Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts

What are your opinions of Cisco Meraki?

About a week ago, one of my fellow ITNA classmates talked to me about Cisco Meraki. According to him, they have a free trial of their service, which includes $3000+ of routing and switching equipment and 3 years of their Meraki service. After looking into it further, I discovered that the equipment includes modern, up-to-date APs routers, and switches, all of which are managed via cloud-based services, and it includes 3 years of their premium Meraki management service. In my opinion, this would be very useful for small businesses and agencies, but it would be under-performing for larger corporations. According to various customers, they have very mixed reviews. On one end of the spectrum, they glorify Meraki for its simple configuration, easy-to-use UI/UX, fast updates, and its ease of use. On the other end, they criticize Meraki heavily for lack of complex mobility, application management, field service, and complex use. Furthermore, they do not like internal components being configured externally, and the APs have low ranges. Some reviews claimed these lack of features exist to prevent Meraki from competing with Cisco Enterprise. I understand both the appeals and criticisms of Cisco Meraki, but given how mixed the opinions are on the topic, I was wanting to know your opinions on Cisco Meraki. Below I have linked the page to the Meraki free trial.

70% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast

Meraki is great for places where there are a lot of cookie-cutter small locations with simple security policies. Think Starbucks, Arbys, Chevron... etc. These places need something that just works, without needing to have complex remote management, and simple security policies. Keep payment away from everything else.

This is the type of environment I work in and while I did prefer Velocloud more than Meraki when it came down to it we went Meraki because it was slightly cheaper and we found a partner that offered a complete solution for branch management. ie. they now manage circuits and aggregation for us which is a huge load off our shoulders when we have more core business objectives to focus on.

If your bigger or have more complex requirements I would seriously consider looking at velocloud and cloud genix.

Original Poster3 points · 10 months ago

My thoughts exactly. Thanks for the input

Like /u/Nuttycomputer said it is great for the retail environment. I just left a company with ~800 locations and Meraki worked well enough for wireless. I still had some issues with them but that may have been related to the MSP that was running the system.

For anything else I will and do avoid them like the plague. Poorly implemented features/random GUI bugs(settings turned on but not really applied in CLI)/horrible troubleshooting(paperclip reset). I had to live through Meraki in my corporate environment and it was a nightmare for support.

Sr. Wireless Architect | BSEE
1 point · 10 months ago

Bingo. This ^

I work for an MSP that is exclusively selling Meraki products for networking and is a Meraki partner. I'm working hard to move away from Meraki firewalls.

Take a look at their documentation and get a feel for how they inform their customers on their product features. It's pretty basic, and that’s an indicator of the type of support you get.

We serve lots of healthcare clients that have signed contracts with other vendors that necessitate the VPN traffic be nat'd to a different subnet for a VPN connection. Meraki does not natively support this, and you must have another appliance to handle these VPN terminations.

We had a healthcare vendor that needed remote access to a particular subnet. Typically, we would create a client VPN connection for them specific to the VLAN/subnet they need. You cannot do this with Meraki, and you will need something like OpenVPN to get it working.

I recently troubleshot an issue with an Active Directory server that wouldn't allow WMI to load in server manager, meaning all of the management functions in Server 2016 server manager were not there. After troubleshooting the issue for a long time, we found that the Meraki queries WMI every 5 seconds. Meraki's documentation hardly says anything about this issue. Take every remote site you have connecting to that domain controller and multiply it. You can understand why Meraki should have taken the time to lay this out on their configuration page for Active Directory integration.

Another issue one of our engineers recently encountered was the Meraki blocking active FTP sessions. All IPS and IDS, along with content filtering was off. Several calls were made to Meraki before they identified the issue. We were told to upgrade to the beta firmware to fix the issue.

Content filtering is a joke, and I have heard that they are trying to move away from BrightCloud for their filtering in their beta firmware, but I'm pretty underwhelmed and don't care to turn on content filtering on any client devices because it has blocked Office 365 communication plenty of times.

You will need to re-learn ACL management when configuring Meraki appliances. When you have lots of ACLs, support is still likely to say that they need you to clean out all of the ACLs to ensure it is set up right. Meraki doesn't have a way to save a copy of the running config - so have fun putting all of those rules back in.

