Cisco Enterprise Presents at Tech Field Day Extra at Cisco Live EMEA

Centralized Management Distributed Enforcement with Cisco Secure Connect

Watch on YouTube
Watch on Vimeo

Akshar Patel, a product manager for Cisco Secure Connect, presented information about Cisco’s Secure Connect and how it provides a true unified SASE (Secure Access Service Edge) experience at scale. He introduced the concept of SASE, which combines networking and security into a unified platform, and explained the evolution of SASE from disjointed components to integrated multi-vendor solutions, and finally to single-vendor unified solutions like Cisco Secure Connect.

Secure Connect is built on two platforms: Meraki SD-WAN and Umbrella SASE solution. The architecture is designed to connect and secure branches, remote access users, and ZTNA (Zero Trust Network Access) methods. It enables secure access to resources on the internet, on-premises, or in public/private clouds.

Akshar focused on branch connectivity and cloud security functionalities, emphasizing the firewall aspect. He highlighted the simplicity of onboarding branches to the Secure Connect platform and the ability to handle large numbers of sites quickly. The demo showed how Secure Connect integrates into the Meraki dashboard, allowing users to connect sites to regions and verify connectivity.

He addressed concerns about latency and bandwidth, explaining that Secure Connect optimizes traffic within the data center and between regions. The solution provides guaranteed bandwidth per uplink per site, and prioritizes traffic based on quality of service (QoS) policies.

Akshar also discussed cloud security functions, including DNS inspection, cloud firewall with IPS inspection, and Secure Web Gateway (SWG) for deeper inspection. He introduced a centralized management interface for global policy enforcement, allowing users to define rules once and apply them across multiple branches and the cloud.

Finally, he addressed questions about API access, licensing, egress charges, and traffic analytics, indicating that Secure Connect offers detailed reporting and control over traffic and policies.

Personnel: Akshar Patel

Cisco Meraki and Catalyst Wireless – Better Together

Watch on YouTube
Watch on Vimeo

Scott Irey presented the launch announcement of Cloud Monitoring for Catalyst Wireless, which is an extension of Cloud Monitoring for Catalyst Switching introduced about 18 months prior. Starting in April, users can access the early public beta release to onboard Catalyst wireless controllers. This release marks the first round of native integration with iOS XE, aiming to simplify network operations.

Scott discussed the primary goals of Cloud Monitoring, emphasizing simplification of operations, event monitoring, performance monitoring, and the introduction of new features such as configuration history and image upgrades for Catalyst devices. He also highlighted the ease of performing packet captures with the new system, which requires fewer steps compared to traditional methods.

Scott addressed the API-driven nature of the system, the plan to bring intelligent packet capture to the system, and the licensing structure, which includes Cloud Monitoring with DNA licenses, with the Advantage license offering additional client traffic analytics.

The presentation went into detail about the native integration of Meraki tunnel with iOS XE, the registration process for Catalyst devices, and the onboarding process, which involves claiming the device in the dashboard and deciding how to organize the APs. Scott also clarified that the APs only need to reach the dashboard during registration, after which all communication is through the controller.

Scott then demonstrated the onboarding process, showing how to claim a controller and add it to a network in the dashboard. He also discussed the limitations of the current system compared to native Meraki devices, the strategic positioning of the Meraki dashboard compared to DNA Center, and future capabilities like configuration management and software upgrades.

The presentation concluded with an overview of how the Meraki dashboard pulls data from iOS XE data stores and the possibility of integrating AI-driven solutions in the future.

Personnel: Scott Irey

What’s Next for Cisco Meraki Switching in 2024

Watch on YouTube
Watch on Vimeo

Brennan Martin and Alex Burger from Cisco Meraki discussed the upcoming MS17 firmware release for Meraki Switching platforms. The key features they highlighted include:

1. Device Health: MS17 will provide detailed information on CPU and memory utilization, as well as switch and environmental temperature for each individual switch. This will help in understanding if issues are related to device performance or environmental factors, such as a data center being too hot.
2. Remote SPAN and VLAN-based SPAN: These features have been highly requested and will allow traffic to be mirrored from selected ports or VLANs across the network to another switch.
3. Dynamic Port Profiles: MS17 will introduce the ability to create automations for configuring switch ports based on triggers like CDP, MAC OUIs, and RADIUS responses, which will automatically apply the appropriate port profile when a device is connected.
4. Radius Configuration: This isn’t directly related to firmware but will allow consistent configurations to be managed at the organization level, simplifying the process of setting up RADIUS servers and policies.
5. Cloud PCAP and Packet Analysis: MS17 will offer cloud-based packet capture and analysis, allowing users to store, share, download, and analyze packet captures directly from the Meraki dashboard.
6. MAC Block List: This feature will enable users to quickly block misbehaving clients, integrating with the same APIs used for wireless and MX products.
7. Adaptive Policy: Introduction of adaptive policy on compact switches, allowing for in-line SGTs and micro-segmentation controlled through the dashboard, interoperable with other Cisco TrustSec-capable devices.
8. Digital Optical Monitoring: MS17 will provide health metrics for devices plugged into the switch, such as TX/RX power, temperature, voltage, and current, with Meraki and Cisco optics supported initially. This will help in predicting issues before module failure.

The release is expected to be in beta in the second quarter and stable GA in the third quarter. The goal is to maintain Meraki’s simplicity while improving integration with other products and adding more advanced features.

Personnel: Alex Burger, Brennan Martin

Cisco Catalyst 9000 Cloud Evolution: Born Meraki

Watch on YouTube
Watch on Vimeo

Alex Burger and Nico Darrow from the Meraki Product Organization discuss the expansion of the Catalyst 9300-M portfolio and its integration into the Meraki Dashboard. The Catalyst C9300-M is designed to bring together Cisco’s hardware capabilities with the cloud management features of the Meraki Dashboard, offering flexibility and a unified platform for various customer environments.

Nico elaborates on the benefits of using the Meraki Dashboard for configuration, visibility, and ecosystem integration. He highlights the ease of provisioning and management, including firmware upgrades and day-to-day operations. The discussion also covers the hardware announcement of 15 new switch models, including the 9300-X and 9300-L series, which offer features like 25 gig uplinks and UPOE+ (up to 90 watts per port).

They discuss the 9300-X as a new fiber aggregation switch with high port density and stack-wise capabilities. The 9300-L models are presented as a cost-effective alternative with similar features but targeted at smaller remote offices.

The conversation also touches on smart building convergence, with the 9300-X enabling the convergence of IT and OT networks through adaptive policy and smart power management. They explain how the Meraki Dashboard allows for monitoring and automating power usage and environmental conditions.

Finally, they address the ability to migrate existing Catalyst switches to Meraki management and vice versa, as well as simplified licensing options. The talk concludes with a discussion about adaptive policy for micro-segmentation, integration with Cisco security operations, and the potential for future developments in granular security controls.

Personnel: Alex Burger, Nico Darrow