01-29-2022 12:13 PM
Hi
I'm looking for Cisco routers with mostly security in mind.
The first router interfacing the Internet is an ATT 1Gps router, which has open ports for tech support and no password to block access to the router web admin webpage. I cannot replace this router - ATT does not allow it. The Cisco router will sit behind the ATT one.
I am new to networking but here are the specs I have so far:
1) IPS/IDS with encryption (TLS).
2) Throughput should be at least 300Mbps with #1
3) Restrict router changes to specified MAC sources.
4) Turn off Wifi/Internet connection at specific times (e.g overnight)
5) At least 4 ports; 5 or 6 would be better.
6) WPA3 enterprise - is its possible to get router/security appliance/RADIUS in one hardware
7) Budget : around $2000 USD total
I will need some initial support in setup.
What Cisco models do you recommend ? I am considering the MX68W.
Thank you
Uzma
01-30-2022 03:24 PM - edited 01-31-2022 05:26 PM
The MX68W has 802.ac wave 2, rather than 802.11ax. So it's not quite WiFi6. Also, it doesn't support WPA3. Only the standalone access points (like the MR36) have both WiFi6 and WPA3.
Management is done via the cloud, not via any local web interface (the local web interface is only used for configuring access to the Internet for it to get to the Meraki cloud). You can use MFA with your Meraki login, and you can also restrict access to specific public IP addresses - but I've never seen anyone do that. MFA is the gold standard.
With an MR36 you can create local users and you don't need RADIUS for this.
https://documentation.meraki.com/MR/Encryption_and_Authentication/Cloud_Hosted_Meraki_Authentication
The best combination would be an MX68 and an MR36.
02-01-2022 02:39 PM
Thank you for the feedback.
It looks like MR36 also supports WPA3 Enterprise. Would I need additional hardware to set up the RADIUS server ?
I prefer the enterprise WiFi with its stronger encryption.
Can the Cisco Meraki hardware be set up without working with a cisco vendor.
I have found only basic installation guides. I am hoping for security setup guidelines.
Regards,
Uzma
02-01-2022 03:00 PM
>Would I need additional hardware to set up the RADIUS server ?
No. You can create Meraki Users, and authenticate using them.
>Can the Cisco Meraki hardware be set up without working with a cisco vendor.
That depends on your skill level ...
>I have found only basic installation guides. I am hoping for security setup guidelines.
The Meraki documentation is excellent.
https://documentation.meraki.com/
You will get better help in the Cisco Meraki community rather than here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide