Cisco Meraki MR36

Basic Information

The Cisco Meraki MR36 is a cloud-managed 802.11ax (Wi-Fi 6) access point designed for enhanced wireless performance and efficiency in various enterprise environments.

• Model: MR36 (MR36-HW)
• Version: Cloud-managed, with firmware automatically updated.
• Release Date: February 2020.
• Minimum Requirements: Requires 802.3af Power over Ethernet (PoE) or a 12V DC power input (power accessories sold separately). An active Cisco Meraki license is mandatory for operation and cloud management.
• Supported Operating Systems: Management is performed through the browser-based Meraki cloud dashboard, making it compatible with any operating system that supports a modern web browser.
• Latest Stable Version: Firmware is automatically updated via the Meraki cloud, ensuring the device always runs the latest stable version with new features, bug fixes, and security enhancements.
• End of Support Date: July 21st, 2026.
• End of Life Date: The product's lifetime concludes concurrently with its End-of-Support date.
• Auto-update Expiration Date: Auto-updates are tied to the active Meraki license. Firmware updates and security patches are delivered seamlessly as long as the license is valid.
• License Type: Requires an active Cisco Meraki license, available in Enterprise or Advanced tiers, with terms ranging from 1 to 10 years.
• Deployment Model: Cloud-managed, enabling rapid deployment and remote management without on-site IT staff.

Technical Specifications

The MR36 is engineered for high-performance wireless connectivity and efficient operation in indoor environments.

• Ports: 1 x 1 Gigabit Ethernet (RJ45) port, 1 x DC power jack.
• Operating System: Embedded Meraki OS, managed entirely through the cloud-based Meraki dashboard.
• Dimensions: 9.84” x 4.72” x 1.42” (25 cm x 12 cm x 3.6 cm), excluding mounting hardware.
• Weight: 17.35 oz (492 g).
• Wi-Fi Standards: 802.11ax (Wi-Fi 6) with 2x2:2 MU-MIMO and OFDMA support.
• Radios:
  • 2.4 GHz 802.11b/g/n/ax client access radio.
  • 5 GHz 802.11a/n/ac/ax client access radio.
  • Dedicated 2.4 GHz & 5 GHz dual-band WIDS/WIPS, spectrum analysis, and location analytics radio.
  • Dedicated 2.4 GHz Bluetooth Low Energy (BLE) radio for beaconing and scanning.
  • All four radios operate concurrently.
• Antenna: Internal antennas with 5.4 dBi gain for 2.4 GHz and 6 dBi gain for 5 GHz.
• Power: IEEE 802.3af PoE compatible, or 12V DC input. Maximum power consumption is 15W.

Analysis of Technical Specifications: The MR36's technical specifications highlight its focus on modern Wi-Fi 6 capabilities, including MU-MIMO and OFDMA, which are crucial for efficient data transmission in environments with many connected devices. The inclusion of dedicated radios for security (WIDS/WIPS) and Bluetooth (BLE) ensures that these functions operate without impacting client data throughput, a significant advantage for performance and specialized applications like IoT and asset tracking. Its compact form factor and PoE support simplify deployment in various indoor settings. The internal antenna design provides a clean aesthetic while offering robust signal coverage. The power consumption is typical for an enterprise-grade access point, with flexibility for PoE or DC power sources.

Support & Compatibility

The Cisco Meraki MR36 benefits from Meraki's comprehensive cloud-managed support ecosystem.

• Latest Version: Firmware is automatically updated via the Meraki cloud, ensuring continuous access to the latest features and security patches.
• OS Support: The Meraki dashboard, used for managing the MR36, is web-based, making it accessible from any modern operating system via a web browser.
• End of Support Date: July 21st, 2026.
• Localization: The Meraki dashboard supports multiple languages for global accessibility.
• Available Drivers: Not applicable, as firmware updates are automatic and cloud-managed, eliminating the need for manual driver installations.
• Compatibility:
  • Backward compatible with older Wi-Fi standards including 802.11a/b/g/n/ac.
  • Integrates natively with Meraki Systems Manager for Enterprise Mobility Management (EMM) and Mobile Device Management (MDM).
  • Supports integration with SES-imagotag Electronic Shelf Labels (ESL).

