Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts

Revisiting Cisco Meraki for the Enterprise

My company has been researching replacing our traditional Cisco switches and wireless in our branch networks with the Meraki alternatives. I found this post from a few years ago, and was wondering if anyone might have anything more to add, especially now that their hardware has been improved by actual Cisco.

88% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
level 1
26 points · 1 year ago

Meraki is fine for small to medium sized companies with small IT departments who have to support small branch offices in far off places where you have no local IT staff. If you don't fit that very narrow use case, Meraki is almost assuredly not the appropriate product for whatever problem you're trying to solve.

That said, Meraki and Enterprise are two words that should not ever be in the same sentence.

level 2
LESS ANGRY AND HAS A NEW JOB6 points · 1 year ago

+1 for this.

Work in a retail environment bucking the trend of brick and mortar these days. We're adding an increasing amount of stores year to year. Meraki deployments really make getting the network side up at the retail locations pretty easy.

But, like /u/flembob said up top, I gotta say I'm really nervous after the object storage snafu.

level 3

We thankfully don't use them for anything mission critical. Like you we have sites that we often need to turn up quickly, and the MX line with VPN gets that job done. But I'm nervous as heck now, especially considering the responses (or lack thereof) of how they are preventing this from happening again.

level 2

I do love Meraki at 5 user, very remote locations. Awesome, reliable, 5 STARS. Large environments? No love there. Even their Ethernet switches are over shadowed by the Netgears of the world.

level 3
CCNP Wireless, CWAP, CWDP3 points · 1 year ago

That's the only time I recommend it.

level 1
31 points · 1 year ago · edited 1 year ago

So Meraki just suffered a major data loss event. All customer uploaded data was lost:

Networks: Custom splash themes, Custom floor plans, Custom Dashboard branding logos used in navigation, Uploaded device placement photos

Systems Management: Contact images, Custom enterprise apps

UC: IVR menu audio files, Hold music, Contact images, Voicemail greetings

They had no backups. Yep, a company you are trusting to run your enterprise network had NO backups. We use them for some WiFi and a lot of VPN. We are re-evaluating them as a solution going forward. What if they deleted all of your network configurations (which they give you no way of backing up on premise)?

Not good.

level 2

Wow, we are just about to start a rather large, ~3,000 site deployment with them. I don't deal with network much, and boy am I glad ;)

level 2

Yup. I would never even consider meraki for the production network. Especially after this. We only use them for guest wifi on public internet connections and it was enough of a pain in the ass.

level 3

We have a bunch of MX security appliances which still have 3 years left on the licenses. We're going to ditch them soon, partly because of this incident and partly because I'm fed up of telling my CTO "sorry, our firewalls can't do that"

level 2
-14 points · 1 year ago(3 children)
level 3
Comment deleted1 year ago
level 4
ACMP,CCNP,JNCIP0 points · 1 year ago

Found a few but im not looking for some third party regarding for this. Looking from the official from Meraki(cisco), Have yet to find. However you are correct in that i was lazy with my googling

level 1
9 points · 1 year ago · edited 1 year ago

A lot of the things I posted in here are still relevant.

They havent released a new stable update in a long time (last was Dec 22, 2016), they keep pushing customers to use beta firmware to fix on going issues like issues with the content filter randomly blocking legit traffic.

Recent event:

They did just release a new firmware management interface which was much needed and it makes it easier to jump on the beta firmware/roll back without having to contact support.

Another thing is if you are planning to VPN with non meraki devices, you are very limited on routing options. I just ran into this issue recently connecting a non internet AWS VPC as a backup site. I was hoping to just forward all the traffic inside AWS to use the on site internet. Nope, gotta spin up an AWS meraki instance to do all the fancy stuff.

Our site was one of those that was hit with the data loss recently, all we lost was our captive portal images. Not a huge deal, however its mind boggling that they lost something in their "cloud"

level 1

I do not quite like them as much because all of the little configuration options in Cisco gear that are not present. Usually they are options most people never use, but I have found a number of times where one of those options would make a piece of Meraki gear work in some specific instance.

Essentially the difference is comparing iPhone(Meraki) to Pixel(Cisco)

Merkaki is easier, and much harder to muck it all up. Cisco is way easier to configure wrong, but can be tweaked in powerful ways.

level 1

Meraki is a huge headache that comes at a massive cost. Yearly licensing, over priced and under performing hardware. Cisco taking over actually made it worse.

