x Power Supply (MA-PWR-1100WAC), Rack mount brackets and screw kit, 3 x Pre-Installed Fans, Cable guide MS390-24UX-HW 1 x Power Supply (MA-PWR-1100WAC), Rack mount brackets and screw kit, 3 x Pre-Installed Fans, Cable guide MS390-48-HW 1 x Power Supply (MA-PWR-350WAC), Rack mount brackets and screw kit, 3 x Pre-Installed Fans, Cable guide MS390-48P-HW 1 x Power Supply (MA-PWR-715WAC), Rack mount brackets and screw kit, 3 x Pre-Installed Fans, Cable guide MS390-48U-HW 1 x Power Supply (MA-PWR-1100WAC), Rack mount brackets and screw kit, 3 x Pre-Installed Fans, Cable guide MS390-48UX-HW 1 x Power Supply (MA-PWR-1100WAC), Rack mount brackets and screw kit, 3 x Pre-Installed Fans, Cable guide MS390-48UX2-HW 1 x Power Supply (MA-PWR-1100WAC), Rack mount brackets and screw kit, 3 x Pre-Installed Fans, Cable guideOptional AccessoriesAccessory Description Supported ModelsMA-PWR-350WAC350W AC Power Supply MS390-24-HW, MS390-48-HWMA-PWR-715WAC715W AC Power Supply All ModelsMA-PWR-1100WAC1100W AC Power Supply All ModelsMA-MOD-2X40G 2 x 40G Uplink Module All ModelsMA-MOD-4X10G 4 x 10G Uplink Module All ModelsMA-MOD-8X10G8 x 10G Uplink Module All ModelsMA-CBL-120G-50CM Meraki 120G Stacking Cable, 0.5Meter All ModelsMA-CBL-120G-1M Meraki 120G Stacking Cable, 1Meter All ModelsMA-CBL-120G-3M Meraki 120G Stacking Cable, 3Meter All ModelsMA-CBL-SPWR-30CM Meraki MS390 30CM StackPower Cable All ModelsMA-CBL-SPWR-150CM Meraki MS390 150CM StackPower Cable All Models MA-FAN-16K2System Fan All Models MA-RCKMNT Meraki MS390 Rack Mount Kit All ModelsRegulations and ComplianceElectromagnetic CompatibilityCertifications FCC Part 15 (CFR 47) Class A, ICES-003 Class A, CISPR22 Class A,CNS13438, EN 300 386 V1.6.1,EN 55022 Class A, EN 61000-3-2,EN61000-3-3, KN 32, TCVN 7189 Class A, EN 55032 , CISPR 32 Class A, V-2/2015.04, V-3/2015.04, VCCI-CISPR 32 Class A, CISPR24, EN 300 386 V1.6.1, EN 55024, KN35, TCVN 7317SafetyCAN/CSA-C22.2 No. 60950-1, UL 60950-1, EN 60950-1, IEC 60950-1, AS/NZS 60950.1 Environmental Reduction of Hazardous Substances (RoHS)Warranty Full lifetime hardware warranty with next-day advanced replacement included MTBF RatingModelMTBF at 25°CMS390-24-HW314,790MS390-24P-HW299,000MS390-24U-HW238,410MS390-24UX-HW214,760MS390-48-HW305,870MS390-48P-HW277,770MS390-48U-HW227,410MS390-48UX-HW202,160MS390-48UX2-HW198,647Installation GuideFor instructions on how to install and configure the MS390 series switch please refer the MS390 Series Installation Guide。
MX云管理路由器系列-Cisco
CiscoMeraki 云管理架构
组织级安全评估
2
自动配置站点间 VPN
段端到端网络可视性和故障排除
基于身份的策略管理
让 SD-WAN 变得简单
传输独立性 具备负载均衡和故障切换功能的双 WAN 端口可让用户使用 MPLS 和/或冗余的商用联网连接,从而获得更大带宽和更高的可靠性。
3G/4G 故障切换 CiscoMerakiMX 支持全球各地的 3G/4G 服务提供商,可实现 WAN 连接的故障切换。Web 缓存功能临时存储视频、媒体和 web 文档,从 而降低带宽使用量,加快互联网内容的下载速度。
3
内置 802.11ac 无线技术
MX64W 和 MX65W 紧密集成了 CiscoMeraki 屡获大奖的无线技术和 强大的 MX 网络安全特性,是分支机构或小型企业的理想选择。 • 双频段 802.11n/ac,包含 2 个空间串流的 2x2MIMO • 统一管理网络安全和无线技术 • 内置企业安全性和访客访问
90WDC(含)
6W/72(MX65) 9W/79W(MX65W
32°F - 104°F (0°C - 40°C)
5%-95%
6.46” x 4.55” x 1.14”(164 mm x 116
mm x29 mm)
0.9lbs(0.408kg)
12V/1.5A 电源(含)