Analysis of Overall Support & Compatibility Status: The MR36 offers a robust support and compatibility profile, primarily driven by its cloud-managed architecture. Automatic firmware updates and a web-based management interface simplify maintenance and ensure broad compatibility across various client devices and management platforms. The defined End of Support date provides a clear lifecycle for planning. Its backward compatibility with older Wi-Fi standards ensures seamless integration into existing network infrastructures, while specialized integrations like ESL support extend its utility in specific business contexts. The lack of traditional drivers is a benefit of its cloud-managed nature, reducing operational overhead.

Security Status

The Cisco Meraki MR36 incorporates a suite of integrated security features designed for enterprise-grade protection.

• Security Features:
  • Integrated Layer 7 firewall with mobile device policy management.
  • Real-time Wireless Intrusion Detection System/Prevention System (WIDS/WIPS) with Air Marshal for rogue AP containment.
  • Flexible guest access with device isolation.
  • VLAN tagging (802.1q) and IPsec VPN tunneling.
  • PCI compliance reporting.
  • AES hardware-based encryption.
  • Enterprise authentication with 802.1X and Active Directory integration.
  • Integration with Meraki Systems Manager for EMM/MDM context-aware security.
  • Application-aware traffic shaping for granular control.
  • Cisco ISE integration for guest access and BYOD posturing.
• Known Vulnerabilities: No specific known vulnerabilities are publicly highlighted for the MR36, as Meraki's cloud management ensures continuous, automatic security updates and patches.
• Blacklist Status: Not applicable for an access point.
• Certifications: FCC, CE, RCM.
• Encryption Support: WEP, WPA, WPA2-PSK, WPA2-Enterprise with 802.1X, WPA3-Personal, WPA3-Enterprise, WPA3-Enhanced Open (OWE). Supports TKIP and AES encryption.
• Authentication Methods: EAP-TLS, EAP-TTLS, EAP-MSCHAPv2, EAP-SIM, 802.1X, Active Directory integration, Pre-Shared Key (PSK).
• General Recommendations: While the MR36 provides robust built-in security, it is recommended to implement strong SSID policies, leverage guest isolation, integrate with existing authentication systems (like Active Directory or RADIUS), and regularly review PCI compliance reports to maintain a secure wireless environment.

Analysis on the Overall Security Rating: The Cisco Meraki MR36 offers a high level of enterprise-grade security, largely due to its cloud-managed nature and integrated features. The dedicated security radio provides continuous WIDS/WIPS without impacting performance, a critical advantage for proactive threat detection and containment. Support for the latest WPA3 encryption standards and various enterprise authentication methods ensures secure client connectivity. The Layer 7 firewall and EMM/MDM integration provide granular control and context-aware security policies. Automatic firmware updates mitigate known vulnerabilities promptly, contributing to a strong overall security posture.

Performance & Benchmarks

The MR36 is designed for high throughput and efficient performance in typical indoor enterprise settings.

• Benchmark Scores:
  • Maximum aggregate frame rate: 1.5 Gbps.
  • 5 GHz band maximum throughput: 1,201 Mbps.
  • 2.4 GHz band maximum throughput: 286 Mbps.
• Real-world Performance Metrics:
  • Supports higher client density due to technologies like transmit beamforming and enhanced receive sensitivity.
  • Optimized for voice and video applications, ensuring quality of service for latency-sensitive traffic.
  • Utilizes MU-MIMO and OFDMA for more efficient simultaneous transmission to multiple clients, improving overall network performance and user experience.
• Power Consumption: Maximum 15W (802.3af PoE). Typical power consumption is between 7-10W when not powering other PoE devices.
• Carbon Footprint: Specific carbon footprint data for the MR36 is not publicly available.
• Comparison with Similar Assets: The MR36 is ideal for low-to-moderate density deployments such as typical office floors and retail spaces. For very high-density locations (e.g., large auditoriums), other models like the MR44 or MR46, which offer more radio streams and higher peak throughput, are recommended.

Analysis of the Overall Performance Status: The Cisco Meraki MR36 delivers strong performance for its intended use cases, leveraging Wi-Fi 6 technologies like MU-MIMO and OFDMA to provide efficient and high-throughput wireless connectivity. Its aggregate frame rate of 1.5 Gbps is suitable for environments with a moderate number of concurrent users and bandwidth-intensive applications. The optimization for voice and video traffic ensures a reliable experience for critical communications. While not designed for extreme high-density scenarios, its performance characteristics make it an excellent choice for a wide range of enterprise indoor deployments. Power consumption is efficient, especially considering its feature set.

