Last updated: 22 April 2021

Lab Manual #1
Engineering Cisco Meraki Solutions 1
Table of Contents

Getting Started 3
Lab Credentials / Dashboard Access 3

How to Read the Lab Manual 5

Lab Station References (IP Addressing) 6
ECMS1 Lab Topology 7

Preliminary Deployment 8

Lab 1 – Setup and Configuration 8

Exercise A – MX Security Appliance Setup 8
Exercise B – MS Switch Setup 9
Exercise C – MR Wireless Setup 11
Exercise D – MV Camera Setup 12
Exercise E – SM Device Profile Setup 12

2
Getting Started
Welcome to the first lab period of the ECMS1 training course. During lab, you will be
utilizing the Meraki Dashboard to perform a series of exercises that will help you become
familiar with various aspects of day-to-day network administration and operation. But
before you start, we must prepare you with some important information in order to help
you properly log into your assigned lab station.

Lab Credentials / Dashboard Access

You will soon receive an e-mail from Cisco Meraki that looks similar to the one shown
below. Please carefully take note of the important information in this e-mail including the
lab station number you are assigned to, your lab station login email, and the
password.

3
Within your web browser, navigate to https://dashboard.meraki.com and log in with the
information you received in the e-mail. As you log into Dashboard, you should pay close
attention to ensure that you are working within the right lab network. For example, if you
have been assigned to Lab Station #7 then you should see very clearly at the top that
you are signed in using the right user account and working in the right lab station
network. You will also see a letter after the word “lab” which denotes which rack of
equipment you have been assigned (it should match your login e-mail).

Verification for Lab Station #7 (Rack C)

Hint: The Cisco Meraki Dashboard is compatible with the most recent version of Firefox, Internet
Explorer, and Chrome web browsers. However, the most recommended browser is Chrome as it
provides the best and most consistent user interface experience. It should also be noted that MV
security camera streaming is not supported on Windows 7 + Internet Explorer 11.

4
How to Read the Lab Manual
Throughout all of the lab manuals you will see various notations that serve to call out
different types of information. These are classified into the following categories:

Important: These are high priority, critical bits of instructions that you must read carefully and pay close
attention to performing correctly or they could have an adverse effect on your lab station.

Note: These are typically warnings that usually serve as reminders as they are sometimes easily
overlooked or missed.

Hint: These are useful pieces of advice that could help point you in the right direction or help draw your
attention to hard-to-find or confusing configurations.

Information: These serve as additional footnotes and reference materials sourced from the official
Meraki documentation portal (located at: https://documentation.meraki.com) for various topics or
technologies.

5
Lab Station References (IP Addressing)
Throughout the lab exercises, you will occasionally see instructions that reference your
lab station number. These references appear as a green “n” whereby it should be
immediately replaced by your lab station number:

Example Instruction: Rename the MX’s name as “MX [n]”

● Lab Station 7’s results: MX [7]
● Lab Station 18’s results: MX [18]

A similar but slightly different instruction may tell you to add your lab station number –
again referenced as “n” – to an existing value. This should be treated as a simple add (+)
operation, as illustrated in the following example:

Example Instruction: Use the following as the subnet: 10.0. [ 10 + n ] .0/24

● Lab Station 7’s correct results: 10.0.17.0/24 (10 + 7 = 17)
● Lab Station 18’s correct results: 10.0.28.0/24 (10 + 18 = 28)

Important: It would be incorrect if a concatenation were to be used, such as 10.0.107.0/24 for Lab
Station 7 or 10.0.1018.0/24 for Lab Station 18 – these are incorrect and possibly invalid IP addressing
values.

This type of replacement applies not just to subnets but also to IP addressing and VLAN
instructions in the lab manual. Here are some more examples:

Example Instruction: Use the following as the IP address: 10.0. [ 150 + n ] .1

● Lab Station 7’s correct results: 10.0.157.1 (150 + 7 = 157)
● Lab Station 18’s correct results: 10.0.168.1 (150 + 18 = 168)

Example Instruction: Configure the access port to be in VLAN [ 600 + n ].

● Lab Station 7 would configure the port to be in VLAN 607 (600 + 7 = 607)
● Lab Station 18 would configure the port to be in VLAN 618 (600 + 18 = 618)

6
ECMS1 Lab Topology
The following diagram depicts the general topology of the ECMS1 lab architecture. The
design of the network is the same for all lab stations throughout all lab manuals.

