all 158 comments

[–]chuckbalesCCNP|CCDP|CCNA-V|CMNA 64 points65 points  (27 children)

I've had a support case open since early November, with what I would consider a pretty severe issue (security center reports it blocks traffic, when the traffic actually gets through just fine). Every week I follow up (because they've yet to provide any proactive updates), and I haven't gotten anything back besides "we're still investigating". A security appliance lying about what its blocking is a pretty big deal to me.

[–]Trumps_a_cunt 17 points18 points  (20 children)

This is why I caution clients away from cloud based networking, unless you trust your MSP completely.

I get that it's seductive with its pricing model and reduced administration, but what you gain there you lose tenfold in control.

Say your renewal came around and Meraki decided to up the price 10x. What are your options, you can rip and replace EVERY AP, or you can pay the extortion fee to keep using equipment that you already paid for.

[–]chuckbalesCCNP|CCDP|CCNA-V|CMNA 16 points17 points  (13 children)

I work for an MSP, and I do love the overall deployment model and manageability of Meraki. I can have the field techs just take the gear with them or have it drop-shipped to the customer, have them call me when its plugged in and I can finish the rest. Instead of requiring me to stage it in my office, install IOS updates, etc.

But for every nice thing about Meraki there's something equally frustrating. Especially with the MX units, if you're coming from a heavy firewall background, the MX is just crap.

[–]not12listenCWTS / CWNA 5 points6 points  (9 children)

like you, i also work for an MSP and we also use Meraki.

the setup is the greatest advantage. the lack of detail is frustrating to say the least. Meraki has taken a massive 'we will handle the details, so just don't worry about them' stance.

this is something i absolutely do not appreciate. recently, our 2nd largest customer experienced an issue where iOS devices could not connect to the MR WAPs. when i called support, they stated it was a known issue and would require a firmware rollback.

of course, there is no way for YOU, the paying customer/client to see what firmware revision caused it NOR can you perform the rolllback - Meraki support has to and that rollback will cause a 10 minute outage (rollback, reboot, etc).

additionally, i've looked and could not find anywhere that states when their WAPs perform the auto channel check. is it 30 minutes? 60 minutes? 120 minutes? 3600 minutes? i ask this because a neighboring business has their wireless network configured with 80MHz channels and its clogging everything up... so, i force a channel recheck and the WAP does not migrate over to a clear channel... instead, it just sits in the middle of this 80MHz wide occupied channel. to me, that is useless.

yeah... not impressed.

[–]sheps 2 points3 points  (3 children)

Funny you mentioned the channel thing. I also noticed just today that a customer's site had all 3x MR32 APs using the only 5GHz channel that happened to be in use by someone else's network in the entire spectrum. 80MHz channel width was also enabled. We manually set the APs to a clear channel.

[–]not12listenCWTS / CWNA 1 point2 points  (2 children)

i would love to manually set the channels. unfortunately, with multiple 80MHz wide SSIDs being broadcast (neighboring business), there are no channels not being used.

[–]nerddtvg10+ years, no certs 2 points3 points  (1 child)

Let me guess, the neighbors have AT&T U-Verse. I've seen their newest routers ship with 80MHz channels as the default which is pretty pointless in most cases. It's like they miss the times of 2.4GHz's few channels and want to waste the spectrum.

[–]not12listenCWTS / CWNA 1 point2 points  (0 children)

in this case, the neighboring company has Ruckus WAPs.

Comcast/Xfinity also sends out their devices configured to use 80MHz wide channels. you have to fight with them on the phone to disable it (ssid: xfinitywifi) and they keep saying 'this is for your friends and family...' to which i say "i have equipment that has a segregated guest network."

that usually shuts them up, but not always.

[–]jpeek 2 points3 points  (1 child)

Funny thing is, you're probably doing more damage to his 80mhz than he is to your 20mhz.

[–]not12listenCWTS / CWNA 0 points1 point  (0 children)

i hope that is the case. :)

[–]ten_thousand_puppies 0 points1 point  (2 children)

[–]not12listenCWTS / CWNA 0 points1 point  (1 child)

thanks for the link to the document.

the devices that we manage are MR32 and MR42 WAPs that have the dedicated additional antenna. per the Meraki document, it states "Real-Time Auto Channel" without going into specifics - how frequently does it sample? every 10ms? every 100ms? every 1000ms? every 10 minutes? a bit of clarification would be nice.

at least with SOHO based devices, it gives me to option to select 'once per 30 minutes' (the shortest interval offered) - i know it is a long time interval versus the theory of real-time, but at least i have a known limitation that i can work with.

[–]ten_thousand_puppies 0 points1 point  (0 children)

Their KB search is pretty awful I've found

I believe it's the same antenna that they use on their RF Spectrum output, so I'd imagine it's fairly frequently, but I dunno either.

It does say the following though regarding how it decides to change channels:

Steady State

The most common reason for a channel change is the steady state process. The Cloud Controller runs this process every 15 minutes. If there is a channel with a better metric when the steady state process runs, the AP will be instructed to change its channel.

Client Awareness

The steady state algorithm is client-aware, and the AP will not change the radio channel if there is active client traffic on a radio. This prevents clients from being disconnected or having their applications disrupted when adjusting the channel. Radios may still change their channel as a result of one of other reasons discussed in this document. The AP's radio will resume steady stage changes once the connected clients change channels or access points.

[–]jpeek 0 points1 point  (2 children)

Their entire portfolio is lacking in key features.

[–]ramblingnonsense 0 points1 point  (1 child)

What do you use?

[–]jpeek 0 points1 point  (0 children)

It's more what do I deploy. I've deployed everything but their new phones. They are great for small office type situations. They lack key features when you start to scale.