User Reviews & Feedback

User feedback for the Cisco Meraki MR36 generally highlights its ease of deployment and robust feature set, typical of Meraki products.

• Strengths:
  • Ease of Management: Users consistently praise the intuitive, browser-based Meraki cloud dashboard for rapid deployment, zero-touch provisioning, and simplified ongoing management.
  • Automatic Updates: The automatic firmware updates, including bug fixes and security enhancements, are highly valued for reducing IT overhead and ensuring continuous security.
  • Performance: High throughput and enterprise-grade security are frequently cited, with specific appreciation for the dedicated security radio that maintains WIDS/WIPS functionality without impacting client performance.
  • Integrated Features: The integrated Bluetooth for IoT, asset tracking, and mobile engagement, along with optimization for voice and video, are seen as valuable additions.
  • Reliability: The lifetime hardware warranty (with an active license) provides peace of mind for long-term investment.
• Weaknesses:
  • Licensing Requirement: The mandatory active license for operation, with the device ceasing to function upon license expiration, is a common point of concern for some users regarding ongoing costs and vendor lock-in.
  • Density Limitations: While excellent for moderate densities, some feedback suggests that for extremely high-density environments (e.g., large public venues), higher-end models like the MR44 or MR46 might be more appropriate.
  • Separate Power Purchase: The need to purchase power adapters or PoE injectors separately can be an minor inconvenience.
• Recommended Use Cases: The MR36 is highly recommended for offices, schools, hospitals, retail stores, hotels, and other SMB environments requiring reliable, secure, and easily manageable Wi-Fi 6 connectivity. It excels in environments with numerous mobile devices and applications demanding consistent bandwidth.

Vulnerabilities

• CVE-2020-26141
  Published: 2021-05-11 - Updated: 2022-04-22 - CVSS: 6.5 - EPSS: 0.28%
  An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
• CVE-2020-26140
  Published: 2021-05-11 - Updated: 2022-09-03 - CVSS: 6.5 - EPSS: 0.34%
  An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
• CVE-2020-26139
  Published: 2021-05-11 - Updated: 2022-09-30 - CVSS: 5.3 - EPSS: 0.41%
  An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
• CVE-2020-24588
  Published: 2021-05-11 - Updated: 2023-04-01 - CVSS: 3.5 - EPSS: 0.51%
  The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
• CVE-2020-24587
  Published: 2021-05-11 - Updated: 2023-04-01 - CVSS: 2.6 - EPSS: 0.42%
  The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

View more

Summary

The Cisco Meraki MR36 is a robust, cloud-managed Wi-Fi 6 (802.11ax) access point that sets a high standard for wireless performance and operational simplicity in enterprise settings. Its key strengths lie in its intuitive cloud management, which enables zero-touch provisioning and automatic, continuous firmware and security updates, significantly reducing IT administrative burden. The MR36 delivers strong performance with an aggregate throughput of 1.5 Gbps, supported by MU-MIMO and OFDMA for efficient handling of multiple clients and optimized for latency-sensitive applications like voice and video. Security is a paramount feature, with a dedicated radio for 24/7 WIDS/WIPS, comprehensive encryption (including WPA3), integrated Layer 7 firewall, and extensive authentication options. The inclusion of a dedicated Bluetooth Low Energy radio further enhances its utility for IoT and location-based services.

However, potential considerations include the mandatory active Meraki license, without which the device ceases to function, representing an ongoing operational cost. While excellent for low-to-moderate density environments, it may not be the optimal choice for extremely high-density deployments, where other Meraki models might offer superior performance. The End of Support date of July 21st, 2026, provides a clear lifecycle for planning future upgrades.

Overall, the Cisco Meraki MR36 is an outstanding choice for organizations seeking a high-performance, secure, and easily manageable Wi-Fi 6 solution for offices, schools, healthcare facilities, and retail environments. Its cloud-centric design simplifies deployment and maintenance, making it particularly appealing for distributed networks or organizations with limited on-site IT resources. It offers a compelling balance of features, performance, and security for modern wireless networking needs.

Information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.