Ubiquiti's UniFi is a much better solution for those looking for a simple turn key solution. Lower hardware cost that performs better, no yearly licensing and management retains control of most features.

To do something simple like disable the 2.4GHz band with Meraki requires contacting support so the engineers can do it.

Meraki support is nothing short of a joke. They do not respond and when they do they rarely seem to have read up on your ticket. Of the three I sent in before we parted ways 2 were closed as resolved without any contact or resolution and the third was ignored. This left multiple k-12 edu sites without networking for over a week.

Then there is their terrible firmware. Almost every update broke something. Each time they promised the next one will fix it... It never did. We even got out on beta firmware trails.

Their meshing never worked, seemless hand off was a sick joke. Auto power settings never worked well. Honestly the only feature that ever worked correctly and was nice to have was the MDM.

I cannot advise against Meraki enough. My theory is Cisco only acquired them for their cloud management tech and then they quit trying.

level 1
2 points · 1 year ago

I had a 40-node CVO deployment (nightmare to setup and configure) 1941's at small offices, 819W's at home offices.

Replacing it with MX85 at the head end, Z1's at home, MX65's at small offices. Went from 2 hours config per device to 90 seconds. It's now a task I can hand off to the helpdesk to click 4 places and ship.

level 1

Talk with your vendor. When I was going through a network refresh last year they were pushing Meraki and Meraki sent me an AP to play with for free. I still get emails from them; attend this webinar and talk to us about your current deployment and we will send you a device to play with.

I use the AP they sent as my Guest Wifi for our branch office.

level 1
2 points · 1 year ago

We utilize Meraki for their APs, they work great and are a wonderful addition. As for their switches and Firewalls, I wouldn't touch them.

We did the free trials for both products, sure they're low end and entry level but, we were not impressed, as /u/yarpblat said, they're great for those branch offices or if you have a small IT team.

level 1
2 points · 1 year ago

For wireless? Sure. For firewall and switching? Not a chance.

There are too many other, better, options out there.

level 1
3 points · 1 year ago

To be honest, I would recommend Ubiquity UniFi over Meraki. I have used both, and UniFi so far is just easier to use, and the firmware update is on YOUR schedule rather than the vendor's. Meraki drove me nuts with their scheduled firmware updates. I had to call support to reschedule all the time because they would consistently schedule around 8-9PM local time and people would still be working.

Plus, as /u/flembob pointed out, they just revealed that they don't have a functional DR for their own servers. This is an unforgivable sin in my opinion.

level 2
Comment deleted1 year ago
level 3
2 points · 1 year ago

Well, a smallish enterprise would be fine. < 2000 users. Any bigger than that and I would probably go with Cisco or HP enterprise solutions.

level 3

Yeah, I'd agree, with the UniFi is not for enterprise, but it's honestly better than Meraki.

I would definitely trust the Ubiquiti EdgeMax gear in a small to medium environment for remote sites and access switching as long as the network core was something more reliable. The EdgeMax gear + UniFi access points makes a pretty solid setup for sites with less than ~200 users.

level 1

Love the WAPs and cloud controller, but not a fan of the firewalls and switches.

level 1

I have some wireless deployed in branches (1 AP) and they work just fine. In my corporate office, which isn't big and only has 4 AP's but has a ton of RF interference around it, I had nothing but problems. Bugs in firmware, lots of device dropping. I tweaked all the setting per support's requests and issue still persisted. Had a few people tell me my model of AP (MR32) was highly problematic for they replaced with the new MR33 and their problems went away with no other changes being made

I ended up swapping out to Ubiquiti UAP-AC-PRO's as a test case and all the problems went away. I did zero tuning on the Ubiquiti stuff. No, I did not have a proper site survey done with the Meraki stuff, but neither did I with the Ubiquiti gear.

I never deployed switches, but I have the MS220-8P at home. Their switches are nothing special, will be WAY less configurable than the cisco gear you are used too (so will the wireless for that matter) and the pricing on them is outrageous compared to alternate options. They just raised prices in fact.

All this being said, Meraki's best product is easily their wireless gear, and my experience is in the minority in that area, but as I was pulling the plug on the MX line (which I had in limited deployment), I had no reason to keep the MR wireless stuff either. The wireless may work great for you, it really depends on your needs. I think the MS switch line isn't worthwhile for anyone but MSP's.

