I have very mixed emotions about posting a diagram of the network at my house. On one hand the network is super cool and lets me do all kinds of interesting things so I think a lot of people will be interested in it. On the other hand giving information that could be used by hackers might not be such a good idea. I don’t think I am giving away to much crucial information, but I don’t know that to be the case.
OK. Here it is. I use a bunch of Meraki networking equipment from Cisco. Meraki is a cloud managed infrastructure company that was bought by Cisco in 2012. Cisco seems to position it for smallish companies who need first class networking but don’t have lots of people to support it. Cisco handles all of the patching, network maintenance, etc. but you still have complete control to do about whatever you want. In my case, it can do more things that I am capable of doing.
I wanted a network that could:
- Provide a wide physical area of WiFi coverage (I live out in the country in lots of space)
- Provide private and public WiFi on separate VLANs
- Wirelessly extend both the WiFi and the ethernet network into the barn
- Traffic shape all of the networks onto the Internet
- Manage my children access to the Internet
- Provide excellent firewall services
I have a close friend who works at Cisco as an Application Engineer who convinced me to choose Meraki. Overall I am sure that there is a premium that you need to pay, but it works great and is easy to learn and administrate.
First the physical diagram:
The MR60W was designed to be a complete small office solution. It has
- 5 ports of 1G ethernet
- WiFi (Both 5G Hz and 2.4GHz)
- Connection to Internet
The MR60W has been superseded by the MR64W, Cisco appears to have removed the MR60W product landing page from their website or I would have linked to it, but I did find a review here. They call this the “security appliance” as it is the principal device in securing your network.
The MS22P (which has also been obsoleted) is a 24 port, power-over-ethernet, gigabit ethernet switch. It supports all of the switching things that I needed to do to have separate VLANs. This looks like it has been replaced by the MS220-24. In my office I have several devices that I run on wired ethernet including a couple of MACs, and a 17TB dual ethernet Segate RAID box.
The MR66s are outdoor access points that I use to
- Bridge between the Barn and my house (they have Yagis)
- Provide Wifi in the barn and around the back of my house
- Provide ethernet in the Barn
This is a picture of the access point attached to the side of my porch. You can see the Yagi antenna on the left.
This is a picture of the “other end” of the bridge. The Yagi points towards my house and the other Yagi.
The MR16 is is a WiFI access point (that has been superseded by the MR18). It is located in the far corner of my upstairs and provided Wifi for the front part of the house. It runs off of Power-over-Ethernet (which made it easy to install).
When you enter the Meraki control website there are an unbelievable number of configuration and monitoring screens that you have access to. Here are a few of the menus:
The “Cients” menu give you this screen where you can monitor the clients that are accessing your network and whitelist or blacklist them. Notice that I have two unknown people who joined the guest network blocked (probably the neighbors kids).
This menu gives you access to all of the configuration settings of your network including VLANs, Wireless network, DHCP etc. The system will also allow you to create VPN tunnels between offices.
Here is the DHCP screen. You can see that I have a number of “fixed” IP assignment based on ethernet mac addresses.
This menu has global settings about your network, for instance the Administrators menu where you can configure everyone who is allowed to log into the management web page.
This menu allows you to control the switches on your network.
Here is a screenshot of the MS22P Ethernet Switch:
This menu allows you to control your wireless networks.
Here is the screen that shows the status of one of the WiFi Access Points
All in all the network works very well. Send me an email or leave a comment if you have a question.