N/A
32°F - 104°F (0°C - 40°C)
应用优化 7 层流量整形和应用优化优先级划分可为任务关键型应用优化流量和用户体验。
智能路径控制 MX 采用动态 VPN 路径选择技术,根据丢包率、时延和抖动选择最佳 VPN 上行链路。可定义用于通过相应路径发送相应流量的策略(例如, 通过 MPLS 发送语音,通过 VPN 和宽带发送 http)。
思科 Meraki MR70 双频 802.11ac Wave 2 技术规格说明书
MR70Dual-band, 802.11ac Wave 2 ruggedized access point delivering basic enterprise wireless foroutdoor or low-density deploymentsEntry-level cloud-managed 802.11ac wirelessThe Cisco Meraki MR70 is a dual-radio, cloud-managed 2x2:2 802.11ac Wave 2 access point with MU-MIMO support. Designed for basic, best-effort deployments that require rapid installation, the MR70 provides enterprise-grade security and simple management in a ruggedized, IP67-rated form factor that sports integrated omni-directional antennas.The MR70 is ideal for municipal athletic fields, garages, public gardens, space-constrained outdoor deployments, and even rapid-response emergency kits designed to quickly deliver wireless in disaster-struck areas. The MR70 provides a maximum 1.3 Gbps* aggregate frame rate with concurrent 2.4 GHz and 5 GHz radios.MR70 and Meraki cloud management: a powerful combinationThe MR70 is managed through the Meraki cloud, with an intuitive browser-based interface that enables rapid deployment without training or certifications. Because the access point is monitored24x7 by the Meraki cloud, the MR70 can deliver real-time alertsif the network encounters problems, and diagnostic tools enable real-time troubleshooting over the web. The MR70’s firmware is always kept up to date from the cloud. New features, bug fixes, and enhancements are delivered seamlessly over the web, meaning no manual software updates to download or missing security patches to worry about.Product Highlights• 2x2 MU-MIMO 802.11ac Wave 2• 1.3 Gbps* aggregate dual-band frame rate• Integrated enterprise security and guest access • Built-in WIPS for threat detection and remediation • Application-aware traffic shaping• Self-configuring, plug-and-play deployment • Rapid, plug-and-play deployment• Integrated location analytics and heat mapFeaturesAggregate data rate of up to 1.3 Gbps*A 5 GHz 2x2:2 radio supporting 80 MHz channel widths and a2.4 GHz 2x2:2 radio supporting 40 MHz channel widths offer a combined dual-radio aggregate frame rate of 1.3 Gbps*, with up to 866 Mbps in the 5 GHz band thanks to 802.11ac Wave 2 and 400 Mbps in the 2.4 GHz band.Multi User Multiple Input Multiple Output (MU-MIMO)With support for the 802.11ac Wave 2 standard, the MR70 offers MU-MIMO for more efficient transmission to multiple clients. This increases the total network performance and the improves the end user experience.Integrated enterprise security and guest accessThe MR70 features integrated, easy-to-use security technologies to provide secure connectivity for employees and guests alike. Advanced security features such as AES hardware-based encryption and WPA2-Enterprise authentication with 802.1X provide wire-like security while still being easy to configure. One-click guest isolation provides secure, Internet-only access for visitors. Our