The L7 visibility/shaping through the cloud controller is nice, but I have plenty of complaints with that. The ease of deployment because of the cloud controller is nice as well, but if this is truly an "enterprise" deployment, then I don't see how the cloud controller is a make or break for you.

level 1

What about Service Provider? Does meraki make sense for them? If not, why Not?

level 1

They don't support anything but passthrough IPv6


level 2

But that's okay because IPv6 is the devil and NAT is security /s

level 1

I've heard that Meraki has a significant security issue in that you can slam APs (and likely other devices) from one account to another simply by entering the serial numbers in the new destination account.

Let your minds go wild with that one for a moment.

level 2

This is incorrect. The only way to claim Meraki equipment that's been in use is for the previous owner to unclaim it first. Only an administrator for that organization can do that.

level 1
CCNP Voice CCNP CCDP1 point · 1 year ago

There is very little in the way of troubleshooting tools in the Meraki dashboard. i've wasted hours on the phone with their support since you can't look at simple things.

level 1

I set up a small wireless deployment ~ a year ago, and my biggest problem was the lack of troubleshooting option. We used one of their virtual MX appliances to tunnel a guest network to the Internet edge, and it did not want to play nice with out VMware. It turned out to be a problem with our VMware, so not Merakis fault, but finding that out was not easy because you have almost no options for troubleshooting. The only access you have is the web portal, no direct access to the equipment, no low level configuration, no good logs and no debugging. Troubleshooting was like trying to figure out what someone is doing by watching their shadow.

level 1

We just moved from Procurve to Catalyst 4500X for Core/Meraki MS 225 for Access. If I had to do it over again, I would go with 2960X. Why? Let me count the reasons:

  • There is no local console. So if you want to Troubleshoot Problems the Switch needs to be able to contact the Cloud. If it can't, your SOL.

  • There was a known issue with Firmware that caused us to have to RMA 5 of the 15 Switches we ordered for the Project because they wouldn't boot. No known fix for it other than RMA.

  • You have to deal with Meraki TAC, instead of Cisco. Meraki is fine, but it doesn't have the same level of competence/expertise I get from Cisco TAC.

  • Even if you statically assign a Static IP to something if it can't ping the Meraki Cloud, it'll flip the device over to another VLAN. I hate when devices try and do things like that without Administrator Input.

level 1


level 1
-5 points · 1 year ago(0 children)
level 2
4 points · 1 year ago

One thing about Meraki is that as long as you renew your subscription you will always have a updated hardware w/o having to worry of the equipment's End-of-Life date coz Meraki will give you the latest replacement model if your model reach EOL.

Is that true? Meraki will replace your hardware for free when it hits EoL with an active license?

level 3
12 points · 1 year ago

It is not. See: - relevant portions below:

  • Cisco Meraki cannot guarantee that legacy hardware products will be able to connect to the management software indefinitely following the EOST Date;

  • Cisco Meraki Technical Support may no longer troubleshoot the legacy hardware products;

As the link above states, those are the only two situations wherein Meraki "will use our best efforts to provide the customer with a workable solution for upgrading from the legacy hardware and, failing that, will refund to the customer the value of any remaining license term attributable to the legacy hardware as of the EOST Date."

Thus, EOL =/= "get new equipment for free". At best they'll find a "workable solution", whatever that means, or give you a refund on the remaining license time, at worst you're going to be running super old junk because Meraki can still troubleshoot it for you and it can still connect to the Meraki cloud dashboard.

level 4
2 points · 1 year ago

That's what I thought... Appreciate the effort to dig that up. Misinformation is so easily spread nowadays....

level 5

I got my information from Cisco them self.. But Yarpblat is indeed correct for saying that Meraki cannot guarantee that LEGACY product will be supported, that is why Cisco(Meraki products only) are offering new replacement product(not maintain old device) as long as your within subscription.. check directly with a Cisco representative to find out fact would be my advice

level 2

Curious how you'd define really large. We are considering replacing about 70 traditional WAPs with Meraki at one location. I love managing our small branch offices with it but I'm hesitant that about losing some of the advanced configuration the WLC provides for our larger scale network.

level 3

If your managing only one site better to do it with Cisco Aeronet.

Community Details





###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
Rule #1: No Home Networking.
Rule #2: No Certification Brain Dumps / Cheating.
Rule #3: No BlogSpam / Traffic re-direction.
Rule #4: No Low Quality Posts.
Rule #5: No Early Career Advice.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.