[–]HikeBikeSurf 1 point2 points  (4 children)

For what X-aaS vendor would your example scenario also NOT hold true?

This line of thinking could prevent companies from using any X-aaS solutions at all.

If Microsoft decided to increase the price of Office 365 10x, it would not exactly be justification for companies to bring e-mail on-prem.

[–]Trumps_a_cunt 0 points1 point  (2 children)

I mean specifically with Meraki because if you don't pay for support your APs are paperweights.

If I go out and buy 100 Aruba access points, then I decide "You know what I'm not going to pay for Aruba support anymore" you can still use those APs without a subscription.

If I go out and buy 100 Meraki access points, then I decide "You know what I'm not going to pay for Meraki support anymore" they kill the APs. I paid for the hardware, I own it, but I'm not allowed to use it anymore.

Tell me what other product in this industry is like that?

[–]HikeBikeSurf 0 points1 point  (1 child)

Are those Aruba APs similarly cloud-managed? Could you continue to manage them without licensing for management?

If no, then first of all you are making an apples to oranges comparison - one wouldn't be cross-shopping those solutions depending on their goals.

Second, you aren't indicting Meraki for a functional flaw or limitation, you are indicting cloud-managed networking on principle.

Again, this is akin to indicting AWS for losing access to your EC2 instances if you stop paying your bill - one would've considered that when choosing the solution.

This is a bizarre recurring theme in these Meraki complaint threads.

[–]Twanza 1 point2 points  (0 children)

Aruba Instant AP's can be cloud managed, controller managed, they also support a virtual controller feature where a single AP can manage multiple AP's in the same subnet. So if you purchase the cloud management licenses and decided not to renew them, you can simple revert them back to a virtual or physical controller.

[–]NightOfTheLivingHam 0 points1 point  (0 children)

If the price increases 10x.. Hell yes I would tear each one out, replace it with anything else, and take sadistic joy in throwing them down from where they once hung.

[–]throwreality 12 points13 points  (3 children)

I had an incident a month ago where a site which should have been blocked, which was on the block list, was not blocked. I put in a ticket after lecturing the kids who found it and they closed it saying it was fine. Not what I'm paying for.

[–]Hero17 1 point2 points  (2 children)

They literally said "it's fine", closed the ticket, and you didn't send any response back?

[–]throwreality 0 points1 point  (0 children)

They closed it with no response, I reopened it going "I had no reply for about a month and you guys closed this, what's the deal?" Guy assigned goes "it's fine" and closes it and then I reopen saying this is not right as the filters did not work at that point. His reply was something along the lines of "it's updated by the 3rd party we use, and it tests fine now." Second time was more professional. I just closed it after that.

[–]throwreality 0 points1 point  (0 children)


[–]S4ngin 1 point2 points  (0 children)

LOL, sorry man, but that is hilarious (to me, obviously not to you).

I flat out refused every Meraki device I was brought last year as a replacement for various hardware.

Hope it gets resolved.

[–]cryonova 0 points1 point  (0 children)

Yep, i find this with meraki too.

[–]brb08 34 points35 points  (7 children)

It seems like every IT company is trying to do more with less, whether that is outsourcing, employing less skilled workers, reduced headcount, etc. It's a scary trend.

[–]neilthecellistSolutions Engineering 9 points10 points  (0 children)

This comment hits way too close to home. Not in my current org, but at the last I worked at. I remember the network manager (good guy) presenting on the reasons why my last workplace went with Meraki, and they were legitimate reasons (budget, lifecycle, depreciation analysis, etc). But I knew that down the road as Meraki became more popularized, that this type of shit was going to start happening (poor support due to overcrowding of business clients and not enough support engineers).
Sounds like Cisco needs to start looking into resource capacity management. There's just one problem, and that's what /u/brb08 has already stated: It's a scary trend. As more businesses migrate towards buzzwords like "the cloud", these cloud based providers are going to get hammered with everything related to Cisco-related bugs down to stupid LCON-related issues like the customer firewall being down due to a bad power cable that the client (likely not knowing network fundamentals) is going to foot stomp Cisco Meraki support demanding action for something on the customer's end.

[–]Trumps_a_cunt 1 point2 points  (4 children)

I feel like every industry needs to trim the fact from time to time. It's just jarring for us because it hasn't really happened to IT much in the last 15 years (not including desktop level stuff like breakfix and PC sales)

[–]thecolonelcorn 5 points6 points  (1 child)

There's a difference between trimming fat and raising output expectations per staff member. It seemed that the utilization requirement for consultants and support techs was somewhere around 60-70% billable for most MSP's. Now I've seen more and more pushing to 80-100%. Goodbye ethics, hello turnover. Hopefully we'll see the industry see the negatives of this and see the expectations per employee stabilize.

[–]simple1689 1 point2 points  (0 children)

80% is 100% in my model.

[–]aXenoWhatroute route route your boat, gently down the stream 1 point2 points  (1 child)

Um, where have you been for the last 15 years?

[–]Trumps_a_cunt 0 points1 point  (0 children)

reddit, mostly.

[–]Gymnocalycium 0 points1 point  (0 children)

Yep, where I work a new company won the contract for managing the servers for a large organization where individual departments have leeway in whether they want to use the cloud or our local IT support. If you use local support, you have to pay for it. More and more departments are going to the cloud so the company that won the contract bid a much lower price and then slashed headcount. Because now half of the sys admins are gone and new ones will probably be less experienced, we'll probably go to the cloud. I'm not saying it was a bad idea, because of course IT people are gonna rail against cost-cutting measures and every reddit story about IT cost-cutting ends up in the company suffering in the end. Eventually we were gonna go to the cloud too, it was just a matter of when. Until now we had so many other fires going on that we were willing to pay through the nose for a relatively large amount of expensive sysadmins to put at us at ease.

