Cisco Meraki MR20

Basic Information

• Model: Cisco Meraki MR20 (MR20-HW)
• Version: 802.11ac Wave 2
• Minimum Requirements: Requires a Meraki cloud license for operation and management. Power is supplied via Power over Ethernet (PoE) (802.3af/at) or an optional 12V DC adapter. A wired internet connection is necessary for initial setup and continuous cloud connectivity.
• Supported Operating Systems: As an access point, it supports client devices running various operating systems. Management is performed through a browser-based Meraki cloud interface.
• Latest Stable Version: Firmware updates are delivered automatically and seamlessly via the Meraki cloud.
• End of Support Date: June 13, 2028.
• End of Life Date: The End-of-Sales Date was June 1, 2023, after which the product is no longer available for purchase. The End-of-Life (EOL) policy typically defines the End-of-Support Date (EOST) as five years following the End-of-Sales Date.
• Auto-update Expiration Date: Firmware updates are provided automatically through the cloud, continuing until the End of Support Date.
• License Type: Requires a Meraki Enterprise Cloud Controller License, which is purchased on a per-device, per-year basis.
• Deployment Model: Cloud-managed access point.

Technical Specifications

• Radios: Dual-band (2.4 GHz and 5 GHz) 2x2:2 MU-MIMO 802.11ac Wave 2.
• Antenna: Integrated omni-directional antennae (5.6 dBi gain at 2.4 GHz, 5.3 dBi gain at 5 GHz).
• Ports: 1x Gigabit Ethernet RJ45 port (supports 802.3at/af PoE), 1x DC power connector (5.5 mm x 2.5 mm, center positive).
• Operating System: Meraki proprietary firmware.
• Dimensions: 7.95” x 4.88” x 1.02” (202 mm x 124 mm x 25.8 mm), excluding deskmount feet or mount plate.
• Weight: 9.6 oz (272 g).

The Cisco Meraki MR20 is a compact and lightweight access point, designed for discreet installation. Its dual-band 802.11ac Wave 2 radios with MU-MIMO support enable efficient wireless connectivity. The single Gigabit Ethernet port simplifies network integration and power delivery via PoE. The integrated omni-directional antennas provide broad coverage suitable for its intended deployment environments.

Support & Compatibility

• Latest Version: Firmware is continuously updated via the Meraki cloud, ensuring the device runs the latest stable software.
• OS Support: Compatible with all client devices supporting 802.11a/b/g/n/ac wireless standards. Management is platform-agnostic through a web browser.
• End of Support Date: June 13, 2028.
• Localization: While the device itself does not have specific localization features, Meraki power adapters and injectors are available for various regions (US/EU/UK/AU).
• Available Drivers: No specific drivers are required for the access point; client devices utilize their own wireless drivers.

The MR20 benefits from Meraki's cloud-managed ecosystem, providing automatic firmware updates and centralized management. Its compatibility extends to a wide range of wireless client devices. The End of Support Date of June 13, 2028, indicates continued support for existing deployments for several years, although the product is no longer sold. Localization primarily applies to power accessories and the cloud management interface.

Security Status

• Security Features: Integrated enterprise security, guest access with one-click isolation, AES hardware-based encryption, WPA2-Enterprise authentication with 802.1X, policy firewall (Identity Policy Manager), built-in Wireless Intrusion Prevention System (WIPS) / Air Marshal for threat detection and remediation, Layer 7 firewall, real-time WIDS/WIPS. Physical security options include security screws, a Kensington lock hard point, and a concealed mount plate with an anti-tamper cable bay. A "Run Dark" mode disables the LED indicator for reduced visibility.
• Known Vulnerabilities: Not explicitly detailed in public documentation, but automatic cloud-based firmware updates are designed to address and patch discovered vulnerabilities promptly.
• Certifications: Not explicitly listed in the provided data, but its "enterprise-grade" designation implies adherence to relevant industry security standards.
• Encryption Support: AES hardware-based encryption, WPA2-Personal (AES), WPA-Personal (TKIP with RC4), Opportunistic Wireless Encryption (OWE).
• Authentication Methods: WPA2-Enterprise with 802.1X, RADIUS authentication, Pre-Shared Key (PSK) for WPA/WPA2-Personal.
• General Recommendations: For optimal security, WPA2-Enterprise with 802.1X authentication is recommended. WEP should only be used if absolutely necessary for legacy client device compatibility.

The Cisco Meraki MR20 offers a robust security posture for its class, integrating multiple layers of protection from advanced encryption and authentication methods to a built-in WIPS. The cloud management ensures continuous security updates, mitigating known vulnerabilities. Its features are well-suited for securing small business and home office networks.

Performance & Benchmarks

• Benchmark Scores: Specific numerical benchmark scores are not publicly detailed.
• Real-world Performance Metrics: Achieves an aggregate dual-band frame rate of up to 1.3 Gbps, with up to 866 Mbps in the 5 GHz band and 400 Mbps in the 2.4 GHz band. Supports Multi-User Multiple Input, Multiple Output (MU-MIMO) for efficient simultaneous communication with multiple client devices. Features application-aware traffic shaping and Quality of Service (QoS) policies based on traffic type.
• Power Consumption: Maximum 11 W (802.3af PoE).
• Carbon Footprint: Information not publicly available.
• Comparison with Similar Assets: The MR20 is an entry-level model, designed for very low-density deployments. Higher-end models like the MR33 offer additional features such as a dedicated scanning radio and Bluetooth radio, providing better performance in denser RF environments. The MR20 has been superseded by the MR28, which supports Wi-Fi 6.

The MR20 delivers solid performance for its intended use case, providing up to 1.3 Gbps aggregate throughput with 802.11ac Wave 2 and MU-MIMO. Its power consumption is low, making it energy-efficient. While it excels in basic, low-density environments, its performance is surpassed by newer Wi-Fi 6 models and higher-tier Meraki access points in more demanding scenarios.

User Reviews & Feedback

User feedback consistently highlights the Cisco Meraki MR20's ease of deployment and management as a significant strength. The intuitive, browser-based Meraki cloud interface allows for rapid setup, real-time monitoring, and automatic firmware updates, making it particularly appealing for small businesses and home offices without dedicated IT staff.

Strengths often cited include its enterprise-grade security features, reliable Wi-Fi connectivity, and cost-effectiveness for basic networking needs. Users appreciate the integrated security measures like WIPS and guest isolation.

Weaknesses typically revolve around its entry-level positioning. It is designed for "very low-density deployments" and "low-to-moderate RF traffic environments," meaning it may not perform optimally in crowded wireless spaces or for applications requiring a dedicated scanning radio or Bluetooth, features found in more advanced Meraki models. The product's End-of-Sale status is also a consideration for new deployments.

Recommended use cases include small office/home office (SOHO) setups, small businesses, and environments requiring basic, reliable, and secure cloud-managed Wi-Fi without high-density client requirements.

Vulnerabilities

• CVE-2020-26141
  Published: 2021-05-11 - Updated: 2022-04-22 - CVSS: 6.5 - EPSS: 0.28%
  An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
• CVE-2020-26140
  Published: 2021-05-11 - Updated: 2022-09-03 - CVSS: 6.5 - EPSS: 0.34%
  An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
• CVE-2020-26139
  Published: 2021-05-11 - Updated: 2022-09-30 - CVSS: 5.3 - EPSS: 0.41%
  An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
• CVE-2020-24588
  Published: 2021-05-11 - Updated: 2023-04-01 - CVSS: 3.5 - EPSS: 0.51%
  The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
• CVE-2020-24587
  Published: 2021-05-11 - Updated: 2023-04-01 - CVSS: 2.6 - EPSS: 0.42%
  The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

View more

Summary

The Cisco Meraki MR20 is a dual-band 802.11ac Wave 2 cloud-managed access point designed for entry-level enterprise wireless connectivity in small business and home office environments. Its primary strengths lie in its unparalleled ease of deployment and management through the intuitive Meraki cloud dashboard, which provides automatic firmware updates, real-time monitoring, and diagnostic tools. The MR20 offers robust enterprise-grade security features, including AES hardware-based encryption, WPA2-Enterprise authentication, a policy firewall, and a built-in Wireless Intrusion Prevention System (WIPS) with Air Marshal, ensuring secure and reliable Wi-Fi. It delivers an aggregate dual-band frame rate of up to 1.3 Gbps with MU-MIMO support, providing efficient performance for low-to-moderate density client environments.

However, its main limitation is its design for "very low-density deployments," meaning it may not be suitable for high-traffic or complex RF environments where more advanced features like a dedicated scanning radio or Bluetooth are beneficial. The MR20 has reached its End-of-Sales Date (June 1, 2023), with End-of-Support scheduled for June 13, 2028, indicating that while existing units will continue to be supported, it is no longer available for new purchases. For new deployments, the Wi-Fi 6-enabled MR28 is the recommended replacement.

Overall, the MR20 is an excellent choice for organizations seeking a straightforward, secure, and reliable cloud-managed Wi-Fi solution for basic connectivity needs, particularly where ease of management and strong security are priorities in a low-density setting. For future-proofing and higher performance requirements, especially in new installations, considering its successor or higher-tier models is advisable.

Information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.