You will wait for 1-2 hours for support if you are on the east coast past 12:00 PM. Before that, the rest of the country isn't awake yet, and you can get in touch in about 5-10 minutes.

If you have any more questions let me know and I am happy to help.

AMA TP-Link,DrayTek and SonicWall
5 points · 10 months ago · edited 10 months ago

They are ok for soho/branches etc with no skilled IT staff since it can be plug and play and there wireless is ok.

They try to make a larger play but they can't really compete even with a Cisco switch since they don't have feature parity so they don't have EIGRP etc. They also have some frustrating limitations and design flaws like the fact you need internet up for the device to get new config which can be a problem in an outage.

You also have to contact support for a number of features / troubleshooting tools that aren't in the web interface.

So let me get this straight, you want me to pay for a subscription service for wireless hardware that I install on premises just so I can manage it from the cloud, and will stop working if I stop paying? No thanks.

Original Poster2 points · 10 months ago

Basically lol.

I wouldn’t be against the service/subscription fees if the hardware was free/cheap. But it’s damn expensive, so for the price, I’d rather get something else.

Depends on who is managing it. Value in that type of design is not usually for us knob turners.

rfc9000 - Bitchslap over IP
1 point · 10 months ago

It doesn't stop working. You just can't update the config. The config is stored locally on the device, if it looses the cloud part it keeps working of its local config.

Make your own flair
4 points · 10 months ago

Meraki is basically glorified small business equipment. It has a nice UI, and is designed to be "easy" to use. In an effort to make it easy, they stripped out features that would make their product actually viable in a larger enviornment.

There are hidden config options that only Meraki has access to, that you can't set yourself, even if you know exactly what you want. There is no debug mode, logging is fairly limited and basic, there's no console at all. I've written scripts to pull SNMP data to pull more in the way of specifics than the stock UI gives you. You're still quite limited though, as there's a pretty small window between what you get stock, and what you can get by polling SNMP with a script.

Sometimes devices will just ignore the static IPs that you've set, and decide to do their own thing. Stacking is particularly buggy, and bad at this.

Multi-wan doesn't always behave the way in which you want, and you're limited in how much visibility you have into what its doing at any given moment.

You can setup hosts that the controller is supposed to poll so that you can pull up historical connection info, except that function is also buggy. I had a support tech tell me somewhat recently (~6 months ago) that he was surprised that I was able to get as many hosts as I did reporting (about 8), because he didn't think it would work. It later stopped working.

They're not super cheap either. Their target audience is completely people who think they're getting "good" network equipment (because its expensive), but lack the skill to evaluate whether or not the equipment they're running is any good.

3 points · 10 months ago

This is something that I am battling with. We are looking into a SD-WAN type solution for future, but mainly split tunneling for now.

One guy on the team thinks Meraki is the best thing ever. I personally would rather go with the Juniper SRX or some other option that if we need to do some heavy customizations, we're not locked down like Meraki.

Basically, managements goal is this, place Meraki in our warehouses were a lot of wireless scanning of products. We have MPLS at all of these sites, bring in a local ISP and do split tunneling (public external, internal MPLS).

Then grow from there and do true SD-WAN where there is some logic on whether what traffic goes. I personally don't want to us IWAN and have already axed that.

Original Poster2 points · 10 months ago

Meraki is simple and easy to use, but it lacks complex applications and configurations. Based on your goals, Meraki might not be able to get the job done. I haven't personally used Meraki, but according to others who've used the product, the lack of complex configurations is so severe, that many had issues configuring a VPN.

3 points · 10 months ago

I've been using and deploying Meraki APs for a 3 years already, MR72 with sector antennae, and they have been the only ones to be able to handle a really large amount of users on public wifi (think a large music festival with high density of users) and the problems have been minimal, and support is always there to help.

Now, I understand the licensing concerns, and also it being an expensive solution, but you gotta evaluate cost and benefit. Also, being a Meraki partner, and now a Cisco partner can get you real good discounts when building new projects.

