Meraki mesh networking tests

Wireless mesh networking is included and enabled by default in every Cisco Meraki AP. The goal is to create a self-healing network that is resilient to cable and switch failures.

But, how does it works exactly?
How does an AP choose between the existing neighbors?
How can we monitor the status and performances of a mesh link?
And as it is enable by default, is it possible to deactivate this feature?

Mesh Network Components

In a mesh network, access points can be in one of two states: Gateway, or Repeater.

Gateways

AP in gateway mode are connected to the wired network, granting it an uplink to the Internet. If a gateway loses its Internet connection, it will look for another nearby gateway and automatically failover and acting as a repeater, allowing it to continue serving clients.

The AP determines if it should be a repeater or a gateway on boot, when it sends out a DHCP request on the wired interface; if it receives a DHCP reply, it assumes that it has a valid LAN connection and will become a gateway. If a gateway AP is unable to reach the LAN gateway/upstream router, the AP will fail over to repeater mode. We will see this more in details below.

Repeaters

AP in repeater mode are not directly connected to the wired network, instead relying on wireless mesh link(s) to reach the Internet. As long as the repeater has power and an acceptable wireless connection to another repeater or gateway, it will form a mesh link.

The Meraki documentation says also: “it is not possible to configure a static IP address for a repeater AP; doing so will automatically designate the device as a gateway instead of a repeater”.

Wireless clients

Both gateways and repeaters can serve wireless clients. It is also possible to have multiple gateways in a mesh network, then the Meraki Mesh Algorithm of the repeater will automatically choose the gateway to which it has the strongest connection.

Meraki Mesh Algorithm

As the Meraki Mesh Algorithm is a proprietary protocol, the only documentation I’ve found about it is this:

Meraki devices in a mesh network configuration communicate using a proprietary routing protocol designed by Meraki. This protocol is designed specifically for wireless mesh networking, and accounts for several unique characteristics of wireless networks (including variable link quality caused by noise or multi-path interference, as well as the performance impact of routing traffic through multiple hops). This protocol is also designed to provide ease of deployment while maintaining low channel overhead.

Each AP in the Meraki mesh network constantly updates its routing tables with the optimal path to network gateways. If the ideal path changes due to node failure or route metric, traffic will flow via the best-known path. Data traffic sent between devices in a Cisco Meraki network is encrypted using the Advanced Encryption Standard (AES) algorithm.

Okay, it’s time to make some tests…

First test: AP out-of-the box

First test: one AP is connected to my wired network and working fine.
I take another AP out-of-the-box and connect it to a PoE injector without the link to the wired network:

The wired AP is configured with static channels: 6 for 2.4GHz network and 44 for 5GHz network. I have one open SSID configured: “Meraki-Lab-Test”.

Before enabling the PoE on the new AP, I started Acrylic Wi-Fi to see what’s going on. First surprise, I see my AP broadcasting my open SSID on channels 6 and 44, and I also see a second hidden SSID using a WEP key. Yes, WEP:

This hidden SSID is for the mesh.

Then, I registered the serial number of my new AP on the Meraki Dashboard as part of my network, and I plugged the PoE injector to it.

After around two minutes, I saw that the new AP started broadcasting my guest network; on channel 11 for the 2.4GHz network and 44 on the 5GHz network:

You can see the new AP on top in red, and the wired AP in orange.

Impressive, mesh works out-of-the-box without connected the AP to the wired network!

I also see it in the Meraki Dashboard, as mesh AP:

As you can see, the gateway AP (first) is in full green and the repeater AP (second) is a green circle.

How to monitor the mesh link?

Click on the repeater AP to see more details. On the status page, there is the Current Mesh routes information:

Avg Mbps: 28.3 – This is the average speed of the mesh link.
Avg. metric: 1179 – This is the current metric value of the Mesh algorithm.
There is an information on this if you go over the question mark:
Usage = 100% – The usage of the mesh link.

Then, if you click on the RF tab, you have the information about the Mesh neighbors:

Here at least we can see we are using the 5 GHz channel 44 for the mesh link and the signal “in” is at 47 dB.

Second test: force the channels of the mesh AP to something different

I made another test with the same topology: as the gateway AP channels are 6 and 44, I forced the repeater channels to 11 and 36. Just to see if it accepts this silly configuration, and how we can recover from this without touching the AP or the PoE.

To change the AP channels, go to Wireless > Radio Settings > Click on the AP and change the channels on the right.

First, the AP accepts this configuration and obviously, the mesh link falls. I left it like this for a few minutes, with my Acrylic tool running.

After less than 60 seconds, oh surprise! The repeater AP switched to channel 11 for the 2.4 GHz, but stays on channel 44 for the 5 GHz:

When I check the repeater AP status on the dashboard, it says Channel 11 and 44, despite that I forced him to use channel 36. Interesting, like this the repeater continues to have connectivity to the gateway and to the dashboard. And when I change the configuration back to auto-channel, the repeater start very quickly to advertise the public SSID again. Great!

Third test: two gateways

As I would like to test how the repeater AP is choosing its gateway, I will now use three same AP models: the MR-30H, with this topology:

The AP-1 and AP-2 are connected to the local switch with 100 Mbps links.
AP-1 is forced to use channels 1 and 36, AP-2 is forced to use channels 6 and 40. Both with 50% TX power (9 dBm) and 20 MHz channel width.

AP-3 is a new “out-of-the-box” AP who was never connected to the network. I registered it into the Meraki dashboard, let the channels in auto mode, and plugged the PoE injector. The 3 access-points are in the same room, at around 1 meter (3.2 feet) to each other.

After a while – this time it takes more than 10 minutes – I can see the AP-3 broadcasting my SSID. It chooses the AP-2 as gateway, on the 5 GHz channel 40. The 2.4 GHz channel of AP-3 was automatically set to 11. No surprise here, it works as the previous test.

Now, the real test is to assign the same 5 GHz channel to the two gateways; like this the repeater AP can see two gateways and may switch from one to another if needed. So, I set the channel 36 to the AP 1 and 2.

Very quickly, the AP-3 switched to channel 36 and continues to broadcast the public SSID. The interesting point is from the Mesh neighbors information of the RF tab page of the AP-3; we can see the APs 1 and 2 as mesh neighbors on the channel 36 (see below).
A more strange point, there is also the AP-1 as neighbor on channel 11, despite the fact than AP-1 is forced and using the channel 1.

As you can see, the AP-3 chooses the AP-1 as gateway, but the link quality is lower than the AP-2. But, when I clicked back to the AP summary page, I saw the gateway changed to AP-2. This is very dynamic!

I tried to disconnect the ethernet cable of the AP-2, and then the AP-3 changed immediately the gateway to AP-1 and continues to work as repeater. In a future post, I will make more tests like this to get an idea of the convergence time.

Can we disable the mesh feature?

As I wrote before, this feature is enabled by default. If you look on the dashboard, there is no way to disable it.

Few weeks ago, I asked the Meraki support about it and in fact, there is a hidden setting to disable the mesh totally. So if you ask them, they can allow you to see this into Network-wide > General:

But, this enable or disable the mesh feature for the entire network. You cannot choose to enable or disable it only for a smaller group of AP. Or you have to move these AP to a separate network.

In conclusion

Mesh networking is enable by default on any Meraki access-points and available without any supplementary license.
It works out-of-the-box, of course only if the new AP is able to “see” another wired AP (gateway) on your network.
This is dynamic and automatically chooses the best mesh link to the wired network.
As far as I know, it is not possible to influence which gateway a repeater will connect to, except by setting the frequencies manually on the APs.
For instance, it is not possible to change a mesh link metric, like we do for a routing protocol, to prefer one path on another.

Note: I was using firmware version MR 25.9 for all the tests.

Cookie	Duration	Description
na_id	1 year 1 month	The na_id is set by AddThis to enable sharing of links on social media platforms like Facebook and Twitter.
na_rn	1 month	The na_rn cookie is used to recognize the visitor upon re-entry. It allows to record details on user behaviour and facilitate the social sharing function provided by Addthis.com.
na_sc_e	1 month	The na_sc_e cookie is used to recognize the visitor upon re-entry. It allows to record details on user behaviour and facilitate the social sharing function provided by Addthis.com.
na_sr	1 month	The na_sr cookie is used to recognize the visitor upon re-entry. It allows to record details on user behaviour and facilitate the social sharing function provided by Addthis.com.
na_srp	1 minute	The na_srp cookie is used to recognize the visitor upon re-entry. It allows to record details on user behaviour and facilitate the social sharing function provided by Addthis.com.
na_tc	1 year 1 month	The na_tc cookie is used to recognize the visitor upon re-entry. It allows to record details on user behaviour and facilitate the social sharing function provided by Addthis.com.
ouid	1 year 1 month	Associated with the AddThis widget, this cookie helps users to share content across various networking and sharing forums.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_WCGC2S6DHV	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_111806822_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
u	1 year	This cookie is used by Bombora to collect information that is used either in aggregate form, to help understand how websites are being used or how effective marketing campaigns are, or to help customize the websites for visitors.
uid	1 year 1 month	This is a Google UserID cookie that tracks users across various website segments.

Cookie	Duration	Description
ab	1 year	Owned by agkn, this cookie is used for targeting and advertising purposes.
CMID	1 year	Casale Media sets this cookie to collect information on user behavior, for targeted advertising.
CMPRO	3 months	CMPRO cookie is set by CasaleMedia for anonymous user tracking, and for targeted advertising.
CMPS	3 months	CMPS cookie is set by CasaleMedia for anonymous user tracking based on user's website visits, for displaying targeted ads.
CMST	1 day	Casale Media sets this cookie to collect information on user behavior, for targeted advertising.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
KADUSERCOOKIE	3 months	The cookie, set by PubMatic, registers a unique ID that identifies a returning user's device across websites that use the same ad network. The ID is used for targeted ads.
KTPCACOOKIE	1 day	The cookie, set by PubMatic, registers a unique ID that identifies a returning user's device across websites that use the same ad network. The ID is used for targeted ads.
mc	1 year 1 month	Quantserve sets the mc cookie to anonymously track user behaviour on the website.
pxrc	2 months	This cookie is set by pippio to provide users with relevant advertisements and limit the number of ads displayed.
rlas3	1 year	RLCDN sets this cookie to provide users with relevant advertisements and limit the number of ads displayed.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
uuid	3 months	MediaMath sets this cookie to avoid the same ads from being shown repeatedly and for relevant advertising.