Figure 1: ECMS1 Lab Topology Diagram

7
Preliminary Deployment
For most brand new Meraki deployments, a user would begin by establishing a
Dashboard account and creating an Organization for their operational entity. Upon
receiving their sales/purchase order information – typically consisting of data such as the
tracking number for their shipped equipment, serial numbers, and purchased licenses
keys – those devices and licenses can be claimed in the Dashboard. Administrators may
then proceed to create and define networks for which they will allocate the claimed
devices. Our lab will begin from this setup and configuration stage of the deployment.

Lab 1 – Setup and Configuration

As stated above, you will begin by setting up the Meraki stack with basic network
configurations. These settings represent typical deployments and your focus is on getting
the devices up and running with common configurations. As you progress through the
labs, the exercises will have you evolve the network in ways that take advantage and
utilize different features in order to address various needs of an organization.

Exercise A – MX Security Appliance Setup

1. First make sure that you’ve selected your Lab”n” network from the Network drop-
down menu in the top left corner of the page.

2. Start by navigating to your MX security appliance’s details page using Monitor >
Appliance status. This details page provides a lot of key information and details of
your appliance’s current status and access to other data or tools.

3. By default, the MX’s name will appear as its MAC address - look for and click on the
pencil icon which will allow you to change/edit the name. Proceed to rename the MX’s
name as “MX [n]” where n is your station number.

4. You will now proceed to set up the MX with various VLANs to be utilized by a variety
of different traffic types. Navigate to Configure > Addressing & VLANs and proceed
to enable VLANs and add the following local VLANs as per the information in the table
below:

8
Important: Do not remove or change VLAN 1 which is configured by default.

Name: Corp Name: Voice

Subnet: 10.0. [ 10 + n ] .0/24 Subnet: 10.0. [ 30 + n ] .0/24
MX IP: 10.0. [ 10 + n ] .1 MX IP: 10.0. [ 30 + n ] .1
VLAN ID: 10 VLAN ID: 30
Group policy: None Group policy: None
Name: Video Name: Guest
Subnet: 10.0. [ 50 + n ] .0/24 Subnet: 10.0. [ 100 + n ] .0/24
MX IP: 10.0. [ 50 + n ] .1 MX IP: 10.0. [ 100 + n ] .1
VLAN ID: 50 VLAN ID: 100
Group policy: None Group policy: None

5. Ensure that all LAN ports on the MX are configured as trunk ports with native VLAN 1
and allow all VLANs.

6. Conclude your MX configuration by reserving a pool of IP addresses within VLAN 10

(Corp) for the addresses within the range of .150 through .250. This block of
addresses will be saved for future deployments (but not actually used in the ECMS1
lab).

Hint: Navigate to the DHCP page for your security appliance and scroll down to the Corp VLAN to look
for “Reserved IP ranges” where you can then make the above requested address reservations.

Exercise B – MS Switch Setup

1. Begin by first finding and accessing your MS switch by navigating to the Monitor >
Switches page – you should see only one switch listed. Click on the switch to see
more details.

Note: It is expected at this point to see an alert at the top of the switch status page indicating a VLAN
mismatch on port 24. This will go away when you configure this port in a later step.

9
2. By default, the MS’s name will appear as its MAC address - look for and click on the
pencil icon which will allow you to change/edit the name. Proceed to rename the MS’s
name as “MS [n]” where n is your station number.

3. In this deployment, switch ports 10 to 14 will be designated for MV cameras that will
be installed on a later date. Navigate to the Switch ports page and implement the
following settings using the Virtual Stacking method of bulk configuring ports:
● Type: Access
● VLAN: 50
● Tags: Video
● PoE: enabled

Hint: To save the tag, press the “Enter” keyboard key after typing the desired tag name.

Additional Reading: To learn more about Virtual Stacking, reference the following knowledge base
document: https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Switch_Ports

4. Switch ports 15 to 18 will be reserved specifically for voice (VoIP) traffic. Use the
virtual stacking method again to configure these ports:
● Type: Access
● VLAN: 1
● Voice VLAN: 30
● Tags: VoIP
● PoE: Enabled

5. On the switch ports page, you will be able to see the various devices that the network
has identified through the discovery protocol packets if the column for “CDP/LLDP”
has been added (if not, click the wrench icon on the top right of the table and check
the box for “CDP/LLDP” to see that information). This is one of the several ways to
identify various devices and where they are currently plugged into your wired
infrastructure.