[–]duffilCCNothing 12 points13 points  (8 children)

The only thing I can add here is that the standard response for me has been "let's do a factory reset". I'm sorry, you want me to factory reset my firewall? Umm what's option 2?

[–]drdoakcom 9 points10 points  (0 children)

Wow... That's the kind of response I usually associate with SonicWall... Not Cisco.

[–]Hero17 1 point2 points  (5 children)

What was the issue your firewall actually had?

[–]fatbabythompkins 6 points7 points  (0 children)

It factory reset occasionally.

[–]duffilCCNothing 3 points4 points  (3 children)

well...the big one was failover to inet2 for unknown reason multiple times per day. the first ticket I put in, there was no resolution other than factory reset...which I wasn't able to get downtime for. this is a remote site that we got via acquisition, and the only meraki infrastructure we have. I closed the ticket, tried a few things to get resolution on my side, opened another ticket to find out what metrics or protocols it used for failover functionality and was told it relies on ping to you can't change it. My ISP has inbound metrics to my site and it looks like maybe it was caused by latency...either way dropping all sessions multiple times a day doesn't make my users happy. I ended up pulling out the inet2 connection.

[–]sheps 6 points7 points  (0 children)

I believe they have now added the functionality to change this IP due to poplar demand. is a terrible choice for sending pings, as Google uses QoS and DDoS protection, so their routers will happy drop ICMP traffic like a rock whenever utilization is high. Or put another way, you typically want to configure dead gateway detection to the next hop (or two) beyond your gateway.

[–]fucamarooNetworks and Booze 4 points5 points  (0 children)

was told it relies on ping to you can't change it


[–]spin_kick 1 point2 points  (0 children)

Sophos is the same way

[–]EtherealMind2packetpushers.net 29 points30 points  (44 children)

Lots of turmoil inside Cisco as headcount reductions, reorganisation and product transitions are happening. I guess this has a knock-on effect into support.

[–]HoorayInternetDramaMeow 🐈🐈Meow 🐱🐱 Meow Meow🍺🐈🐱Meow A+! 15 points16 points  (0 children)

Those things are usually true for Cisco in the last 7 years.. However support is generally not touched since it's a HUGE money maker...

[–]FuckOracle 16 points17 points  (5 children)

Meraki operates almost independently. Cisco TAC doesn't even touch Meraki stuff.

[–]whoisthedizzle83 6 points7 points  (0 children)

Currently working in an AS lab, I've seen maybe 10 pieces of Meraki gear.

[–]EtherealMind2packetpushers.net -1 points0 points  (3 children)

This is changing. Meraki is being forced to integrate by Chuck Robbins and it will happen quickly to reduce costs in the near future.

[–][deleted]  (1 child)


    [–]gsoltesz 15 points16 points  (0 children)

    Can confirm, was with Cisco until not long ago.

    [–]TsuDoughNym 10 points11 points  (30 children)

    I'm starting with Cisco in August...hopefully I don't have to deal with this?

    [–]DocMNCCNP Wireless, CWAP, CWDP 44 points45 points  (4 children)

    lol, bless your heart

    [–]TsuDoughNym 9 points10 points  (3 children)

    Oh god...Don't say it like that.

    [–]vladbypass 7 points8 points  (2 children)

    Don't mind some of the people here. It's a great opportunity no matter how long it lasts anyway. As long as you work hard and stay ahead of the curve (not just R&S) then you'll be fine.

    [–]Rex9 0 points1 point  (1 child)

    Dunno about that. R&S is always needing good people. It gets discounted by people that have done it a long time, but we live in pretty rarified atmosphere, from a job perspective. Sure, there are plenty of self-trained semi-CCNA types, but when it comes to really understanding infrastructure, R&S is where it's at.

    [–]pyvpxobsessed with NetKAT 1 point2 points  (0 children)

    it's funny because I've been doing consulting for the past 5 years now, and the last two for a couple of enterprises. I come from a strictly service provider/routing & switching background.

    it's been a nice surprise to hear "oh my god, you really understand how all this stuff works? you fixed this in hours, not weeks!"

    enterprises just want shit that works. they really, truly do not want to think about it. granted I get called in when shit is very broken and has been for a while -- which makes it somewhat lucrative for me -- but yeah...get that R&S down and you'll have work so long as networks keep breaking (at least the next decade)

    [–][deleted]  (2 children)


      [–][deleted] 2 points3 points  (1 child)

      Now if only more managers shared your mindset instead of just looking at metrics.

      [–]moch__Make your own flair 3 points4 points  (2 children)

      I started 3 weeks ago, you'll be fine.

      [–]TsuDoughNym 0 points1 point  (1 child)

      Awesome. You in tech services?

      [–]flukz 1 point2 points  (13 children)

      Seems to say that whole let's get some seasoned people in here isn't happening since no seasoned engineer I've ever met has a job offer nine months out.

      [–]TsuDoughNym 0 points1 point  (12 children)

      I'm finishing my networking degree, had the job offer back in November. Hired through the student program so I'm not an off-the-street pick, if that clarifies anything.

      [–]flowirinSUN cert network admin. showing my age 15 points16 points  (6 children)

      that is an off the street pick

      [–]TsuDoughNym 1 point2 points  (5 children)

      Off the street meaning Joe Anybody applies at Cisco for a job, they assume he has previous knowledge and experience, certs, etc.