policy firewall (Identity Policy Manager) enables group or device-based, granular access policy control.Secure wireless environments using Air MarshalThe MR70 comes equipped with Air Marshal, a built-in wireless intrusion prevention system (WIPS) for threat detection and attack remediation. MR70 access points will scan their environment opportunistically based on user-defined preferences. Alarms and auto-containment of malicious rogue APs are configured via flexible remediation policies, ensuring optimal security and performance in even the most challenging wireless environments.Application-aware traffic shapingThe MR70 includes an integrated Layer 7 packet inspection, classification, and control engine, enabling you to set QoS policies based on traffic type. Prioritize your mission critical applications, while setting limits on recreational traffic, e.g., peer-to-peer and video streaming.Self-configuring, self-optimizing, self-healingThe MR70’s advanced mesh technologies like multi-channel routing protocols and multiple gateway support enable scalable coverage of hard-to-wire areas with zero configuration. Mesh also improves network reliability — in the event of a switch or cable failure, the MR70 will automatically revert to mesh mode, providing continued gateway connectivity to clients.Rapid, plug-and-play deploymentWhen plugged in, the MR70 automatically connects to the Meraki cloud, downloads its configuration, and joins the appropriate network. It self-optimizes, determining the ideal channel, transmit power, and client connection parameters.Integrated analyticsDrill down into the details of your network usage with highly granular traffic analytics. Extend your visibility into the physical world with built-in location analytics that enables you to view visitor numbers, dwell time, repeat visit rates, and track foot traffic trends.SpecificationsRadios2.4 GHz 802.11b/g/n/ac client access radio5 GHz 802.11a/n/ac Wave 2 client access radioSupported frequency bands (country-specific restrictions apply):• 2.412-2.484 GHz• 5.150-5.250 GHz (UNII-1)• 5.250-5.350 GHZ (UNII-2)• 5.470-5.600, 5.660-5.725 GHz (UNII-2e)• 5.725-5.825 GHz (UNII-3)802.11ac and 802.11n Capabilities2 x 2 multiple input, multiple output (MIMO) with two spatial streamsSU-MIMO and MU-MIMO supportMaximal ratio combining (MRC) & Beamforming20 and 40 MHz channels (2.4 GHz), 20, 40, and 80 MHz channels (5 GHz)Up to 256-QAM on both 2.4 GHz and 5 GHz bandsPacket aggregationPowerPower over Ethernet: 37-57 V (802.3af compatible)Power consumption: 11 W max (802.3af)Power over Ethernet injector sold separatelyMountingMounts to walls and vertical polesMounting hardware includedPhysical SecuritySecurity screw includedEnvironmentOperating temperature: -4 °F to 131 °F (-20 °C to 55 °C)IP67 environmental ratingOperating humidity: 5% to 95%Physical Dimensions9.65” x 4.53” x 1.18” (245 mm x 115 mm x 30 mm)Weight: 15.87 oz (0.45 kg)AntennaIntegrated omni-directional antennas (4.5 dBi gain at 2.4 GHz, 4.7 dBi gain at 5 GHz)Interfaces1x 100/1000 BASE-T