10
6. Identify the port that your MR access point is connected to and proceed to configure
this single port with a tag of “Wireless”. Leave all other port settings as they are.

Exercise C – MR Wireless Setup

1. Begin by first finding and accessing your MR access point by navigating to the
Monitor > Access points page – you should see only one access point listed. Click
on the AP to see more details.

2. By default, the MR’s name will appear as its MAC address - look for and click on the
pencil icon which will allow you to change/edit the name. Proceed to rename the MR’s
name as “MR [n]” where n is your station number.

3. Navigate to Configure > SSIDs and proceed to enable as well as rename two SSIDs.
Rename the first SSID as “Corporate” and the other as “Guest” – be sure to save your
changes before leaving the page.

Hint: You should rename/repurpose the default SSID (usually named “LabX – Wireless WiFi”) as one of
the two SSIDs you are creating.

4. You will now configure the wireless settings for these SSIDs. Proceed to Configure >
Access control and make sure that you select the desired SSID from the drop-down
menu at the top (either “Corporate” or “Guest” depending on which one you are
configuring) before making the following configurations for each SSID:

SSID: Corporate SSID: Guest

Association requirements: Association requirements:
● Pre-shared key with WPA2 ● Open (no encryption)
● Password: Meraki123 Splash page:
Splash page: ● Click-through
● None (direct access) Client IP assignment:
Client IP assignment: ● Bridge mode
● NAT mode: Use Meraki DHCP VLAN tagging:

11
 ● Use VLAN tagging
● VLAN ID (All other APs): 100

5. Because we are using a click-through splash page for our “Guest” SSID, we will want
to have them re-authenticate every 30 minutes. Navigate to Configure > Splash
page and change the frequency to every half hour.

Exercise D – MV Camera Setup

1. Your company has split up the building infrastructure team apart from the network
team, and the building infrastructure team has chosen to put the MV cameras into a
separate Dashboard network. Navigate to the Cameras Dashboard network by
clicking on the network drop-down menu in the top left of the page.

2. Begin by first finding and accessing your MV cameras by navigating to the Monitor >
Cameras page – you should have at least one camera listed. Click on any of the
cameras to see more details.

3. You should now see a live feed of the camera. Verify that the camera is recording
video by clicking anywhere in the timeline slider below the live feed to playback
historical footage.

4. Switch to the “Network” tab and verify that the camera has an IP address, it is in good
health status, and the firmware & configuration are up to date. On this tab will also be
the Tools section – use the “Ping camera” button to ensure the MV is active and
responding.

5. When you’re done, navigate back to your Lab”n” network using the Network drop-
down menu in the top left corner of the page.

Exercise E – SM Device Profile Setup

1. To create a device profile within Systems Manager, navigate to Manage > Settings
and click on the “+ Add profile” button near the upper-right corner.

2. Select the radio button for a “Device profile (default)” as that will give us access to the

12
 most number of configurable Systems Manager settings and is supported on all device
types.

3. Name this profile “Corporate Devices” and then continue by defining the Profile
Removal Policy with the following settings:
● Removal Policy: Require password to remove this profile
o Password: Meraki123
● Scope: with ANY of the following tags
● Device tags: create a tag named “corp”

Hint: When attempting to create the device tag, click on the field and type “corp” and click “Create
option” immediately below it to confirm and create this custom tag.

4. Now that we have defined (using tags) the scope that the profile will be pushed out to,
we must define the various settings and restrictions. “Add settings” near the left side of
the page will open up the full list of SM configurable options. Proceed to add the
following settings:
● Restrictions: remove the ability to use the camera on the device
● Passcode Policy: allow simple value, require alphanumeric values, and a minimum
length of 6 characters
● WiFi Settings: use Sentry as the configuration type, your lab station’s wireless
network, and have devices auto join your “Corporate” SSID

Note: Make sure to save all settings for this profile before navigating away.

*** End of Lab 1 ***

(We will be reviewing Section 1 before moving on to Section 2. You may now take a
break but do not move on until Lab Manual #2 has been distributed and your instructor

13
 informs you that it is time for the next lab period.)

14