      I'm going through the SAPP program, they assume entry-level knowledge, train for 2 months, then put you on the job. Not 'off-the-street' in the canonical sense.

      [–]whoisthedizzle83 1 point2 points  (4 children)

      I'm a new co-op in AS, myself. From the couple of people I've met who went straight into the SAAP, spending some time cable-monkeying down in the lab would've done them some good.

      [–]TsuDoughNym 0 points1 point  (3 children)

      I've spent 4 years being a cable monkey, so I won't miss that. Going into TS through SAAP myself.

      [–]FailOverPeer 0 points1 point  (2 children)

      You start in August? What location?

      [–]Crackertron 0 points1 point  (4 children)

      How many interviews with Cisco did it take?

      [–]randomkidoEnjoys sniffing packets. 1 point2 points  (2 children)

      If it counts, I interviewed several years ago. Had 2-3 interviews. Plenty of experience with what I was doing in college and felt everything went well. Problem came down with physical placement after you complete the program. They could not even tell me what state I would be working at afterwards.

      [–]Crackertron 0 points1 point  (1 child)

      OK I wasn't asking for myself, I have a friend who tried getting a job with Cisco and had 7 or 8 interviews. Seemed excessive.

      [–]betterthanyoda56 0 points1 point  (0 children)

      Depends heavily on the role though. 7 or 8 interviews is not uncommon for medium tier positions.

      **edit: Words

      [–]TsuDoughNym 0 points1 point  (0 children)

      Three interviews....core, HR and technical.

      [–]PM-ME-D_CK-PICS 0 points1 point  (4 children)

      Aw, honey.

      [–]TsuDoughNym 0 points1 point  (3 children)

      I don't know what to think anymore.

      [–]PM-ME-D_CK-PICS 0 points1 point  (2 children)

      I'm just fucking with you man. Like any job, I'm sure it's what you make of it. But every guy I knew that worked for Cisco only worked there for a year or less before jumping ship.

      [–]TsuDoughNym 1 point2 points  (1 child)

      I doubt I'd leave after a year. There's a contract where you have to pay back ~$12,000 per year for each year of training if you leave. I'd rather stick it out and see what Cisco has in store for me....much better than my old job.

      [–]PM-ME-D_CK-PICS -1 points0 points  (0 children)

      Grass is greener on the other side. I hear ya. Good luck.

      [–]NightOfTheLivingHam 1 point2 points  (0 children)

      I saw cisco's decline when I was in highschool. They killed off the highschool outreaxh program while I was in the middle of taking it. Two months away from my ccna, and dropped. Had to take cisco class (sleep through it) in college. But during that time, cisco fired its us programmers and took development to India, within a year there were major exploits in IOS. IOS was once considered bullet proof.

      Another sign is the fact they now buy up their technology rather than develop it. Then spend years slowly integrating it into their systems and husking the company they bought. I have no doubt Meraki is going to be husked as well.

      They seem to be more interested in being a technology holdings company than a networking company.

      [–]neilthecellistSolutions Engineering 0 points1 point  (1 child)

      /u/EtherealMind2 wrote:
      Lots of turmoil inside Cisco as headcount reductions, reorganisation and product transitions are happening. I guess this has a knock-on effect into support.

      My last workplace had a network engineer who says this is typical of Cisco, to restructure once every 2 years. I can attest that many science-driven organizations such as biotech/pharma do similarly, and a coworker at my current org who used to work in a building colocated with Cisco says the same thing. There is no such thing as loyalty or "working upwards" at Cisco from the personal accounts I've had the honor of hearing from about.

      [–]EtherealMind2packetpushers.net 0 points1 point  (0 children)

      I've chosen not to work at Cisco. Its not a place where I would fit in and generally, it seem like a unhappy place to be. Exceptions exist, but I'm happier working with customers and doing real works.

      [–]NewdlesCCNA-RS, CCNA-V 0 points1 point  (1 child)

      They are also finally going through the process of fully integrating Cisco/Meraki under the same umbrella. Up until recently, Meraki still operated fairly independently.

      [–]ten_thousand_puppies 4 points5 points  (0 children)

      Where'd you see/hear that?

      [–][deleted] 15 points16 points  (3 children)

      Go easy on Cisco. Just revert and do the needful and all will be well.

      [–]always_creatingFounder, Manitonetworks.com 4 points5 points  (0 children)

      Everyday I'm hustlin'....and kindly doing the needful.

      [–]tehreal 1 point2 points  (0 children)

      Is this a reference?

      [–]spin_kick 0 points1 point  (0 children)

      Have a nice day ahead

      [–]ateamm 4 points5 points  (1 child)

      I haven't had any Meraki ticket open recently but they have always tried to instantly push the issue back on to you saying it's out of their scope.

      [–]Walkedairplane 1 point2 points  (0 children)

      I've experienced more or less the same. It's pretty ridiculous sometimes.

      [–]DigitalWhitewater 9 points10 points  (6 children)

      Honestly, from my own personal experiences, Meraki support has always been piss poor at best (mostly based on their timeliness of addressing issues). And that is being generous and kind. I've managed a handful of Meraki APs and switches for a little over three years now. While I do enjoy their hardware, I dread their support.

      It's pretty much like it's a red headed step child of Cisco TAC that gives the overall Cisco brand a bad image. Check your expectations of an expeditious resolution at the door and get ready to brew in frustration over what would have been solved within in a 4hr window with TAC. Instead of a quick resolution with a thoroughly knowledgeable engineer, you'll get one of the following depending on how you submitted your ticket:

      1) a phone call back in hour #8 after opening your ticket, at which point you've already gone home for the day. So you'll have to spend at least another day or two playing phone tag, even though you listed you're business hours when you initially opened you ticket.