We will be deploying a Meraki MX84 and we already installed 18 x MR72 on a site replacing a Fortinet solution that was poorly designed, and so far the wifi coverage has been improved considerably. Waiting to see how the Meraki security can help us, but with the advanced security license it's a good pitch for customers who need a robust solution.

As already /u/Nuttycomputer mentioned it's great for the cookie cutter multiple locations that you need the same or similar setup. For the SMB networks, I feel their product offering is great and works very well for the one man shops out there. Configuration is easy, the feature set is simple and it just 'works.' The fact that I can submit an order and have that order configured before it even arrives at my door is great, literally plug and play.

In the enterprise game or a larger company, I cannot foresee Meraki fitting the bill for all products, maybe their APs since they're fairly straightforward. Be realistic, it's just an AP, while there are better and cheaper options out there they technically can and would work. I don't see their switches or security appliances working for a large enterprise.

My exposure is very limited with Meraki and only limited to their APs, current deployment, and security appliances for remote sites, 1-3 users. I have been unimpressed with their switches and have had enough headaches with their security appliances so far. They work great but can be annoying.

Original Poster1 point · 10 months ago

I appreciate the added context. Thanks for your opinion.

2 points · 10 months ago

Boy I sure wish it would tell me which AP can't reach that new subnet it wants access to. My AP disassociated every client last night and nothing in the logs as to why. Rebooting fixed it.

Otherwise no complaints. It's easy to use, but some settings felt like they're in weird places until you find it. Still trying to figure out SNMP on it but I think that's just user error, I'm not sure tbh.

2 points · 10 months ago · edited 10 months ago

For small business they are great. I just deployed 30+ MS 350 switches as access switches and they work ok, not a lot of options but it makes it easy for entry level network engineers to manage. I also deployed MX400's and MS425 with issues. I don't think Meraki is ready for the datacenter... far from ready. Only for small deployments where not much is needed.

Edit: Seriously, for small business... that should be the slogan. These things are not made for anything semi-advanced. FW are lacking, Stacking is on switches is buggy specially when using aggregation groups.

To some, the phone is a weapon
2 points · 10 months ago

Simply put: Meraki has its little box. If you fit in it, it's amazing. Tons of great features and benefits.

If you are not in said box: in for a bad time.

Meanwhile Ubiquiti is far less expensive, with no license cost all for hardware that is 85%-90% as capable from a technical standpoint but with fewer features.

what are network?
3 points · 10 months ago

I think more people fit inside that box than would like to admit. Lots of snowflake networks out there.

professional blame deflector
1 point · 9 months ago

imho, meraki is great for small business, but large enterprise networks may want more features and such.

but you're right, I imagine a lot of small, simple companies want to think they're more advanced in infrastructure than they actually are.

what are network?
2 points · 9 months ago

I have a few Fortune 500 clients who could benefit from Meraki. They feel the same way, though. They “need” features and nerd knobs. I just laugh, because as they say that they can barely keep up with projects as it is. They never have time to implement any “cool” features and have basic network management issues.

Most folks don’t actually understand the business requirements of the network they’re building. So, they over engineer the whole thing just in case. I think maybe that’s where the fear of losing features comes from.

Disruptive technology rarely is as feature-rich or doesn’t perform as well as current technology. It’s disruptive because it addresses actual needs and doesn’t address what customers think they need.

Sorry for the rant!

professional blame deflector
1 point · 9 months ago

No worries, I wholeheartedly agree with everything you've said. I can think of every place I've worked at so far that had some crazy large tool and we only utilized maybe 10% of it.

2 points · 10 months ago

You don't get 3 years worth of service if you're doing a Meraki trial, they do like 14 days by default and you can typically push it to a month. Their subscriptions are available in 1,3,5,7,10 year terms.

/r/meraki may have some good posts regarding issues/feedback.

If you have an all Meraki network and your VPNs are all between sites you manage, you can leverage the auto-VPN and it 'just works' very well. If you need VPNs to other organizations (even to other Meraki gear that's not in your network), chances are you'll run into at some point. Both the site-to-site and client VPN implementation are completely half-assed.