Ethernet (RJ45)SecurityIntegrated Layer 7 firewall with mobile device policy managementReal-time WIDS/WIPS with alerting and automatic rogue AP containment with Air Marshal Flexible guest access with device isolationVLAN tagging (802.1Q) and tunneling with IPSec VPNPCI compliance reportingWEP, WPA, WPA2-PSK, WPA2-Enterprise with 802.1XEAP-TLS, EAP-TTLS, EAP-MSCHAPv2, EAP-SIMTKIP and AES encryptionEnterprise Mobility Management (EMM) & Mobile Device Management (MDM) integration Quality of ServiceAdvanced Power Save (U-APSD)WMM Access Categories with DSCP and 802.1p supportLayer 7 application traffic identification and shapingMobilityPMK, OKC, and 802.11r for fast Layer 2 roamingDistributed or centralized Layer 3 roamingLED Indicators1 power/booting/firmware upgrade statusRegulatoryRoHSEN50155: 2017 (Railway)For additional country-specific regulatory information, please contact Meraki sales Warranty1 year hardware warranty with advanced replacement includedOrdering InformationMR70-HW: Meraki MR70 Cloud Managed 802.11ac APMA-PWR-30W-XX: Meraki AC Adapter for MR Sseries (XX = US/EU/UK/AU)MA-INJ-4-XX: Cisco Meraki 802.3at Power over Ethernet Injector (XX = US/EU/UK/AU) Note: Meraki Enterprise license requiredCompliance and StandardsSafety ApprovalsUL 60950-1CAN/CSA-C22.2 No. 60950-1IEC 60950-1EN 60950-1Radio ApprovalsCanada: FCC Part 15C, 15E, RSS-247Europe: EN 300 328, EN 301 893Australia/NZ: AS/NZS 4268Mexico: NOM-121For additional country-specific regulatory information, please contact Meraki Sales EMI Approvals (Class B)Canada: FCC Part 15B, ICES-003Europe: EN 301 489-1-17, EN 55032, EN 55024Australia/NZ: CISPR 32Exposure ApprovalsCanada: FCC Part 2, RSS-102Europe: EN 50385, EN 62311Australia: AS/NZS 2772。
cisco meraki 产品介绍与技术原理 PPT
目录 CONTENTS
技术原理 与其他AP对比
R2, 2012 Windows Phone 8.1
2、高延展性
云管理平台对所接入AP的数量无限制,每新增一台AP,只需将AP连接至云管理平台, 无需另外配置
3、高可靠性
客户的数据至少在三个数据中心备份 meraki的云管理平台是大规模的分布式架构,提供冗余链路 即便断开与网络的连接,meraki所管理的无线网络仍然能够连接上网
技术原理—CMX(Connected Mobile Experences)
cmx api
利用cmx 位置分析能够为管理者提供wifi用户的实时位置统计信息和报告
技术原理—CMX
1 通过扫描probe request和802.11数据包来检测开启wifi的设备
iphone设备, 没有连接到互 联网
技术原理—应用层的可视化管理
可以看到: 使用者名称 使用的应用类型 使用者的操作系统或者设备 使用者所使用的流量
• meraki根据ip地址,主机名以及端口号范围来确定应用类型 • 对于p2p类型应用流量的分类,采用的方法是:识别到在一系列浮动的ip地址中
的简短的tcp会话( recognizes short TCP sessions across a fleeting range of IP addresses),就可以识别p2p应用 • 可以使用dscp或者pcp协议给不同应用的流量打标签,从而可以使用qos对用户 使用不同的应用进行限制或者限速 • 用户所使用应用的流量分析和配置信息等将会和网络管理数据一起上传到云管 理中心
技术原理—Air Marshal
2 预防机制:air marshal ap具备识别非授权ap的功能,这样可以使 得网络管理者在客户连接上这些非授权ap前,采用物理措施移除这些非 授权ap。具体实现如下:
Meraki MS 系列交换机
支持所有部署类型的强大的特性集
Meraki交换机包含高端产品所具备的所有传统Ethernet特性, 其中包括: • 用于为语音、视频等任务关键型链路划分优先级的服务质量
(QoS) • 用于实现基于端口的网络访问控制的IEEE 802.1X支持 • 基于MAC的RADIUS认证和MAC白名单 • 用于简化VoIP部署的语音VLAN • 用于以线速监测网络流量的端口镜像 • 用于防止用户在网络上添加非法DHCP服务器的DHCP监听 • 用于优化组播流量的网络性能的IGMP监听 • 用于实现大容量中继、堆叠和更高可用性的链路聚合控制协
3
Meraki 聚合交换产品组合
系列
MS410
部署类型 接口1 上行链路 电源配置 堆叠能力 路由能力
型号
1G光纤聚合
16 / 32 x 1GbE SFP
2 x 10GbE SFP+(MS410-16) 4 x 10GbE SFP+(MS410-32)
模块化 可选冗余PSU(单独出售)
160G物理 + 虚拟
设置一台Meraki交换机只需将其联网,没有必要进行重复、 基于命令的配置。交换机联网后数分钟之内就可以启动和运 行。