      2) email response 2 days later, if they are quick about responding, after opening the ticket. The person that takes your ticket will be in a time zone so far ahead of yours that you can only get about 1-2 emails a day with them before they go home. And the kicker [IMHO], is that I've never experienced them rolling my ticket over to the incoming shift of Meraki TAC when they go home. So it ends up taking you a week and a half to solve any Meraki problem/issue.

      In the end, I think I can say that I've mostly been satisfied with the resolutions I've received once the ticket gets closed. It's just redonkulous how freaking long it takes to come to some type of resolution.

      [Edited some grammar]

      [–]Hero17 12 points13 points  (0 children)

      You know Meraki support isn't TAC right? If you want to talk to support on the phone just fucking call in.

      [–]doldrim 7 points8 points  (1 child)

      Meraki operates a separate company in cisco - one of the few acquisitions which is not integrated at all. They even come out with products in direct competition of other cisco groups.

      [–]jpeek 1 point2 points  (0 children)

      I would argue they don't compete. Cisco has enterprise features that Meraki doesn't. Meraki only really works in small office deployments.

      [–]Darkfold -1 points0 points  (2 children)

      Having used 'real' TAC a number of times, I've never had the mythical 4 hour fix. It's usually a multi-day misery that results in engineering images being sent to try and people claiming that it's not a bug, it's working as intended (despite clearly being against spec).

      Then there are things like ASR1k's just bombing and failing to boot for about half an hour on the IOS XE 3.16S train. Took me a week to get essentially a shrug from TAC on that one. Apparently they are normally quite slow to boot... Gave up, closed the ticket and fixed it myself with a downgrade, back to sub 5 minute boot times.

      Or a Firepower upgrade that just sat there stuck, dribbling in the corner. It wouldn't load the config that had been working about 20 minutes earlier on a minor point release one step below. Log a ticket due to problem mid maintenance window (~20:00UTC), chase it through the night trying to get someone to have a look at it, finally got a response around ~02:00UTC.

      [–][deleted]  (1 child)


        [–]Darkfold 0 points1 point  (0 children)

        Was purely commenting on the post above mine. I've never had a great TAC experience. I've never had a fast TAC experience. That's all, I'm well aware of the service levels people offer and I'm well aware of what's reasonable to expect.

        [–]NysyrCCNA 2 points3 points  (2 children)

        I don't have a problem with getting decent support with Cisco, but I usually throw an overwhelming amount of detailed logs and large problem descriptions that usually throws off the greener TAC engineers.

        I generally only open a TAC case if its for sure a bug, or RFC mudslinging with inter-vendor stuff.

        [–]gsoltesz 9 points10 points  (1 child)

        That's key right there: provide the barrage of standard info right off the bat, even if not needed (show-tech etc.), so you'll fend off any boilerplate BS answer.

        [–][deleted] 5 points6 points  (0 children)

        When given the opportunity I run away from a vendor I feel I need to do this with. However it's a great tactic when you're stuck in bed with the vendor.

        [–]IShouldDoSomeWorkCCNA+! 2 points3 points  (0 children)

        I haven't had it that bad yet but I am afraid of what will happen once we have some bigger issues. Last week our distribution switch showed ports flap for a few seconds and caused the entire LAN to drop for about a minute with STP doing its thing. We got told by support it was due to a WAN failover and routing convergence on an MX400 that is not routed to these distribution switches.

        The lack of visibility is very concerning to me and Cisco needing so many more techs compared to traditional Cat and Nexus lines(because I can't check anything and have to ask them to look) just makes me feel like everything is rushed.

        [–]Nemesis651CCNA 2 points3 points  (0 children)

        My guess is that they are either moving to a traditional TAC role from whatever support Meraki had, or as /u/shward said, folks are just bailing. I know their sourcefire line went through the same transition recently, and it was a few months of suck, before they relearned, as well as learned the Cisco TAC processes (quite different from their own internal processes) and started turning out results.

        [–]throwreality 2 points3 points  (0 children)

        I've noticed higher wait times and less knowledgeable staff lately as well. The ones that are helpful are like how it was before the buyout. :(

        [–]v1tal3NetConfig author 2 points3 points  (2 children)

        This is great to know. I'm currently evaluating a number of SD-WAN vendors, and Meraki was initially at the list. Thanks

        [–]MrNarc 4 points5 points  (1 child)

        We're into a 30 sites deployment of MX/Z1 and support has been responsive and helpful. Often though we heard that a "feature is not available", especially since we migrated from Junipers SSG.

        All in all though, the ease of management and reporting for the price beats the few trade-offs we did or workarounds we had to setup. The two big ones coming to mind are that PBR can only be run on two uplinks, and that they're is no out of the box traffic logging functionality you'll need syslog for that. QoS is also very basic with three queue priority levels.

        [–]HikeBikeSurf 4 points5 points  (0 children)

        Similar experience here.

        Over 3 years deploying over 30 combined MX/MS/MR networks and 650 Systems Manager clients.

        I can count the support cases I have had to open on one hand, and never had one open longer than a few days.

        I would gladly trade a dozen slow or unresponsive open cases for the management and deployment style of Meraki vs iOS.

        YMMV, but I recommend Meraki all the time.

        [–]shward 14 points15 points  (22 children)

        Observation, having visited Meraki's corporate offices a few times recently.

        The average age of their employee is probably 24. The folks there seem to give up very quickly and haven't learned perseverance when facing a difficult problem. Their senior support folks are maybe a few years older. This is not a rant against young IT professionals but an observation that when you only employ young professionals, you might miss out on stuff that us veterans have learned.

