Connection Loss with Meraki Cloud Controller698
Pages:
1
|
LiquidLayer private msg quote post Address this user | |
| Connection Loss to Cisco Meraki Cloud Controller The Knowledge Base is moving! For this article, please visit the link below. Connection Loss to Cisco Meraki Cloud Controller Connectivity loss can occur for several reasons: your WAN connection goes down, a Meraki data center experiences an outage, or there is an Internet routing issue between your site and Meraki. This note describes the behavior of your network under this "connectivity loss" state.The Meraki Cloud Controller is an out of band architecture, meaning that no client data flows through the cloud controller. The system is also designed to handle connectivity failures gracefully.In general, wireless clients will continue to be able to use the WLAN during a connectivity loss. Clients will continue to be able to access local LAN resources (e.g., printers and file shares) and, if an internet connection is available, the Internet as well.When your network is in the "connectivity loss" state, you will notice the following changes: Network configuration changes will not take effect Usage statistics will become out of date Channel spreading and other optimizations will not run The Rogue AP list will not update If you are using Meraki-hosted RADIUS for authentication and Controller Disconnection Behavior is set to "Retricted", new clients will not be able to authenticate. By default, all new clients are denied. You can also select for all new clients to be allowed (Open). Clients who have already authenticated continue to function normally. Newly associated clients will not see Meraki-hosted splash pages. Clients will be given access without seeing the splash page. (depends on settings on Configure -> Access Control -> Controller Disconnection Behavior) If you have Meraki Billing enabled, new clients will not be able to purchase network access. These services will automatically resume functioning once connectivity between the wireless network and the Meraki network is restored.If a Meraki data center experiences an outage, your network will automatically fail over to another Meraki data center. During the fail-over time your network will experience connectivity loss as described above.Assuming you have setup email alerts, you will receive an email when a Meraki node loses connectivity to the Cloud Controller, allowing you to take corrective action if necessary. For more information on local device management, see Using the Cisco Meraki Device Local Status Page. Bit more info on this .... Out of Band Control Plane Cisco Meraki's out of band control plane separates network management data from user data. Management data (e.g. configuration, statistics, monitoring, etc.) flows from Cisco Meraki devices (wireless access points and routers) to Cisco Meraki's cloud over a secure Internet connection. User data (web browsing, internal applications, etc.) does not flow through the cloud, instead flowing directly to its destination on the LAN or across the WAN. Data FlowAdvantages of an out of band control plane: Scalability Unlimited throughput: no centralized controller bottlenecks Add devices or sites without MPLS tunnels Reliability Redundant cloud service provides high availability Network functions even if management traffic is interrupted Security No user traffic passes through Cisco Meraki's datacenters Fully HIPAA / PCI compliant What happens if my network loses connectivity to the Cisco Meraki Cloud Controller? Because of Cisco Meraki's out of band architecture, most end users are not affected if Cisco Meraki wireless APs and routers cannot communicate with Cisco Meraki's cloud services (e.g. because of a temporary WAN failure): Users can access the local network (printers, file shares, etc.) If WAN connectivity is available, users can access the Internet Network policies (firewall rules, QoS, etc.) continue to be enforced Users can authenticate via 802.1X/RADIUS Wireless users can roam between access points Users can initiate and renew DHCP leases Established VPN tunnels continue to operate Local configuration tools are available (e.g. device IP configuration) While Cisco Meraki's cloud is unreachable, management, monitoring, and hosted services are temporarily unavailable: Configuration and diagnostic tools are unavailable Usage statistics are stored locally until the connection to the cloud is re-established, at which time they are pushed to the cloud Splash pages and related functionality are unavailable |
||
| Post 1 • IP flag post | ||
|
|
LiquidLayer private msg quote post Address this user | |
| PCI Compliance with Meraki Wireless and others Cisco Meraki provides a comprehensive solution to ensure a PCI compliant wireless environment held to the strict standards of a Level 1 PCI audit (the most rigorous audit level). Cisco Meraki's rich security feature set addresses all of the PCI Data Security Standards, helping customers to build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, and monitor network security. Unlike traditional wireless LANs, Cisco Meraki's intelligent security infrastructure eliminates the management complexities, manual testing, and ongoing maintenance challenges that lead to vulnerabilities. Cisco Meraki's intuitive and cost effective security features are ideal for network administrators, while powerful and fine-grained administration tools, account protections, audits, and change management appeal to CISOs. Centrally managed from the cloud, Cisco Meraki makes it easy and cost effective to deploy, monitor, and verify PCI compliant WiFi across distributed networks of any size. PCI-DSS requirements applicable to wireless LANs and their related Cisco Meraki features: Cisco Meraki Infrastructure – Isolated from the Cardholder Data Environment Requirement 1.2.3 – Segregate Wireless Network and the Cardholder Data Environment Requirement 2.1.1 – Change Vendor Defaults and Enable Strong Encryption Requirement 4.1.1 – Encrypt Authentication and Transmission with Industry Best Practices Requirement 6.1 – Use the Latest Security Patches Requirement 7.2 – Restrict Access Based on a User's Need to Know Requirement 8 – Implement User-Based Access Controls Requirement 10 – Track and Monitor All Access to Network Resources Requirement 11.2/11.3 – Perform Regular Audits and Penetration Testing Requirement 11.1/11.4 – Detect Unauthorized Access Cisco Meraki Infrastructure – Isolated from the Cardholder Data Environment Cisco Meraki's cloud hosted WLAN controller is out of band, meaning that wireless traffic (including cardholder data) does not flow through Cisco Meraki's cloud-hosted controller or any other Cisco Meraki infrastructure not behind your firewall. Learn more about Cisco Meraki's out of band architecture. Cisco Meraki's datacenters are SAS70 type II certified, feature robust physical and cyber security protection, and are regularly audited by third parties. Learn more about Cisco Meraki's datacenters. Requirement 1.2.3 – Segregate Wireless Networks and the Cardholder Data Environment Cisco Meraki's wireless APs include an integrated stateful firewall which ensures that guest WiFi users and other non-privileged clients cannot access cardholder data, in conformance with Requirement 1.2.3. The firewall's LAN isolation feature enables one-click secure guest WiFi, wherein guests can only access the Internet. Blocked from LAN access, guests cannot spread viruses or reach internal resources. Cisco Meraki's firewall provides fine-grained control, from layer 3 through 7. Configure VLAN tags, ACLs, identity-based policies, and block unwanted applications - even peer-to-peer apps without well-known hosts and ports. More info and screen shot examples: http://www.cloudwifiworks.com/PCI-Compliance.asp |
||
| Post 2 • IP flag post | ||
Pages:
1