一个功能强大的集中管理界面可让管理员深入了解网络及其 使用情况,查看那些交换机接近数百个站点的容量,快速配 置和重配置交换机端口的安全、QoS等策略。Meraki控制面 板提供统一策略、事件日志和监测功能,便于用户管理网络 部署,而且不会对性能产生任何影响。
· 灵活堆叠,可扩展配置和提升高性能。 · 智能管理可降低成本和开销,缩短问题解决时间。 · 行业标准特性使其能够轻松整合到现有和混合基础设
施中。 · 基于角色的管理,通过web实现自动安全的固件设计。
Meraki无线网络身份认证方案
Meraki无线网络身份认证方案一、面临挑战思科Meraki无线云管控,可在云上集中配置管理所有网络设备及移动终端,有效降低无线运维管理成本,以功能丰富且易于使用而受到青睐。
随着无线技术的全面应用及移动终端的普及,无线开放的访问方式和易接入的特性在带来便捷的同时,也带来极大的安全隐患。
无线网络的安全系统要做到有效,必须解决下面这个问题——接入控制,即验证用户并授权他们接入特定的资源,同时拒绝为未经授权的用户提供接入。
大型企业商业通常用户及分支机构众多,跨地域连无线普遍存在的情况下,存在着大量网络安全威胁,实现多分支、多用户、多终端之间的无线统一身份认证及安全访问控制,更有其必要性。
统一的身份鉴别和访问控制应贯穿在Meraki无线云管控的始终,对用户的访问进行身份鉴别,对其访问权限和可操作内容进行有效的管理,实现不同用户角色对应不同的访问权限。
二、解决方案1. 思科Meraki无线网络身份认证解决方案概述宁盾一体化认证平台提供健全的无线身份认证访问控制,通过与Meraki云管控对接,实现多分支统一接入管理,只允许合法授权用户的接入。
联动Meraki 云端控制器,对合法接入的用户基于其身份做访问权限控制,实现所有类型无线用户集中化认证及管理。
还可结合上网行为管理设备,提供上网行为实名审计,及基于用户身份的流量控制。
2. 宁盾一体化无线认证方式①短信认证,可设定短信内容模版、短信验证码有效期及长度等;②微信认证,通过关注微信公众号进行认证连接上网;③用户名密码认证,用户名密码可以创建,也可以与AD或者LDAP同步帐号信息;④支持二次无感知认证,可设定有效期,超过有效期须通过其他认证方式登录;⑤支持协助扫码认证,快速授权上网,实现访客与被访人之间可追溯;⑥支持访客自助申请认证,由指定人员审批申请信息,加强内外网访问安全控制。
三、方案价值①统一认证:宁盾结合Meraki实现多分支无线用户的统一接入,所有用户通过一套账号体系集中认证及管理;②认证方式:提供短信、微信、用户名密码、协助扫描、邮件审批、二次无感知等多种认证方式;③访问策略:动态授权机制,根据用户的不同身份来确定其网络接入权限,在网络资源、带宽、时长、位置、终端数量等权限上作区分,并支持黑白名单;④Portal页广告:支持Portal页个性化定制,可基于不同的站点推送不同的认证方式不同的广告信息,优化无线上网体验,提升客户形象;⑤账号保护:结合宁盾双因素认证方案加强用户账号安全,支持AD/LDAP对接认证,还可从OA、ERP、CRM等客户自有系统中同步用户数据;⑥实名审计:提供清晰的用户信息及完整的上网统计报告,与行为管理设备对接,实现无线认证可实名追溯,提升网络信息安全。
cisco-meraki-产品介绍与技术原理资料
—by 梁晓宇
目录 CONTENTS
技术原理 与其他AP对比
meraki架构
ap自动从云管理 中心下载配置文 件
产品特点
1、配置简单
管理者只需登录meraki的管理界面,即可在云端配置AP,可以在多种平台管理无线 网络,目前支持的平台有: Apple iPad, iPod Touch, and iPhone (iOS 5 or higher) Android (2.2 or higher), including Amazon’s Kindle Fire Mac OS X (10.5 or higher) Windows Pro 7, 8, 8.1, 10, Vista, XP (Service Pack 3 or higher), Server 2008,
技术原理—Air Marshal
2 预防机制:air marshal ap具备识别非授权ap的功能,这样可以使 得网络管理者在客户连接上这些非授权ap前,采用物理措施移除这些非 授权ap。具体实现如下:
产生大量这 三种类型的 数据包,用 来冒充非授 权ap,从而 迫使已经连 接上非授权 ap的客户 断开与其连 接
技术原理—应用层的可视化管理
可以看到: 使用者名称 使用的应用类型 使用者的操作系统或者设备 使用者所使用的流量
• meraki根据ip地址,主机名以及端口号范围来确定应用类型 • 对于p2p类型应用流量的分类,采用的方法是:识别到在一系列浮动的ip地址中
的简短的tcp会话( recognizes short TCP sessions across a fleeting range of IP addresses),就可以识别p2p应用 • 可以使用dscp或者pcp协议给不同应用的流量打标签,从而可以使用qos对用户 使用不同的应用进行限制或者限速 • 用户所使用应用的流量分析和配置信息等将会和网络管理数据一起上传到云管理 中心
思科Meraki MC74 VoIP电话说明书
OVERVIEWThe Cisco Meraki MC74 is a premium VoIP phone with an elegant design, featuring a 7” touchscreen display. Representing a fresh approach to the notoriously complex and disjointed world of telephony, it leverages the power of the cloud to eliminate the traditional PBX. MC74 provides simple, intuitive management and the ability to integrate with business applications.MERAKI COMMUNICATIONSMeraki Communications phones benefit from zero-touch deployment. With only a serial number the network admin can remotely configure the phone for a user or meeting room. Once online it will connect to the cloud, pull down its configuration and within seconds be ready to make calls.Using the Meraki dashboard, the network admin is able to manage all the essentials: review call stats, configure alerts, setup