        This has also (as of a few months ago) been noticed internally at Meraki. They are actively trying to diversify their workforce agewise.

        [–]DocMNCCNP Wireless, CWAP, CWDP 23 points24 points  (14 children)

        As an experienced engineer, I can tell you there's no way in hell I'd work for TAC as one of the engineers. No way in hell.

        [–]TriforceTeching 16 points17 points  (0 children)

        Absolutely. I'm a network engineer to maintain, implement and engineer complex systems outside of the public's eye. My worst nightmare is working customer support tickets in real time over the phone with an angry systems admin experiencing very real problems.

        That being said, I have nothing but respect for those who work in TAC. It's just not for me.

        [–]chick-fil-ayy 0 points1 point  (11 children)

        Why? Just curious

        [–]drdoakcom 18 points19 points  (10 children)

        This kind of work is just a slog of angry/terrified/alarmed people who have angry bosses yelling at them with real, critical issues. Basically like working a normal desktop call center, except that when a customer calls, they may have tens of thousands of users down, with big money and bad publicity at risk. I have to imagine the tickets that come in that are merely information requests are a nice relief.

        Always be nice to your TAC engineers!

        [–]auromed 9 points10 points  (8 children)

        Depending on the team / workload TAC isn't as bad as you might think. On the positives... Set day length, at the end of your shift you hand off cases and go home. No on call or after hour issues. If you do work a weekend you get paid $500. You get to learn your technology / product to a level that very few people get a chance to. Oh... and no change controls.

        [–]drdoakcom 4 points5 points  (6 children)

        Wow... Set day length and weekend bonuses... No on call? AND NO ****** RFCs?????

        Hell with this Net Ops thing, I'm going to TAC!

        What happens when you hit end of shift in the middle of a call? I've never had a TAC guy hand me off (yet). How much training do they throw at you to keep up with the products?

        [–]auromed 8 points9 points  (2 children)

        TAC engineers usually aren't on-queue during their whole shift, so in your 8 hour day, you might only be responsible for taking new cases 4 hours. So, if you get a new case 10 minutes before your shift ends, the engineers usually have some time still left in their day. At the end of a shift, and hours tend to be pretty flexible, you do end up just sending an IM to someone on the next shift and pass off the case.

        As far as training... You don't get much official training, ie go to a class, but you do get a ton of lab resources and can escalate things to the people who actually created the products. From my experience TAC is pretty much a throw you in the deep end and see if you can keep your head above water kind of place. It seems overwhelming at first, but once you come to grips with that and once you understand how to use the resources around you it works. Not to mention, many times code gets pushed out the door before any documentation, so it's all about thinking on your feet and just engaging the right resources.

        It's also kinda calming on some level to be able to ask a customer that's going bonkers, "What were you thinking by upgrading to a x.0 version of code on a production piece of equipment the day it was released?"

        [–]drdoakcom 2 points3 points  (1 child)

        "What were you thinking by upgrading to a x.0 version of code on a production piece of equipment the day it was released?"

        That's as good a place as any for the Gump response: "Because you told me to, drill sergeant?" ("You" not being TAC in this instance) I've had bosses with a strong affinity for firmware updates before. Newer is better!

        [–]auromed 1 point2 points  (0 children)

        I think I've been on the other side of that as well. "New code means new features and I'm sure the developers tested it."

        After being in support, I never - ever want to run anyones .0 code. Getting code out the door ends up taking precedence and the fact that customers can upgrade or downgrade usually with a couple clicks means what is essentially beta code ships and those early adopters get to test it. I think that's pretty common across any industry these days. Do more with less, means let someone else do the really extensive testing.

        [–]IShouldDoSomeWorkCCNA+! 0 points1 point  (2 children)

        Having been on with TAC as they rebuilt the Oracle db for WCS/NCS/PI for the 2nd time I got to watch the transition happen. A new TAC engineer joins the call and the current one makes sure he is aware of what is going on and where at in the process you are and drops off. Informs you of everything they are doing along the way as well.

        Also that was a fun 8 hour call that started at 10pm....I hate Prime Infrastructure.

        [–]jwBTC 0 points1 point  (0 children)

        Prime is always SOME level of broken. And I say that as a user back when it was WCS...

        We had Cisco do a campus SDN presentation for us, and they showed us a bunch of half-done demos. Also, it required replacing 99% of the current Cisco gear we own though it is most all still currently supported, even the new 6880 IA stuff we just bought from them a year ago and still haven't fully deployed (jokes on us apparently - we bought a dead end product!)

        Jeez Cisco!

        [–]WhyYesIamDrunk 1 point2 points  (0 children)

        That hits home about knowing the product. I work in TAC for a fairly small company, and my knowledge of the product and its workings is enormous. The downside is that once I leave the company, unless the company I move to is using our product, a lot of that knowledge will be wasted.

        [–]brb08 1 point2 points  (0 children)

        Can confirm all of this lol

        [–][deleted] 0 points1 point  (0 children)

        I switched to a TAC like environment after years in Corporate IT. It definitely takes some getting used to but I know the family likes that I don't bring work home with me.

        [–]parcel621CCNA 3 points4 points  (5 children)

        That wouldn't surprise me whatsoever. As someone who is still new to networking on the whole, I really appreciate having someone experienced who in a huge pinch can help/provide a different perspective. I get really discouraged when I don't fully understand the problem, or am unsure of how to approach it and that's were a seasoned person's is worth their weight in gold.