Wireless I generally have no issues with, it's worked well in my experience. Biggest issue is trying to use them for a wireless bridge - they don't support trunking/VLANs over wireless, so if you're looking for a point-to-point wireless solution, look elsewhere.

Their switching hardware seems overpriced for what you get. They don't really publish any specs like you'd get from another vendor. You're really paying a premium for managing the stuff through the dashboard. We hardly sell any Meraki switches due to their price point, the customers that can afford them would rather go Cisco.

3 points · 10 months ago

My freebies are sitting in three year licenses. I also do VLANs over my wireless with separate VLANs on different SSIDs.

3 points · 10 months ago

For the wireless, it's when you're using the wireless as a bridge. Regular client SSIDs can be mapped to different VLANs, but if you're trying to use it as a bridge (like one building is bridged to another over wireless), only 1 VLAN can pass over that link. Most point-to-point wireless bridges can act like a trunk and pass multiple VLANs over.

1 point · 10 months ago

Oh I got you. I misunderstood. My bad

Original Poster1 point · 10 months ago

I can't remember where exactly I was shown the 3 year trial, but when I do I'll link it to you. And I agree with the overpriced switching hardware sentiment and the overall half-assed configurations

7 points · 10 months ago

If you complete certain training courses (like the CMNA class), you'll get a switch/firewall/AP for 3 years. That bundle is different from a trial meant to sell Meraki to a client.

We got a free ap, and firewall for sitting through a webinar. All with 3 yr licenses.

Original Poster1 point · 10 months ago

I'll try and find the specifics, and link it to you. You might be right, but allow me to validate and get back to you.

We will be moving away from Meraki wifi/FW as soon as our licensing is over with

For us once the "cool cloud interface" ran we were kind of like "meh" about the product

My hospitals use almost all Meraki equipment. They work fine. A little pricey, but it works great. We use the MX400 for routers, MR42/52s for APs, and Apple DEP within Meraki for our MDM solution. Cannot complain really. The only issue I have faced is vendors not being able to utilize site-to-site VPNs. On the Meraki hardware, you are advertising a subnet for the VPN, so the vendor has to include the whole subnet which can cause issues with their other VPNs if they cannot NAT it correctly. So all I did was run a ASA5525x behind the MX400, NAT a WAN address to it, and run some vendor VPNs on the ASA. Easy workaround.

2 points · 10 months ago

So all I did was run a ASA5525x behind the MX400, NAT a WAN address to it, and run some vendor VPNs on the ASA. Easy workaround.

I've had to either maintain separate non-Meraki firewall or rip out Meraki just for this reason. Not an easy pill for customers to swallow after they just invested into brand new Meraki and they find out some very basic stuff won't work.

Yeah it can be difficult if you don't have the available addresses or an ASA laying around like we did

rfc9000 - Bitchslap over IP
1 point · 10 months ago

You had issues with crappy site to site VPN, so you bought an ASA?! Welcome to a whole new world of half baked site to site VPN implementation.

No? I had an ASA already laying around. And it works perfectly fine for our setup.

professional blame deflector
1 point · 9 months ago

Network Engineer for a smaller franchiser of a well-known restaurant. We use Cisco Meraki for our restaurants because it's simple and all we're using it for is to deliver the free public wifi to the restaurant customers. It's simple to use and IMHO great for cases where you only have one AP in the whole building.

At my last job (large insurance company) we had Cisco CAPWAPs that talked to WLCS controllers that talked to Cisco Prime, which is great for a large enterprise network. Meraki would have failed hardcore to support that large of an infrastructure.

I think Meraki is an excellent product if you know how to make it work for you and it meets your requirements, to rate it based on a brand name alone is just a waste of time. there are many things to take into consideration such as Budget, ease of use, scalability, features.. blah blah. I do think they have a good place in the market and based on the few implementations I've done. both small and large, they work. Not everyone has the budget for an ASA or a Palo.

Community Details





###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
Rule #1: No Home Networking.
Rule #2: No Certification Brain Dumps / Cheating.
Rule #3: No BlogSpam / Traffic re-direction.
Rule #4: No Low Quality Posts.
Rule #5: No Early Career Advice.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.