conference rooms, manage a contacts directory and set up Interactive Voice Response menus. For connection to the rest of the world via the public switched telephone network (PSTN), there are configuration options for a SIP service provider, and Meraki partners will be able to guide customers on this essential component.INTRODUCING MC74With a beautiful, carefully crafted design and superb sound quality, MC74 is designed to delight the user, featuring easy and intuitive access to the most commonly used features—and the minimum of distractions.A large, high resolution color display is the center of the phone experience, and this blank canvas allows Meraki engineers and designers to evolve and refine the user experience over time. The display and speaker provide intuitive visual and audible cues to communicate status, without requiring the user to navigate through deep, complicated menus.Wideband audio enhances the calling experience, allowing crystal clear speech. Calls can be placed or received using the handset, USB, Bluetooth or even regular cellphone headsets.* A sensitive mi-crophone and full range speaker are also included for an exceptional hands–free experience during meetings.MC74 aims to be nothing less than the best possible communica-tions experience.MC74 Cloud Managed PhoneDatasheet |MC74SpecificationsHardwareHigh definition color 7” IPS backlit touchscreen display (1280x800) Integrated GbE switch with passthrough portIntegrated desktop stand with adjustable hingeOptional wall mount adapter with levelerDedicated volume buttonMute button with status LEDHandset with on-hook proximity sensorMagnetic cable guideRear and side USB headset ports3.5mm audio headset jackSpeakerphone/MicAmbient light sensorMulticolor notification LEDIn the boxMC74 phone + handset and cordWall mounting kit + hardwareMicrofiber screen clothDesign matched ethernet cableVoIPFully encrypted voice and SIP signaling (TLS/SRTP)E911 support for accurate location in emergenciesE164 international dialling formatWideband audio G.722 internal calling (G.711 for PSTN calling)Power802.3af PoE (Class 3)Universal power adapter (optional accessory)EnvironmentOperating temp: 0o C to 40o C (32 to 104F)Humidity 5 – 95% non condensingPhysical dimensionsSize including handset 272 x 186 x 94mm (10.7 x 7.3 x 3.7in) Weight 1.1Kg (2.4lbs)Warranty2 Y ears Licensing1, 3, 5, 7 or 10 year licensing optionsSafetyUL / IEC / EN 60950-1CAN/CSA-C22.2 No. 60950-1Radio ApprovalsFCC Part 15C, 15EEN 300 328, EN 301 893For additional country-specific regulatory information, please contact Meraki salesSupported frequency bands (country-specific restrictions apply)2.412-2.484 GHz5.150-5.250 GHz (UNII-1)5.250-5.350 GHZ (UNII-2)5.470-5.600, 5.660-5.725 GHz (UNII-2e)5.725-5.825 GHz (UNII-3)EMI Approvals (Class B)FCC Part 15BEN 301 489-1-17, EN 55032, EN 55024Exposure ApprovalsFCC Part 2EN 62311, EN 62479Telecom ApprovalsFCC Part 68* A list of tested headsets can be found at CiscoSystems,Inc.|500TerryA.FrancoisBlvd,SanFrancisco,CA94158|(415)432-1000|**************** 2。