        [–]Sleep_FasterCCNA, ACMA 10 points11 points  (4 children)

        Man, well said. I'm 25 and been doing this for about 3 years - all entirely on my own. I wouldn't say I give up easily, but the insecurity runs deep and that manifests itself as 'giving up' sometimes. The, "I don't know enough to figure this out" or more accurately, "This can't be as easy as it is to solve because no one as green as me could figure this out". Or what I struggle with the most, "I don't even know what I don't know!"

        I self study, run a solid (non-flapping) network and am told "you're doing fine and rock solid in emergencies", but I know I'm missing out on being part of a more experienced team. I know that a guy with 10, 15, 25 years is far more calm, decisive and knowledgeable than I could possibly be right now. I don't compare myself to them, but I do wish I could learn and work with/for one or several.

        Side note, I really question guys who are 'cocky' now more than ever. Running an entire network on my own has been the most humbling experience of my life. I only know what I've experienced and even THAT I don't know very well, there's always another fucking layer deeper. It's exciting and demoralizing all at the same time "I will never run out of new materiel to learn!" and "I can never know enough..."

        [–]beef-o-lipso 4 points5 points  (1 child)

        I know that a guy with 10, 15, 25 years is far more calm, decisive and knowledgeable than I could possibly be right now.

        In 7, 12, 22 years time, you'll be that cool, collected cat.

        [–]jwBTC 2 points3 points  (0 children)

        My older guys would just listen to my rants like Sleep_Faster just had, would smile, and calmly tell me "your doing just fine!"

        I would counter with "but how am I ever going to know/figure out X" - and again they would just gleam and say "with time!"

        [–]shward 4 points5 points  (0 children)

        Thank you for sharing your experience. I appreciate your perspective. I think you are more mature in your career than you may feel. Lots of people don't have this perspective until they have been doing things a lot longer than you.

        [–]drdoakcom 5 points6 points  (0 children)

        This was pretty much how I started. It is a rough road having to go entirely off your own research. I'm not sure if there is ever a point at which you feel like you know enough though. You do certainly get calmer in the face of chaos. Or... burn out in spectacular fashion.

        Cocky usually just means they haven't been doing it long enough... There's a rafting saying: There are those that have flipped, and those that will flip. If you're cocky, you haven't been bit in the ass enough times yet.

        Sounds like you do, in fact, know at least some of what you don't know.

        [–]BloodyIron 0 points1 point  (0 children)

        The environment might not foster/reward persistence so this could be a training shortcoming.

        [–][deleted] 1 point2 points  (0 children)

        I'm sad to hear this, have used meraki products frequently between 2011 and 2016. I was always impressed. After Cisco acquired them I was even jealous of the pictures they had of their support office in CA. Looked very "google-ish". I hope things improve for them.

        Edit: spelling

        [–]adstretch 1 point2 points  (0 children)

        I've had a ticket about MR42s going into repeater mode at one of my sites dozens of time a day. Same configuration as all our other sites except the other sites have different model APs some older and some newer. Best I've got is them blaming the firmware but there have been 2 patches since the issue started (one rolled back everywhere when they realized it was bad) and still no improvement. Super frustrating and they just keep messaging asking if it's resolved. As if we have some control over their code base.

        Really considering switching away from Meraki in our 8 sites (no pun intended).

        [–]flembob 1 point2 points  (0 children)

        Their tech support definitely leaves something to be desired - agreed it was good at one point in time but it's clear they have had problems scaling. At least they haven't outsourced it to a foreign land where it's impossibly difficult to communicate with the rep due to language issues.

        As for the products, they have a niche, but we don't use them in any critical part of our network. I can't imagine anyone using Meraki for serious firewall/switching needs. If anyone is actually using something like an MX600 or MS425 in their network, I'd love to hear the use case!

        We have pulled the last of their AP's out. While everything looks very pretty in the dashboard, they suck at RRM. We had to manually set channels and transmit power because neighboring AP's were using the same channels. "Tech Support" couldn't figure it out.

        That said, one thing that they do pretty well is remote office worker VPN. We have a ton of Z1's out in the field and they work pretty well, and our PC techs can deploy them when they do setups for these folks. That's the only thing that has been pretty solid for us.

        [–]jasonlitka 1 point2 points  (0 children)

        Nope. What sort of issues are you having where you'd have that many cases open and for months on end?

        I think I've opened a total of 20 or so tickets in 2 years, most of which were "I don't know how to do this". The couple defect tickets I had were resolved with a phone call and a firmware upgrade/downgrade.

        [–]SilkyZ[🍰] 1 point2 points  (1 child)

        Yeah, is one of the reasons our company is going to Aruba, we just couldn't get any support out of Cisco.

        [–]eppemskCCNA R&S/Security 1 point2 points  (0 children)

        It's funny we are leaving Aruba for this reason. They were purchased by HP and have started rolling their services/support/sales in together. They sent us 3 trial APs and each had a different out of box failure. After having Aruba for 11 years we are going to Cisco.

        [–]Syde80 1 point2 points  (2 children)

        Well they did layoff over 10% of their workforce back in November. This is certainly going to have an impact across many departments.


        [–]ciscojoe 0 points1 point  (1 child)

        The article you linked to was the rumor. The actual number was less.

        [–]Syde80 0 points1 point  (0 children)

        My bad, I couldn't remember the exact number and that was just one of the first google results about it. Looks like the actual number was around 5,500 employees. That is probably still somewhere close to 5% of their headcount, which is still rather significant.

        [–]bangsmackpow 0 points1 point  (0 children)

        My support calls with them have been hit and miss. When I get someone good, they are really good. Everyone else is just average and I likely figure out the issue or offer the suggestion to do something on there end to resolve the problem (firmware related usually). There was a period of about 2 weeks before K-12 school started last year that call wait times were 1+ hours. Since then, I'm usually talking to someone in under 15 minutes.

        [–]yer_momma 0 points1 point  (0 children)

        Besides having to wait in hold for what seemed like forever the last few times I've used it they've been very helpful and stayed on until the issue was resolved.

        [–]iaindings 0 points1 point  (1 child)

        Only been using them a few months but never had anything resolved by support properly. The best example was a dhcp issue on our MX firewalls - we have HP switches with IP helpers on each VLAN pointing at a windows server on the other side of a VPN to AWS. This worked perfectly with our las firewalls, but after moving to meraki the DHCP stopped working at some sites. The vpn just wasn't passing the dhcp requests over the vpn, they were reaching the LAN interface but then being dropped. Happened on meraki to meraki tunnels too so wasn't to do with the godawful third party vpn support. We eventually found that sites with hp 2910 switches were failing and the ones with 5400 switches were working. We put in a ticket with a concise description, packet captures of working and not working setups etc. Eventually (days) later we get a "please call us to troubleshoot further" and when we call we find the engineer isn't available. So we email asking what more detail they need, to wait days again and then get another email asking to call. Gave up, the temporary dhcp servers are still there 3 months on

        [–]Hero17 0 points1 point  (0 children)

        Eventually (days) later we get a "please call us to troubleshoot further" and when we call we find the engineer isn't available.

        Why didn't you start troubleshooting with the engineer who picked up the phone?

        [–]butimprobablywrong 0 points1 point  (0 children)

        Ever think about trying riverbed?

        [–]trippinwontnothardSubject-matter expert 0 points1 point  (0 children)

        I just opened a case asking when full OSPF routes will be enabled on MX devices. I also asked if EIGRP would ever be added. I could really use this, it's kind of a PITA when trying to integrate a MX hub with a real network.

        There is a large amount of working being done on the routing protocol support for both the MX and MS lines at present.

        While we do not have an ETA on these features being added we will provide a notification as soon as these features are available.

        [–]duffilCCNothing 0 points1 point  (0 children)

        who's the Meraki mole in here? I just got surveys for the last two tickets I opened. :D

        [–]czer0wns 0 points1 point  (2 children)

        I did a thirty-day trial with them back in August, and had a 50% failure OOTB on the 4 boxes they sent me. Then it took 48 minutes to get someone to answer the phone and all he said was "Let's RMA it"

        [–]Hero17 0 points1 point  (1 child)

        failure OOTB

        Let's RMA it

        I'm not seeing a problem here.

        [–]czer0wns 0 points1 point  (0 children)

        you don't see a problem with 2 of 4 devices being dead on arrival?

        or almost an hour hold to get ahold of a tech to open a ticket?

        [–]-pANIC- 0 points1 point  (0 children)

        Semi-support related but I get fairly upset over not know what the hardware is actually doing. Why do I need to call into support to find out how much load the CPU / Memory are currently under?

        I've had a couple of recent experiences calling in and being put into the hold queue for upwards of 30 mins at a time. That is a completely unacceptable period of time to wait for support considering the premium cost of the hardware and yearly renewal fees over their competitors products.

        Meraki you don't seem to understand, we don't have to choose you. You're riding on your laurels and that game has long past.

        [–]flowirinSUN cert network admin. showing my age -2 points-1 points  (0 children)

        i've found the best method is to go to their forum and rant.

        [–]flyinfishface -2 points-1 points  (0 children)

        I had a demo to test out their auto vpn. I had wanted to run one of the units as a concentrator. The dude kept saying something about it had to be "on top" of our network.... And I had to stop him and say look man, I don't know what you mean by top or bottom, because that's some general direction that doesn't make any sense to me and it's your perspective.

        So we go back and forth a bit with me trying things. I finally realize he's trying to tell me that I have to run it IN LINE with the rest of my network. I'm not at a big place, but our core is a Nexus 7K and we have a couple Palo Altos in HA. So I started laughing at him like a dick for really wasting my time because he had no fucking idea why it was completely stupid to get it the way he thought it was supposed to be. I had read these could run in concentrator mode.

        So I found a couple docs on MERAKI'S OWN SITE and sent them to him, told him this is what I wanted to do. Anyway, he still insisted on it being "on top" or on the bottom.

        Anyway, I told the guy I didn't need his help and got it working myself.

        About a year ago, I was looking at Meraki when I worked for a university with a LOT more crap. I had a CCIE that had switched over and he was trying to sell me on edge switches. That guy actually was really knowledgeable and impressed me a bit.

        So yeah, downhill for sure.

        edit: downvotes, but no one has a coherent response?

        [–]Usernamex75 -2 points-1 points  (0 children)

        There's free wifi in my neighborhood served by meraki routers that have been down since before I moved there, 7 years ago.

        [–]ChaseRidaStudying Cisco Cert -1 points0 points  (0 children)

        Support I had was great! Thought they would want their equipment back when we did the RMA, buuuuut they didn't want their crap either, so it was recycled.

        [–]TiNk3Rz -1 points0 points  (0 children)

        I've opened multiple cases with Meraki. They ALWAYS end in "Please update/replace/restart/factory-defaults".

        I've -NEVER- worked with a meraki support "professional" that knew what they were doing. Sure they knew how to click around on the webpage, but basic networking knowledge was out the door.

        SO... we are replacing all remote offices that are currently using Meraki with a much better solution. We've refreshed our support agreements for the rest of the year and that's that. Goodbye Meraki!

        [–]antonserious -5 points-4 points  (0 children)

        Another case of corporation buying soon-to-be competitor in new niche to drive them down into none-existence.